IPS IPS Community Suite 4.7.19 Nulled

This is a maintenance release to resolve the following issues:

• Permission matrix can show incorrect permissions when using the Member > Group permission tool.
• Using Authorize.Net Payment Gateway may result in an error.
• A logged in member without a valid timezone set will trigger exceptions any time another members age is checked.
• Where the upgrader can result in a fatal error due to an invalid class stored for a Pages record comment.
• An upgrade error where reports are loaded for Pages databases that no longer exist.
• Orphaned comments trigger an exception when search index is rebuilding.
• An exception can occur continued upgrades: DateTime::setTimestamp() expects parameter 1 to be long, object given.
• Recursion can occur if the core_log table doesn't exist yet (as happens during auto upgrade).
• An issue where importing a theme can break CSS.
• MySQL strict mode upgrade to 4.1.12 can fail.
• Installing a new plugin via theACPcan fail.

As part of our ongoing internal security audit, this release also improves security in the following areas:

• Possible XSS in the "hovercard" system.
• Further hardening to the insecure file upload code.

This is a small maintenance release to fix a few issues reported in 4.1.10. In addition to bug fixes and performance improvements, it includes following new/changed features:

• Integration with SparkPost replaces Mandrill for optional email service as Mandrill is stopping their current service toward the end of April.
• Questions in Question and Answer forums can now be sorted by most votes.
• The "All Activity" activity stream now has an RSS feed.
• The filter bar at the top of the activity stream no longer sticks to the stop of the screen when scrolling.
• If you receive a browser notification your notification menu will now reload to get the latest notification.
• More consistent visual feedback when a post submit or edit is processing to reduce duplicates.
• Sidebar widgets now how rounded corners to match rest of Suite.
• Recaptcha style is now a per-theme setting.
• You can now set which theme should be the default for the AdminCP separate to which should be the default for the front-end.

Important Note
This is the last release that will support PHP 5.4 as it is end of life and no longer supported by PHP.
Please also note that PHP 5.5 goes full end of life in July 2016 so you should look into upgrading if your web host is using outdated versions. We will not immediately stop supporting PHP 5.5 in July but it may follow soon after.
Additional Information

Important Fixes
In addition to many smaller bug fixes and performance improvements, the following important fixes are included:

• Guests were able to create streams.
• Logging into the AdminCP using Microsoft Sign In wasn't working.
• Pas were missing from the report center.
• In some circumstances, "0" would be removed from post content.
• MySQL 5.7 could throw an error when trying to clear out sessions.
• A recent Chrome update caused ACP search results to not display.
• Replying to support requests on an iPad wasn't working in some circumstances.

Security Fixes
We are engaging in a third-party security audit of IPS Community Suite so you can expect the next few releases to contain a lot of security hardening. Many of these issues are not critical but we do still want to get the updates to you. This release includes fixes for several security issues:

1. Several CSRF vulnerabilities - most importantly on the process for associating OAuth sign-ins (Facebook, Twitter, etc.) with an account, meaning a malicious user could associate their own OAuth sign-in with another user's account.
2. A session-hijacking vulnerability where after a login key is reset (such as after a password) since a new key is not immediately generated, the account was vulnerable to hijacking until they sign in again.
3. A bug which meant the names of forums or other nodes a user did not have permission to access may have been exposed by accessing a particular URL.
4. Several XSS vulnerabilities meaning if a malicious user could convince another user to perform particular steps, limited arbitrary JavaScript could be executed.
5. A vulnerability where if using the "Download Member List" feature and opening the file with certain applications, malicious user data could cause expressions to be evaluated.

And several security improvements:

1. Any existing sessions for a member are now cleared if they change their password, meaning users signed in on multiple devices will need to sign in again after a password change.
2. A more secure hash generation algorithm is now used for login keys.

Information for 3rd party developers

• ModCpMemberManagement can now return NULL to not display the tab.
• CKEditor has been updated to 4.5.8.

This is a maintenance release to fix reported issues.
Please note that in this release we have updated the copyright data in many source files. This means that if you are upgrading through the Admin CP the update will take slightly longer to download and extract than normal.
Additional Information
In addition to general bug fixes and performance improvements:
E_STRICT errors are now ignored.
Improvements to Easy Mode theme editing allowing navigation colours to be adjusted.
Added a setting to control if users creating an account as part of Commerce checkout should validate.
Minor UI improvements to AdminCP support request view in Commerce.
Updated the copyright data in source file headers.

A cross-site-scripting (XSS) issue was discovered related to image notes in Gallery and was patched in this release. We would like to thank newbie_LAC for responsibly reporting this issue to us.

IPS_4.0.4_Release.