903: Fatal error on Windows servers- mysql_init failure
909: securityoptions differences between 5.02 and 5.03
1003: fscopy on a directory doesn't act as expected
1015: Directories created by streaming updates have no access to others
1446: crypto_sha1 may return sha1 hash of undefined value
1565: EULAs in VM and compiler software need updating.
1659: Insufficient feedback for disk space errors.
1805: Packaged certificate files are out of date
1916: MySQL: unsupported buffer type error
1934: Does our ROUND operator employ banker's rounding?
2368: Add array sort function to the language
3739: Drop table fails to drop index
4199: Product sorting bug reported by partner hosts
4519: limitation on number of stores
4535: engine crashes when calling crypto_md5_file on certain files
4536: Query causing engine crash with MivaSQL db library
4622: Expressions in MvDO parsed differently than other expressions
4626: MvCAPTURE does not properly terminate its result.
4672: Scripts cannot capture/handle MvCALL timeouts
4673: tar_create output cannot be opened in WinRAR or 7-Zip
4678: URLs bleed through SMT mvt:comment tags
4679: Template Compiler generates debugging files in production version
4687: File upload corrupts data when a line begins with "--"
4701: Template compiler reports error when ampersand used in param
4783: decimal fields are bound as type "unknown" when connecting to 5.0 or 5.1
4785: Storemorph won't display global array variables.
4803: Crash when ALTER TABLE is used on a previously referenced table
4930: Template Compiler outputs incorrect lineno instructions
4933: CGI temporary directory uses data directory configuration settings
4934: UNIXFileManager::DirectoryListing leaks DIR handles
4945: Engine capture mechanism should not fail on setuid during restore
4947: UNIXFileManager::ModifiedTime uses lstat(), not stat()
4950: 3.x API supports "commerce" path, 5x API does not
4957: MvPOP uses MakeTemporary inefficiently
4959: MvLOCALIZED always outputs the first language encountered
4960: TaggedFile::Section_Read[_Start]() return values are improperly handled
4962: NetworkConnection SSL certificate handling needs to be revamped
4964: Encoded filenames in open errors leak memory
4965: Session IDs are not sufficiently random
4968: MvCALL TIMEOUT attribute leaks into subsequent MvCALLS
4969: Network reads should never have an infinite timeout
4970: Multiple CRYPT operations in the same expression get the same value
4972: Buffer overflow in MvPOP
4973: MvPOP gets stuck in an infinite loop when the server terminates the connection
4978: tar_create crashes when the source directory does not exist and compression is enabled
4980: Win32 packaging and branding requires update
4983: Template Compiler gets confused by mismatched quotes
4984: Template Compiler misbehaves when semicolon omitted from mvt entity
5006: CGI VM won't handle ";" in content type for posted form data
5009: Non-Miva files having their size reported incorrectly.
5010: Entering a slash after the filename outputs compiler code in the main window
5012: Order Management feature is intermittently not loading some order data in Mia
5036: Entities preceeded by empty/self closed tags are not interpreted
5073: Column reference validation errors are reported as blank in some cases
5075: GROUP BY is incorrectly applied when also using UNION
5078: File descriptor leak in MvOPENVIEW/MvCLOSEVIEW
5115: Alter table in MivaSQL can lose all data in the table
5203: MivaApplication::DecodeAttributes generates invalid characters when given invalid input
5221: Passing a non-array to the glosub_array "replace" parameter crashes
5281: mktime_t does not return -1 when given an invalid date
5325: time_t functions have no ability to properly account for daylight savings time
5532: Network::OpenURL() (MvCALL) does not handle network write errors
5542: Admin secure redirect does not work on IIS
5571: xml_parse terminates in-progress xml_parse_section
5576: xml_parse_section_[get|set]state cause segfault if used immediately after xml_parse_section_init()
5578: MivaApplication::itos with INT_MIN overwrites memory and crashes
5579: MivaApplication::dtos does not handle NaN or Infinity correctly
5580: Crash when making a variable a reference to one of its children
5581: Whitespace compression fails to suppress blank first line
5584: MvLOCALIZED uses primary language when attempting to fall back to default language
5592: MvCALL only supports HTTP GET, HEAD and POST methods
New Builtin Functions
- xml_parse_var( var var, output var )
- xml_parse_set_colon_replacement( colon )
- miva_struct_members( aggregate var, members var )
- miva_array_sort( aggregate var, callback, data var )
- miva_array_min( aggregate var )
- miva_array_next( aggregate var, index )
- miva_array_previous( aggregate var, index )
- miva_template_compile_itemlist( signat, source var, sourceitems var, target, errors var )
- miva_template_compile_dump( source var, errors var )
- All builtin time functions which accept a "timezone" parameter (mktime_t(), time_t_year(), etc...) now accept the string value
"local" for this parameter, which allows the underlying operating system to apply daylight savings time rules for the current
- New system logging functions have been implemented for both Windows and UNIX hosts. On Windows, log messages are written
to the event log. On UNIX, log messages are sent to the syslog facility:
miva_openlog( ident, logopt, facility )
miva_setlogmask( maskpri )
miva_writelog( priority, message )
- All libgd 2.x functions are now supported. The builtin functions are also compatible with GD 1.x installations, in which case
2.x specific functions will fail gracefully:
gdImageCreate( sx, sy )
gdImageCreateTrueColor( sx, sy )
gdImageCreateFromPng( filename, location )
gdImageCreateFromGif( filename, location )
gdImageCreateFromWBMP( filename, location )
gdImageCreateFromJpeg( filename, location )
gdImageCreateFromGd( filename, location )
gdImageCreateFromGd2( filename, location )
gdImageCreateFromGd2Part( filename, location, srcx, srcy, w, h )
gdImageDestroy( im )
gdImageSetPixel( im, x, y, color )
gdImageGetPixel( im, x, y )
gdImageGetTrueColorPixel( im, x, y )
gdImageAABlend( im )
gdImageLine( im, x1, y1, x2, y2, color )
gdImageDashedLine( im, x1, y1, x2, y2, color )
gdImageRectangle( im, x1, y1, x2, y2, color )
gdImageFilledRectangle( im, x1, y1, x2, y2, color )
gdImageSetClip( im, x1, y1, x2, y2 )
gdImageGetClip( im, x1P var, y1P var, x2P var, y2P var )
gdImageBoundsSafe( im, x, y )
gdImageStringFT( im, brect var, fg, fontlist, ptsize, angle, x, y, string )
gdImagePolygon( im, points var, n, color )
gdImageOpenPolygon( im, points var, n, color )
gdImageFilledPolygon( im, points var, n, color )
gdImageColorAllocate( im, r, g, b )
gdImageColorAllocateAlpha( im, r, g, b, a )
gdImageColorClosest( im, r, g, b )
gdImageColorClosestAlpha( im, r, g, b, a )
gdImageColorClosestHWB( im, r, g, b )
gdImageColorExact( im, r, g, b )
gdImageColorExactAlpha( im, r, g, b, a )
gdImageColorResolve( im, r, g, b )
gdImageColorResolveAlpha( im, r, g, b, a )
gdImageColorDeallocate( im, color )
gdImageCreatePaletteFromTrueColor( im, ditherFlag, colorsWanted )
gdImageTrueColorToPalette( im, ditherFlag, colorsWanted )
gdImageColorTransparent( im, color )
gdImagePaletteCopy( dst, src )
gdImagePng( im, filename, location )
gdImageGif( im, filename, location )
gdImageWBMP( im, fg, filename, location )
gdImageJpeg( im, filename, location, quality )
gdImageGifAnimBegin( im, filename, location, GlobalCM, Loops )
gdImageGifAnimAdd( im, out, LocalCM, LeftOfs, TopOfs, Delay, Disposal, previm )
gdImageGifAnimEnd( out )
gdImageFilledArc( im, cx, cy, w, h, s, e, color, style )
gdImageArc( im, cx, cy, w, h, s, e, color )
gdImageEllipse( im, cx, cy, w, h, color )
gdImageFilledEllipse( im, cx, cy, w, h, color )
gdImageFillToBorder( im, x, y, border, color )
gdImageFill( im, x, y, color )
gdImageCopy( dst, src, dstX, dstY, srcX, srcY, w, h )
gdImageCopyMerge( dst, src, dstX, dstY, srcX, srcY, w, h, pct )
gdImageCopyMergeGray( dst, src, dstX, dstY, srcX, srcY, w, h, pct )
gdImageCopyResized( dst, src, dstX, dstY, srcX, srcY, dstW, dstH, srcW, srcH )
gdImageCopyResampled( dst, src, dstX, dstY, srcX, srcY, dstW, dstH, srcW, srcH )
gdImageCopyRotated( dst, src, dstX, dstY, srcX, srcY, srcWidth, srcHeight, angle )
gdImageSetBrush( im, brush )
gdImageSetTile( im, tile )
gdImageSetAntiAliased( im, c )
gdImageSetAntiAliasedDontBlend( im, color, dont_blend )
gdImageSetStyle( im, style var, n )
gdImageSetThickness( im, thickness )
gdImageInterlace( im, interlaceArg )
gdImageAlphaBlending( im, alphaBlendingArg )
gdImageSaveAlpha( im, saveAlphaArg )
gdImageCompare( im1, im2 )
gdTrueColor( r, g, b )
gdTrueColorAlpha( r, g, b, a )
gdImageTrueColor( im )
gdImageSX( im )
gdImageSY( im )
gdImageColorsTotal( im )
gdImageRed( im, c )
gdImageGreen( im, c )
gdImageBlue( im, c )
gdImageAlpha( im, c )
gdImageGetTransparent( im )
gdImageGetInterlaced( im )
gdImagePalettePixel( im, x, y )
gdImageTrueColorPixel( im, x, y )
gdImageSquareToCircle( im, radius )
gdImageStringFTCircle( im, cx, cy, radius, textRadius, fillPortion, font, points, top, bottom, fgcolor )
gdImageSharpen( im, pct )
- mvFile_Resolve has been deprecated as there is no secure way to resolve a path and then separately open it without introducing
a race condition that could allow an application to break out of the sandbox.
- New functions have been added to access the new system library registry:
mvSystemLibrary mvProgram_SystemLibrary( mvProgram program, const char *code );
void *mvSystemLibrary_GetFunction( mvSystemLibrary library, const char *function_name );
const char *mvSystemLibrary_Error( mvProgram program, mvSystemLibrary library, int *error_length );
- The configuration API version has been changed (to 2), and a new function, load_script_config_v2( mvConfig, void **, const char *, mvFile )
now replaces load_script_config. Version 1 configuration libraries that provide load_script_config() will no longer function.
- A new compiler option, -O , performs basic obfuscation of string constants by splitting them into chunks long. After splitting,
duplicate chunks are "compressed" (not repeated) when written to the output .mvc file.
- A new compiler option, -d, causes the compiler to output pseudo-C code suitable for use with Doxygen for generating automated documentation.
- The compiler no longer requires license validation.
- Support for the ODBC database connector has been dropped.
- MvREFERENCEARRAY now correctly applies its aggregate tags (MvDIMENSION, MvMEMBER) to the variable specified by the VARIABLE attribute,
rather than the destination variable specified by NAME.
- The MySQL connector library now automatically reestablishes connections that were lost while a long running SQL statement was in progress
on a secondary connection.
- The MySQL connector library now uses less memory when dealing with resultsets with multiple BLOB columns.
- On UNIX, the engine may now be configured to capture and replay requests, for debugging purposes. Two configuration settings control this option:
Environment Based Configuration:
When configured, if the specified trigger file exists, the engine will dump its input state into a file created using the prefix specified by the
capture file option. The capture files may then be replayed from the commandline by appending the "-c " parameters. For example:
$ /var/www/cgi-bin/mivavm -c /tmp/capture001
- The MySQL connector library now properly calls my_init(), which should resolve most multithreading issues that occured on Windows platforms.
- Support for the Authorize.Net commerce library has been dropped.
- The tag now supports attribute IDENT, which may be used to add rcs-style ident tags to compiled MivaScript files
- Newly created MivaSQL databases now support table and index names up to 64 characters long.
- The file management code that maintains the script and data directory sandbox has been completely rewritten to eliminate race conditions
and restore proper functionality when handling symbolic links. The existing functionality was broken in v5.03.
- Files created by the engine now properly apply umask.
- MvLOCALIZED support in previous versions was completely broken. The new version restores the 3.x functionality. Scripts compiled with pre-5.07
compilers which make use of MvLOCALIZED will have to be recompiled using 5.07 in order to function properly.
- Network operations which have their own configurable timeouts (MvCALL, MvSMTP, etc...) now use the global timeout if no operation-specific
timeout is specified.
- Implemented proper timeout handling for MvSMTP and MvCALL.
- Network protocols that need to read a line of input at a time (SMTP, POP, HTTP, etc...) now do so much more efficiently.
- MakeSessionID() now generates statistically more random session identifiers.
- ROUND operations now truly use banker's rounding. In previous versions, a banker's rounding algorithm was applied, but would sometimes fail
to produce the expected result due to inaccuracies inherent in floating point numbers. The new system applies correction code for these
inaccuracies prior to performing the rounding.
- The template compiler has been completely rewritten to fix a large number of parser related bugs.
- A new system library registration mechanism has been added. Presently, this mechanism is only used to locate an installation of libgd for the
GD builtin functions:
The library registration dialog now supports a "System" library type.
Environment Based Configuration:
- Builtin functions have been added implementing all libgd 2.x functionality.
- When running under IIS, the engine now properly detects and manages mismatches between an IIS virtual directory path and the configured Miva root
- A new DWORD registry setting "maxdocache" allows configuration of the maximum number of MvDO'd files to be cached on Win32. This setting is not
exposed through the user interface.
- Handling of INFINITY, NaN, and values larger than INT_MAX or smaller than INT_MIN is now uniform between Windows and UNIX platforms.
- MvCALL now supports additional METHOD values "OPTIONS", "PUT", "DELETE", "TRACE", and "CONNECT". Data handling for these action values is
identical to "RAW".