forked from dapphp/securimage
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCHANGES
180 lines (148 loc) · 8.42 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
CHANGES
4.0.2
- Merge changes from master branch release 3.6.8
4.0.1
- Increase captcha difficulty
- Add setting "use_text_angles". Enable to select a random angle and step value and draw each character at an angle in a step like fashion
- Add setting "use_random_spaces". Enable to insert 1-3 spaces between a random group of letters some of the time
- Add setting "use_random_baseline". Enable to draw letters at a random height instead of centered. Each character's baseline is a step up or down from the previous (not totally random)
- Add setting "use_random_boxes". Enable to draw a bounding box around one or more characters at random
- Improve performance of captcha generation when using distortion (perturbation) and noise (noise_level)
- Enable image anti-aliasing
- Make all text functions multibyte safe when using UTF-8 or other encodings for charsets and wordlists (using mbstring)
- Deprecate background images. May be removed in future version or limited to special use
- Fix code display issue when using a math captcha that was re-displayed after being retrieved from a StorageAdapter
4.0.0
- REMOVE namespaces (everything is tied to a captcha ID now)
- Implement StorageAdapter interface
- Move session and database storage into StorageAdapters
- Add memcached StorageAdapter (requires PHP extension memcached)
- Add Redis StorageAdapter (requires PHP extension Redis [https://github.com/phpredis/phpredis])
- REMOVE options use_sqlite_db and sqlite_database (deprecated since 3.2 RC4)
- REMOVE database options from class (options are now defined in config.inc.php)
- REMOVE Flash audio playback and Flash fallback
- REMOVE "static captcha" functionality (getCaptchaId and checkByCaptchaId)
- REMOVE SoX audio manipulation from PHP via shell_exec
3.6.6
- Not critical: Fix potential HTML injection in example form via HTTP_USER_AGENT (CVE-2017-14077)
3.6.5
- Fix regex in replaceElements in securimage.js
- Update examples
- Exclude certain examples from Git autogenerated archives
3.6.4
- Fix XSS vulnerability in example_form.ajax.php (Discovered by RedTeam. advisory rt-sa-2016-002)
- Update example_form.ajax.php to use Securimage::getCaptchaHtml()
3.6.3
- Add support for multibyte wordlist files
- Fix code generation issues with UTF-8 charsets
- Add parameter to getCaptchaHtml() method to control display components of captcha HTML
- Fix database audio storage issue with multiple namespaces
3.6.2
- Support HTTP range requests with audio playback (iOS requirement)
- Add optional config.inc.php for storing global configuration settings
3.6.1
- Fix copyElement bug in securimage.js for IE Flash fallback
3.6
- Implement CAPTCHA audio using HTML5 <audio> with optional Flash fallback
- Support MP3 audio using LAME MP3 Encoder (Internet Explorer 9+ does not support WAV format in <audio> tags)
- Add getCaptchaHtml() options to support full framework integration (ruifil)
3.5.4
- Fix email validation code in example form files
- Fix backslashes in getCaptchaHtml for img attribute on Windows systems
3.5.3
- Add options for audio button to getCaptchaHtml(), fix urlencoding of flash parameters that was breaking button
3.5.2
- Add Securimage::getCaptchaHtml() for getting automatically generated captcha html code
- Option for using SoX to add effects to captcha audio to make identification by neural networks more difficult
- Add setNamespace() method
- Add getTimeToSolve() method
- Add session_status() check so session still starts if one had previously been opened and closed
- Add .htaccess file to audio directory to deny access; update audio files
- Option to skip checking of database tables during connection
- Add composer.json to package, submit to packagist
- Add font_ratio variable to determine size of font (github.com/wilkor)
- Add hint if sqlite3 database is not writeable. Improve database error handling, add example database options to securimage_play.php
- Fixed issue regarding database storage and math captcha breaking audio output (github.com/SoftwareAndOutsourcing)
3.5.1
- Fix XSS vulnerability in example_form.php (discovered by Gjoko Krstic - <gjoko@zeroscience.mk>)
3.5
- Release new version
- MB string support for charlist
- Modify audio file path to use language directories
- Changed default captcha appearance
3.2RC4
- Add MySQL, PostgreSQL, and SQLite3 support for database storage
- Deprecate "use_sqlite_db" option and remove SQLite2/sqlite_* functions
- Add new captcha type that displays 2 dictionary words on one image
- Update examples
3.2RC3
- Fix canSendHeaders() check which was breaking if a PHP startup error was issued
3.2RC2
- Add error handler (https://github.com/dapphp/securimage/issues/15)
- Fix flash examples to use the correct value name for audio parameter
3.2RC1
- New audio captcha code. Faster, fully dynamic audio, full WAV support
(Paul Voegler, Drew Phillips) <http://voegler.eu/pub/audio>
- New Flash audio streaming button. User defined image and size supported
- Additional options for customizing captcha (noise_level, send_headers,
no_exit, no_session, display_value
- Add captcha ID support. Uses sqlite and unique captcha IDs to track captchas,
no session used
- Add static methods for creating and validating captcha by ID
- Automatic clearing of old codes from SQLite database
3.0.3Beta
- Add improved mixing function to WavFile class (Paul Voegler)
- Improve performance and security of captcha audio (Paul Voegler, Drew Phillips)
- Add option to use random file as background noise in captcha audio
- Add new securimage options for audio files
3.0.2Beta
- Fix issue with session variables when upgrading from 2.0 - 3.0
- Improve audio captcha, switch to use WavFile class, make mathematical captcha audio work
3.0.1
- Bugfix: removed use of deprecated variable in addSignature method that would cause errors with display_errors on
3.0
- Rewrite class using PHP5 OOP
- Remove support for GD fonts, require FreeType
- Remove support for multi-color codes
- Add option to make codes case-sensitive
- Add namespaces to support multiple captchas on a single page or page specific captchas
- Add option to show simple math problems instead of codes
- Remove support for mp3 files due to vulnerability in decoding mp3 audio files
- Create new flash file to stream wav files instead of mp3
- Changed to BSD license
2.0.2
- Fix pathing to make integration into libraries easier (Nathan Phillip Brink ohnobinki@ohnopublishing.net)
2.0.1
- Add support for browsers with cookies disabled (requires php5, sqlite) maps users to md5 hashed ip addresses and md5 hashed codes for security
- Add fallback to gd fonts if ttf support is not enabled or font file not found (Mike Challis http://www.642weather.com/weather/scripts.php)
- Check for previous definition of image type constants (Mike Challis)
- Fix mime type settings for audio output
- Fixed color allocation issues with multiple colors and background images, consolidate allocation to one function
- Ability to let codes expire after a given length of time
- Allow HTML color codes to be passed to Securimage_Color (suggested by Mike Challis)
2.0.0
- Add mathematical distortion to characters (using code from HKCaptcha)
- Improved session support
- Added Securimage_Color class for easier color definitions
- Add distortion to audio output to prevent binary comparison attack (proposed by Sven "SavageTiger" Hagemann [insecurity.nl])
- Flash button to stream mp3 audio (Douglas Walsh www.douglaswalsh.net)
- Audio output is mp3 format by default
- Change font to AlteHaasGrotesk by yann le coroller
- Some code cleanup
1.0.4 (unreleased)
- Ability to output audible codes in mp3 format to stream from flash
1.0.3.1
- Error reading from wordlist in some cases caused words to be cut off 1 letter short
1.0.3
- Removed shadow_text from code which could cause an undefined property error due to removal from previous version
1.0.2
- Audible CAPTCHA Code wav files
- Create codes from a word list instead of random strings
1.0
- Added the ability to use a selected character set, rather than a-z0-9 only.
- Added the multi-color text option to use different colors for each letter.
- Switched to automatic session handling instead of using files for code storage
- Added GD Font support if ttf support is not available. Can use internal GD fonts or load new ones.
- Added the ability to set line thickness
- Added option for drawing arced lines over letters
- Added ability to choose image type for output