Security release.
Version 2.11.2 (2012-03-14)
---------------------------
### Fixed
Fixed an issue with the CSS3PIE url being incorrectly rewritten (see #4074).
### Fixed
Fixed a security vulnerability in the file manager which allowed back end users
to download files from the `tl_files` directory even if they were not mounted in
their profile (thanks to Marko Cupic).
### Fixed
Fixed a potential XSS vulnerability in the undo module (thanks to Oliver Klee).
The issue is not considered critical, because it requires the script tag to be
in the list of allowed HTML tags, which is not the case by default.
### Fixed
The IDNA convert class did not run under PHP 5.2 (see #4044).
### Fixed
Store the date added when creating an admin user upon installation (see #4054).
### Fixed
Purge the Zend Optimizer+ cache after writing the local configuration file.
### Fixed
The IDNA convert class did not run under PHP 5.2 (see #4044).
### Fixed
Inject error messages of checkbox and radio groups inside the fieldset, so they
can be associated with it (accessibility) and do not break the CSS formatting.
This change does not require any template adjustments (see #3392).
### Fixed
Correctly handle tabs and line breaks when importing CSV data (see #4025).
### Fixed
Event feeds did not show the date anymore (see #4026).
### Fixed
Preserve absolute URLs in style sheets in the Combiner (see #4002).
### Fixed
Support all kinds of keydown events in the stylect plugin, so options can be
selected by pressing the first key of their label (see #3812).
### Added
Added a separate version check for LTS releases.
### Fixed
Prevent the auto_item feature from generating duplicate content (see #4012).
### Fixed
Do not add the `language` parameter when forwarding to a page (see #4011).
### Fixed
The date picker in the back end did not work correctly due to MooTools failing
to parse dates correctly (see #3954).
### Fixed
The TinyMCE links popup failed under certain conditions (see #3995).
### Fixed
Correctly add the language to insert tag links (see #3983).
### Fixed
When creating an admin user in the install tool, the username was not validated
correctly (see #4006).
### Updated
Updated MooTools to version 1.4.5 which fixes a critical bug.
### Fixed
Relative URLs are now validated correctly (`'rgxp'=>'url'`) (see #3792).
### Fixed
Adjust the submit button height in Opera (see #3940).
### Fixed
The front end preview drop-down menu did not use the stylect plugin.
### Fixed
Use the Facebook sharer instead a third-party app (see #3990).
### Fixed
Preserve IE conditionals like `[if (lt IE 9) & (!IEMobile)]` when replacing
ampersands in the front end (see #3985).
### Fixed
Set the maximum length of `inputUnit` fields to 200 (see #3987).
### Fixed
If an image with a title was added to a text element, the lightbox did not show
the title anymore (see #3986).
### Fixed
The hyperlink element did not output the link title anymore (see #3973).
### Fixed
Send a 404 header and do not index or cache a page if there is a pagination menu
and the `page` parameter is outside the range of existing pages. Now that list
and reader modules can be shown on the same page, it is likely that those pages
will be cached. This fix prevents the search index and temporary directory from
being flooded with non-existing resources (such as `?page=100000`).
### Fixed
Fixed the module wizard so you can use the stylect menu of a duplicated element
without having to reload the page (see #3970).
### New
Added the Slovenian translation of the TinyMCE "typolinks" plugin (thanks a lot
to Davor) (see #3952)
### Fixed
Fixed the "getContentElement", "getFrontendModule" and "getForm" hooks, so they
pass the generated content to the callback function (see #3962).
### Fixed
Correctly handle pages with the alias name "index" (see #3961).
### Fixed
Patched the MooTools core script to fix the accordion effect (see #3956).
### Fixed
The slimbox style sheets are now compatible with the combiner.
* Multilingual website URLs
* Global style sheet variables
* Improved FAQ module
* News archive/Event list/FAQ list/ and each reader on the same page
* Disabling the CSS framework
* Make style sheets static
* Modified request token system
* Contao safe mode
* Autogenerated local configuration files
* Adding system messages
* Insert tag changes
* Website root pages are required
* Make ListView output a table
* Embed Google web fonts
* Advanced image crop modes
* Forced password change
* Privacy settings
* Updated plugins (not extension)
* New hooks
* New methods in the File/Folder class
* Remove some old function
