From: Stephan Ebelt <stephan.ebelt@gm...> - 2006-03-17 16:49:56
this is a BUGFIX Release on top of 0.9.4. It contains code changes only,
no database updates.
The reason I release it is because it contains some basic protection
against SQL-Injection attacks. Please read the web page and/or INSTALL
file for more details.
I recommend to upgrade right away.
You can get it at:
- sql-escape all string that come in via $_REQUEST
- StockRisk: show most recent SL order, not /some/ order
- StockRisk: soft limit sometimes 0 -> by design, happens if no previous
close average is available
- StockRisk: SL is considered present only if it is neither expired nor
- NewsReader: added 'mark all read' button
- NewsReader: extended 'mark read' to toggle the mark flag on and off
- Order: corrected close time in message (was 1970/01/01)
- mysql-testdata.sql: fixed column count for Order data