PHP-Fusion 6.01.8 available

March 4th, 2007 No comments


PHP-Fusion 6.01.8 has been released to fix a secondary XSS exploit.

Some of you may have noticed yesterday in the shoutbox that a new exploit had been discovered. I am pleased to say that these issues have now been corrected. The files affected include forum/postify.php and forum/viewthread.php. For details of the exact updates please refer to the CVS.

For additional information please read the release announcement.

Categories: News

WordPress 2.1.2 security release

March 2nd, 2007 No comments


Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

To learn more about this unusual problem and possible remedies, please read the release announcement.

Categories: News

Serendipity 1.1.2

March 1st, 2007 No comments


Because of an invalid category ID, Serendipity tries to show entries for that category, but the resulting SQL string contains an empty statement which makes the MySQL parser fail, and report the error on-screen.

Even though we consider this issue to be fairly low-impact, Serendipity 1.1.2 has been released because of this, mainly to assure the public that we have addressed the issue. It is not critical that you upgrade to that release. If you do, it is sufficient to update the include/ file.

For further details, please refer to the release announcement.

Categories: News


February 25th, 2007 No comments


Bitweaver was born in late 2003 when a developer, spiderr, created a new branch of Tikiwiki dubbed “spidercore”. From spidercore a new project was forked, initially called TikiPro and later bitweaver. Bitweaver evolved with the priority of being modular and faster than Tikiwiki, e.g. by making as few database calls as possible.

Bitweaver adopts the ADOdb database abstraction library and the Smarty template engine. All pages are XHTML 1.0 Strict compliant and rely on CSS for styling. Bitweaver requires PHP version 4.1.0 or higher, and is released under the GNU Library or Lesser General Public License (LGPL).

Note: I’m not tracking bitweaver’s release announcements here, because on their site I can’t find a release announcements archive nor the permanent link to any individual release announcement.

Categories: Directory


February 25th, 2007 No comments


Radiant is a CMS built using Ruby on Rails, a well known web application platform.

Radiant features an elegant administrative interface that centers around three key components:

Pages are the main content for a web site, may use Markdown, Textile, or plain HTML, and are composed of multiple parts such as a body and sidebar;

Snippets are content that can be reused in multiple places, similar to PHP includes or Rails partials;

Layouts contain most of the HTML for a page’s design. Layouts can render pages parts in any way they choose, for instance one layout could render the body and sidebar of a page, while another layout (a print layout) could render only the body.

Radiant allows you to arrange pages according to any hierarchy; e.g. a weblog in Radiant can be a collection of child pages under a parent page. Radiant has also a macro language called Radius, which makes it easy to include content from other pages, iterate over page children, and display content conditionally.

Radiant includes a caching mechanism which allows content to be cached for a maximum of 5 minutes. This ensures that content is always fresh while providing a performance advantage.

Radiant is licensed under the MIT License, so it’s free for both commercial and non-profit use. You are also free to modify and distribute Radiant as long as you don’t remove the appropriate notices from the source code.

Categories: Directory


February 25th, 2007 No comments


Almost all the blogging platforms currently available are software applications we install in the server space of our hosting provider. No installation is required on our client PC, because all the creation and maintenance of our website are performed with our usual browser.

Of course hosting providers must meet the installation requirements so we can install server software: usually they must allow PHP scripting, provide a MySQL database, and facilitate URL rewriting with Apache mod_rewrite and custom .htaccess files.

When these requirements are not met, or when we are not (yet) comfortable with the involved technicalities, should we abandon the idea of a personal blog? Not at all, if we use Thingamablog.

Thingamablog (aka TAMB) is a software application we install, like any “normal” software, on our client PC, and it doesn’t require PHP, or MySQL, or mod_rewrite available on the server. A plain old web space is all we need.

What’s the secret? Well, TAMB builds all our blog’s pages on our client PC, and uploads the already built HTML pages on our server space. TAMB, like other blogging platforms, manages categories, monthly archives, calendar, comments, has customizable templates (yes, also a Kubrick theme ported from WordPress), and is freely available under the GNU GPL (General Public License).

Categories: Directory


February 24th, 2007 No comments


Alfresco was founded in 2005 by John Newton, co-founder of Documentum and John Powell, former COO of Business Objects.

Alfresco “is the leading open source alternative for enterprise content management. It couples the innovation of open source with the stability of a true enterprise-class platform. The open source model allows Alfresco to use best-of-breed open source technologies and contributions from the open source community to get higher quality software produced more quickly at much lower cost.

Alfresco was launched in October 2005 and is now available under the GNU GPL (General Public License) in two flavors: Community, which is free and community supported, and Enterprise, which requires a paid support contract.

Categories: Directory

SPIP 1.9.2 released

February 23rd, 2007 No comments


SPIP 1.9.2 has been released.

The notable changes in this version are:

* a number of new image filters and image filter optimisation;
* new functionality in the backup/restore tools;
* a more responsive caching system;
* the introduction of the jQuery javascript library;
* the directory structures have been revised;
* an extensible XHTML validator;
* a programming interface (API) for managing authorisations and changes;
* more accurate site visit statistics.

For more detailed information, please refer to the release announcement.

Categories: News

Serendipity 1.1.1 released

February 22nd, 2007 No comments


Serendipity 1.1.1 is a bugfix-only release to fix the following issues:

* Windows IIS server cookie/session authentication problem when not running via HTTPS
* Change execution order of trackbacks to properly send them when a failure occurs
* Display proper plugin permissionship restrictions when the admin user is not part of the group that is restricted
* Fixed a bug that some plugins were not able to properly execute in the entry detail view

This version is not a security-related upgrade, so you only need to apply it if you think you are affected by any of the bugs listed. For additional information, please refer to the release announcement.

Categories: News

PHP-Fusion 6.01.7

February 22nd, 2007 No comments


PHP-Fusion 6.01.7 has been released to fix a low level XSS security exploit.

In the last 48 hours a few XSS exploits have been reported. There are three files affected including edit_profile.php, print.php and forum/postify.php. For details of the exact updates please refer to the CVS.

For additional information, please refer to the release announcement.

Categories: News