XSS Vulnerability 0.909

Mischa on the forums pointed out a disclosed security bug of which I wasn’t aware.

I have released Flatpress 0.909.1, which is just a bugfix for that.

If you don’t want to download a whole new package from sourceforge, you just have to update these files:

• /fp-interface/sharedtpls/contact.tpl
• /fp-interface/sharedtpls/login.tpl
• /fp-interface/sharedtpls/search.tpl

• Posted by NoWhereMan at 10:55:06 in General, News
• 3 comments (282 views)

Merry Xmas

…and a Happy New Year :)

• Posted by NoWhereMan at 13:59:47 in General
• 1 comment (431 views)

FrontPage plugin

http://flatpress.svn.sourceforge.net/svnroot/flatpress/trunk/flatpress/

Sometimes people ask if FlatPress supports multi-language blogs, and the answer is no, not really.

What I usually suggest to do is creating several “special” categories (which are in fact just categories) for the main language, and make FP display only that category as a default. There is a very simple plugin for that (CategorySelector).

E.g.:

English :10
--General :101
--News :102
----Announcements :103
----Events :104
------Misc :105
--Technology :106
Italiano :20
--Generale :201
--Notizie :202
----Annunci:203
----Eventi :204
------Varie :205
--Tecnologia :206

The idea is nice since its scope is not limited to language selection, but it can be built upon further.

If you want to address your blog to a vast audience, you might want to prevent some content to show up in the very first page people would see if they stumbled upon your site.

I, for one, on my personal blog I don’t like my occasional tech rants to appear together with the more general content.

Meet the FrontPage plugin

Meet the FrontPage plugin. Think of it as a CategorySelector on steroids (which in fact is). The simple plugin on the forums now has a nice graphic config panel.

But FrontPage gives you even more. If you happen to be running the SVN version of FlatPress you’ll be able not only to show a single category, but even to hide a category, regardless its position in the category tree.

Suppose we have this category tree

General :101
News :102
--Announcements :103
--Events :104
----Misc :105
Technology :106
--Rants :107

And we wanted Technology not to show up in the main flow. Here is how we could re-factor:

Frontpage :10
--General :101
--News :102
----Announcements :103
----Events :104
------Misc :105
Page Two :20
--Technology :106
----Rants :106

We would now choose the Frontpage category to show.

Now suppose we want Announcements to never be listed, unless explicitly chosen.

The Hide options comes in handy in this case.

Secondary “root” categories such as Page Two can be tweaked for more: you might create a Static Page category in which filing fake static pages on which people would be able to comment! Those pages would of course lack the “naming” facility of real static pages: a plugin could easily fill the gap.

Notes and Caveats

• It is worth noticing you don’t have constraints on the ID numbering of a category — i.e. numbers don’t have to be consecutive –, given that you choose a unique ID for each category
• You’ll notice that I have replicated the tree twice in the Language example: the reason is FlatPress does not allow to select more than one category at once, so you can’t select both the Italian language and the General category to show only those posts which are general
• Refactoring the category tree as shown in the current stable versions of FlatPress can be done only a priori: this means that changes to the category trees won’t change the listing of posts which has been already published (unless you re-publish each one by hand).

  This has been fixed in the SVN version of FlatPress: when you have redesigned your category tree, you’ll have to rebuild the indices from the Maintenance panel.

Getting the plugin

You can get it now from the SVN SourceForge repository (click the download GNU tarball link).

• Posted by NoWhereMan at 10:31:42 in General, News
• 1 comment (485 views)

FlatPress 0.909 Arioso

With no further ado, FlatPress 0.909 is out with all of the improvements I had already listed in the last months.

• More reliable storage with drafts and entry saving (for your paranoid pleasure)
• More configurable plugins (for your customizating obsession)
• Full PHP5.3 compatibility (for your bleeding-edge joy) and still PHP4 (for your hosting suckyness)
• Plus, comment editing (for your spam hate)
• More awesomeness (for your need for awesomeness)

Upgrading advice is always the same.

Get it at the usual place

Have fun!

[image: freedom by guile]

• Posted by NoWhereMan at 16:18:36 in General, News, Announcements
• 16 comments (3354 views)

Bug fix release (nasty local file inclusion!)

Giuseppe Fuggiano found a really bad local file inclusion bug, so I’m really asking you to either update to the last file release on SourceForge (0.812.2), or get the SVN package

thank you, Giuseppe!

• Posted by NoWhereMan at 17:53:43 in General, News
• 3 comments (1486 views)