Fork me on GitHub

Tuesday, September 25, 2007

Blog / General / News / Announcements / Habemus Forum

Habemus Forum

Now stop bugging me by mail, and start bugging me there :P

FlatPress forums

I’ll tolerate non-English discussions, but please, behave, guys ;)

Anyway, have fun!

Saturday, September 22, 2007

Blog / General / News / Very severe bug!

Very severe bug!

Please update to this version!

This bug may allow an attacker to post arbitrary data to your admin panel!


I’m myself quite worried about how big this hole was o_o

Files at the usual places:

Sourceforge for the whole package, and here for the patch (it will work from 0.702)

The comments locked bug (they weren’t locked, ahem :P) should be fixed as well.


Wednesday, September 19, 2007

Blog / General / News / Announcements / FlatPress Bug Fest!

FlatPress Bug Fest!


Well, my bad. Stefano has just told me that the bug was still there. And he was right; well, I fixed the wrong file :D

By the way, he let me know there were many (two) other XSS bugs, and I occasionally found another (potential) pair here and there, which I hope are now fixed for good.

Again kudos to Stefano, and all the crew.

Files at the usual places:

Sourceforge for the “big” package, and here for the patch (it will work from 0.702 too)

PS: if you eventually customized defaults.php, this patches that file too, so you’ll have to edit it again to have your changes back


Tuesday, September 18, 2007

Blog / General / News / Announcements / XSS Security threat! Get the patch now!

XSS Security threat! Get the patch now!

Stefano Novelli has just sent me a mail, pointing out an XSS security treat threat with the search.php parameters. Am I dumb? I didn’t filter the input!

Well, thanks Stefano, kudos to you!

Because this is FlatPress’ first security bulletin w00t, let’s party :D

You can download the full package from SourceForge as usual, but the files that changed are only two; actually it’s only a matter of ONE line in search.php, the other file just raisesthe minor version number of +1…

So, you can also download the patch for 0.703.2

Get the patch here.

(and I did all of this on time for dinner…)


Sunday, September 16, 2007

Blog / General / News / Announcements / What’s going on

What’s going on

Well, you know. It’s September; I should have an exam on Tuesday.

I say I should because my professor said to come and see; if there’ll be too many people I’ll have to come another day. D’oh.

By the way, don’t worry, I’m working on it :)

I have little bad news for translators, erm. I had to clean up how strings were arranged, so, (cough), you may find it a bit messy. Sorry about that, really, anyway the changes I did in the backend, did require it.

I’m also thinking about a way to make easier for you the translation, but I fear I should write something like a wiki system myself (even though we *do* have a wiki, but it might not be enough).

Moreover, I was talking to Hydra a few days ago and we were reasoning around the file format for language files; maybe using YAML might be a nice idea.

The format is so nice at the eyes I even thought it could be the new FP file format (instead of the plain txts with KEY|value|KEY|value format) for the future.

We’re even thinking about a new syntax for the blog entries.

If you know Markdown and Textile, well, it will be something along those lines.

All came from how to write footnotes, and bold text.

You may want to follow the discussion on SPBItalia . Italian. Yes, a bit my bad, but a bit yours, I don’t get any feedback from the mailing list subscribers. If you want to join the discussion you are welcome to drop a line both on the forum and both via the ML :)

Meanwhile, you can join this great new initiative:


To be classified as a lemon under Lemon Law a vehicle must have a continuing defect that substantially impairs its use, value, or safety

For the Italian people who are still wondering if I’m really so odd that I want a yellow car looking like a juicy citrus, lemon car is the English for catorcio (/cah-tor-tcho/) :D

You know, life is hard when you’re on foot. Even though “I want to ride my bicycle, I want to ride my bicycle, I want to…” *cough* :D

So, if you want to help the FlatPress project (and help a bit me :D) make a donation with PayPal :P

Money will help us paying domains, web spaces; but most of all we’ll know that you value our project (don’t worry, we know you do ;))