If you do how to do it, people can really POST things to your blog, just by making you click a bad URL!
And that’s bad considering that you can write some PHP in FP (the widget and the plugin panels)!
So I’ve been working on improving the security of FlatPress, implementing, (or I should rather say merely importing :P), some functions seen already in WordPress.
As you may or may not know, the name of FlatPress it’s not only a marketing operation (even though it sounds like it is), but it was meant as an homage to a well known good platform from which
1) we took inspiration
2) we took code!
And so, as the license allow us to do it, I’ve took something more than the autop() functions, the formatting functions in general, the whole plugin system :) I’ve took the nonce security measure.
To know what nonces are, read this post. The implementation is almost the same; there are just a few small changes to reflect how FP handles some things.
By the way, you read there’s a WordPress exporter, and you read well.
No, I didn’t just change theme! :)
I don’t think FP must be just a “passage” in your blogger life, you might go on living well with FlatPress if you like it; however I don’t want you people to be forced to stay with something that one day or another you might not like anymore, or that - who knows? - or that I myself might not have time or will to take further.
Sure FlatPress is open source, so, that day you could decide to fork it, and develop your own something press; but you might not be a coder, and you might not want to become one.
So, here’s the whole point of this: it’s a matter about choice, and you’re the one to choose, and as you are the one to choose, I shouldn’t choose for you; so, you can export to WordPress, open phpMyAdmin and import the sql dump.
That should do.
Remember this is just a quick solution, too, I didn’t take deep tests, but it should work
Oh, just a further notice, this script should work for SimplePHPBlog, too. You’ll have of course to pass through FlatPress, because FP core libraries :D
By the way, if you’re using SPB and wanted to change, you can now choose between FlatPress (almost no efforts) and WordPress :)
Sunday, October 7, 2007 - 19:34:03
we’re waiting for a wordpress IMporter now!!! ;)
Monday, October 8, 2007 - 08:59:06
Well better having a secure script rather a buggy one!:P
Also could you please add the funciton to name the cookie of FP through Admin panel?All blogs have this and I have hard time to find the name of the cookie each time:P
Monday, October 8, 2007 - 09:11:25
@embrance: use the forum for requesting features;
also erm… I don’t get the “name the cookie” think you’re talking about; never seen such a feature… you mean the cookie domain and path? that’ll be the same as the BLOG_BASEURL defined from defaults.php (in 0.710) or it’s automatic in 0.703 (= I don’t control that)
The name prefix for fp cookies is always “fp”