Fork me on GitHub

Tuesday, June 28, 2011

Blog / General / Mercurial

Mercurial

User Alexandrul has been so kind to provide with a pre-configured BitBucket repository mirroring SVN.

This means you can get the development version of FlatPress both via Subversion and via Mercurial.

I think I’ll switch over Mercurial some time in the near future, so stay tuned ;)

bye!

Tuesday, June 21, 2011

Blog / General / News / Making FlatPress bombproof

Making FlatPress bombproof

My last commit on SVN adds two lines to defaults.php that should make life easier for some people.

// default file permissions
// change file to 644 and dir to 755 if your webserver "complains"
define('FILE_PERMISSIONS', 0777);
define('DIR_PERMISSIONS', 0777);

From time to time, I get reports that FlatPress breaks some strict webserver configurations and users get the 500 error code.

This is because sometimes 0777 (world-writable, readable and executable for files, writable, readable, “listable” worldwide for directories) is considered unsafe.

Unfortunately, there is a reason for choosing 0777 for everything, over, say, 644 for files and 0755 for directories (another common choice).

Often, the “virtual user” under which the webserver runs, it’s not the same under which the FTP server runs. This means that a file created by the webserver cannot be deleted via FTP.

This can cause many headaches to the end-user (namely, us all), so I’ve decided to go the most straightforward way, and use 0777.

However, sometimes hosts enforce “best practice” by throwing an error when files do not respect the 0644, 0755 mantra.

I’ve added those options you see above, so that you have control over this, too. In case you need it, open your defaults.php and change FILE_PERMISSIONS to 644 and DIR_PERMISSIONS to 755 and you shouldn’t see that ugly error anymore.

Have fun with FlatPress!

Tuesday, June 14, 2011

Blog / General / News / Announcements / Boring news

Boring news

While people discuss an exciting possible future of FlatPress as a bulletin board, here I am bringing you the boring stuff.

Here is the uninteresting bugfix release 0.1010.2 which mainly addresses a boring XSS vulnerability.

Also, boring.

As usual the download is on SourceForge.

Jokes aside, it is advisable to patch the XSS vulnerability by at least following the instructions on the linked discussion.

Oh, and in case you didn’t notice I removed almost all the ads from here, they didn’t get me any revenue, anyway; of course, donations and gifts are always accepted.

Have fun with FlatPress :)