Fork me on GitHub

Thursday, September 25, 2008

XSS vulnerability in 0.804

Today Fabian Fingerle kindly contacted me to tell me about two nasty XSS bugs that slipped in FP0.804 (stable)


The fix were trivial, and if you don’t want to download a whole new package, just overwrite

with those linked.

I’ll take this occasion to release a bugfix package, with the fixes you can find on the SVN stable branch (like feed validation and such).

You can get it from as usual.

The new version is 0.804.1, svn rev.189

Thank you, Fabian

(img: bomb_icon by ten safe frogs)

Wednesday, September 10, 2008

For you Vimmers

<Aoi-chan> everyone's first vi session. 

vim-icon.png (from; hey down? my internets has imploded! ;_; )

I’ve released a little script to deal with quotes and bracket pairs in Vim, for those of us slowly getting addicted to those girlish GUI editors like TextMate[1] or Scribes.

Ditch them all for the one and only real men’s editor: Vim[2].

Get the Script: closepairs.vim

It’s my first Vim script, feel free to tell me how to improve it, or if something is wrong.

Have fun :)

update: since you made me notice, here’s the other scripts dealing with the same problem

they all differs for little, the first is a bit simpler; the latter is probably the most configurable.

Pick your favorite :)


[1] I wish I had TextMate on my Mac. I wish I had a Mac.
[2] I’m lying. Everybody knows real programmers use butterflies

Tuesday, September 9, 2008

The amazing IMPORTER


Now you can test the SVN version with your old content/ directory.

First of all, checkout the latest trunk; now either

  • launch setup and then copy your old fp-content/content/ to this fresh copy, OR
  • copy your whole fp-content/ directory to the new location

at your choice, it shouldn’t be a problem (unless you have a pre-0.804 version ;))

Now get the source code of the importer from the wiki page and paste it to a file, say import.php; upload this file to your FP web root (usually

  1. Login as usual through the web interface
  2. Browse to
  3. Wait for the page to finish loading.
  4. ????
  5. PROFIT!

(the Internet meme really has only 4 points, but, since only a pair of you will get it, I don’t care :D)

have fun!

Monday, September 8, 2008

N00s for the n00bs

Oh-kay, for people who aren’t reading the forums, the SVN trunk is now officially unstable.

Trunk is reachable using:

svn co 

The fixes for stable are in a branch:

svn co 

Being “unstable” means that if something is broken… ARGH a BUG HOW IN HELL AM I SUPPOSED TO GET A DEGREE BEFORE DECEMBER??????? ARRRRGH!!! erm, I mean, “…I’ll have to fix it”.

The first part it’s my usual reaction against bugs.

That one or “damn annoying n00b nobody ever complained about that one WTF do you want??”

Soooo, our new fancy indexing system will allow us to have a more reliable (?) storage, and have not to fear anymore PHP’s memory limits. Yes, that was my main concern, not “features”.

BTW, first the good news.


omg! OMG! OH-EM-GEE!!11! THAT IS TEH AWESOMEST!11! Post count near the categories!


Default: disabled. The reason it’s I have to open and load every single index (there is one index for each of your categories), and that’s not cheap (= slow). BTW if you don’t care, open your plugin.categories.php (in SVN of course), set the corresponding option to true and enjoy your truly new awesomeness.

Yes, there is an index for each category.

If you think of the FP’s storage as a DB, then the old index was a subset of the “Posts” table (the files on your disk); this subset - of course - contained the categories as well.

When you asked the system for a search filtered by category, a sequential scan (sloooooowww) took place.

This won’t happen anymore, since each category has its own sub-index (conceptually in DB-speech there is a secondary index for the category attribute).

Now, the “bad news” part.

As I said the focus here was in reliability/performances in the long distance, which doesn’t mean exactly “faster”, but always “acceptably fast” when the number of posts increases… and not failing with a white page of death, because the memory limit exceeds; theoretically we won’t have fear memory limits anymore, since the index is never loaded completely to memory.

…and - I know you’re going to hate me - that’s why some minor features might not be there anymore.

the current winner is…:


next/prev link in permalinks. So you won’t have anymore the title of the next/prev entry (when in permalink mode: next/prev page should still be there).

The reason it’s I’ve tried to keep the structure of the bplustree as clean as possible (I won’t bother you more on this subject, but believe me :p).

This does not mean that those features will never be back; there is a hack for instance to take that next/prev thingie back (scan through the tree), but it would make then the index thing a little pointless :p

I have a few ideas in mind to take it back, however, maybe not for this upcoming release, that’s all ;)

There is another winner, the admin panel, where, in order to take more advantage of the indices, I’ve killed the author column, since there is no official support for multiuser, yet, anyway.

I hope you’ll anyway like the efforts.