Social Web CMS

Happy New Year!

Two posts ago we mentioned some template system changes that we’re working on. Here is a status update:

* Separating Back-End Admin Templates from Front-End User Templates. DONE.
* Separating Static Template Elements. DONE.
* Overall Template Modification vs. Page Details. DONE.
* Separation of Styling and Templates. In Progress.
* A template manager with concepts similar to the module store. Not Started.

If you’re interested,  the new system is available from the ‘Beta’ branch in our SVN. The SVN link is: http://svn.assembla.com/svn/yadc/

New release soon! Within the next few days we’ll release a version 1.1 Stable. This version will not have any new features. This version will consist of a couple bug fixes and a few overall security improvements. We’ve also tackled a few more ‘Undefined Index’ errors. This is a continuation of our goal to have a rock solid stable release.

We don’t yet have a release date for the next non-stable / beta version. There are numerous improvements that are being worked on and tested. If you’re interested in testing, no need to wait for an official release, feel free to checkout the Beta branch of the SVN at any time.

A new exploit was discovered yesterday that was created for Pligg’s Beta 9.9.5 but also affects all versions of SWCMS.  The current exploit creates a file that then executes PHP exec() commands. The exploit, more widely, can be used for the creation of files on a server hosting SWCMS / Pligg Beta 9.9.5.

The fix is fairly simple. Open /evb/check_url.php.

After

include(’../config.php’);

add

include(’../libs/html1.php’);

and around line 36 replace

$url = htmlspecialchars(strip_tags($_GET['url']));

with

$url = htmlspecialchars(sanitize($_GET['url'], 4));

We’ll be reviewing the code to see if this particular vulnerability affects any other part of SWCMS and soon be releasing an updated version of the SWCMS Patcher that will include this fix. The fix above will correct both this specific exploit as well as the general vulnerability through evb to create rogue files.

To see if you’ve already been infected, see if you have a file named /libs/manager.php.

We’ll be setting up a mailing list and we’ve created a Twitter account http://twitter.com/SocialWebCMS to help keep you informed.

We have some exciting new improvements currently under development concerning the templating system that we’d like to share with you. These improvements will streamline template creation, maintenance and modification and also reduce the number of files. This continues our ongoing goal of making SWCMS a sleek and understandable social news CMS.

• Separating Back-End Admin Templates from Front-End User Templates. Currently if you update a template you have to work with a number of administrative templates as well. Generally administrators aren’t using the backend for its beautiful aesthetic but to accomplish a certain task. That said we’ve separated administrative templates from the core templates.
• Separating Static Template Elements. We have a number of elements which generally don’t change between different templates - a good example are the many images / icons (e.g. the RSS icon) which have been generously created and freely released to the web community by FamFamFam. We are going to move these images out of the individual templates and into a shared location where any template can access them. This will reduce the number of files in a given template to the bare minimum and allow developers/administrators to focus in on the unique template code without distractions from generic elements.
• Overall Template Modification vs. Page Details. SWCMS consists of a large number of pages. Most of these pages have an overall theme that template designers focus on. Oftentimes template designers don’t make any changes to the unique constant on a given page (for example the top users page). We are making this difference physical rather than just logical by putting all the generic template files together (the overall theme) and moving individual pages (the unique content displayed within the overall theme) into a separate arena. Once again this will reduce the amount of code designers/administrators need to page through when reviewing a new template and help make clear the optional nature of editing the individual pages for updated templates.
• Simplified Core Functions and a TemplateLite Function for Shared Items. The standard
  $main_smarty->assign(’tpl_center’, $the_template . ‘/index_center’);
  $main_smarty->display($the_template . ‘/pligg.tpl’);
  is being replaced with
  swcms_page_show(’index_center’);
  This new ’swcms_page_show’ function will first look for ‘index_center.tpl’ in your template folder. If it’s not there, it’ll load it from the ’shared’ area.
  For Example: the ‘register’ template. A default SWCMS install will use the register.tpl from the shared area. If you want to release a new template but don’t plan on changing anything on the register.tpl page (other than css in your .css file) then you don’t have to include register.tpl in your .zip. If you DO want to make changes directly to register.tpl, just copy it from the shared area into your template folder and make the changes. SWCMS will see this file and load it instead of the shared (default) one.
  Once again, this is a boon for developers/administrators as it reduces the number of files that reside in a template allowing all involved to focus on the actual code that has changed without distractions from generic code/pages.
• Separation of Styling and Templates. We will move all remaining styling out of templates and into the CSS files. This will make it easier for template developers to deal with just the .css file and not have to hand edit each template file. This should allow developers who are not familiar with SWCMS to productively begin editing/designing themes in SWCMS with minimal time commitment.
• A template manager with concepts similar to the module store. We’ll allow developers to upload their templates to a central repository - and we’ll include our templates as well. It’ll be a simple one click process - like the module store - to install a new template. When updates for your current template become available you’ll be notified through the admin interface.

So hold onto your seats - because SWCMS is bringing amazing new innovations in the near future to the community!

Hey Folks! Hope everyone is doing grand in spite of the economic downturn and that you’ll still find plenty of things to be thankful for as thanksgiving rolls around (family, friends, food, and SWCMS of course!). Apologize for the quiet around here lately, its all my fault (Dave). Particularly this past week - when I was a sick (lazy) bum who did nothing for six days. In any case, I’m back and have some exciting news to share with you.

Those of you who are following the SVN have already seen that Ash published a dozen or more new updates. These mainly revolve around code streamlining/cleanup with our stated goal of cleaning up the SWCMS core to make future stability and upgrading easy-as-pie. Significantly, however, is that these updates are also part of integrating a significant new piece of functionality we’ve been talking about for some time into SWCMS - the inline editor. This is thanks to Informed Networker who funded the original development of the inline editor and Tip’d.

Hold onto your hats and take a gander at them forums, they’re hopping.

Following up on our recent story about Informed Networker donating inline editing code to SWCMS, we wanted to speak about another generous code donation, this time from Tip’d. Tip’d is an upcoming social community that utilizes SWCMS for its underlying platform and focuses on financial news, ideas, and tips. While a relatively new SWCMS site, Tip’d has already distinguished itself with a slick design, a growing community, and now their generous contributions back to the SWCMS community.

What magnificent piece of code is Tip’d contributing? One long desired by the SWCMS (and Pligg) community - an updated External Voting Button (EVB). Here’s why this EVB is so exciting:

• Look Ma, I’m a Module! Continuing SWCMS’ philosophy of moving non-core functionality into modules where it can be separately and more easily maintained/extended, this EVB was designed as a module.
• Auto-Detect. On stand-alone pages (e.g. not a blog index/archive page with multiple stories) it can auto-detect the url - no need to specify in the button.
• Manual Button. If you have a page with multiple stories (e.g. blog index/archives) you setup a button for this page as well by simply specifying the url rather than allowing auto-detect.
• Caching. The EVB is cached on the end user’s side to avoid issues of slowdown for either the host or third party server.
• Wordpress Plugin. Additionally a WordPress plugin is on its way which will allow automatic integration with WordPress.

Want to see it in action? Go to the Tip’d Tools for Bloggers page.

We want to keep you informed of all the latest developments with Social Web CMS. Part of this involves letting you know what is happening behind the scenes. One area we are extremely excited about is the opportunity to work with different companies that utilize SWCMS for their businesses and who are contributing back custom code to the SWCMS community. The number of upcoming code contributions is quite impressive and we hope to whet your appetite for what is coming with this and a series of upcoming posts.

Today we’ll talk about a contribution from Informed Networker (IN), currently being reviewed by the SWCMS development team. IN is a social news network (similar to Digg/Reddit) specifically focused on individuals involved in the Information Technologies industry. Dave Mackey, one of the SWCMS team members founded and currently leads IN.

IN has contributed a module called the “inline editor.” It allows for quick in-line editing of stories (title, category, tags, and description) just by clicking on the text when viewing a story - either on the summary or detail pages. Using AJAX the process of editing a story is made simple and extremely fast. Click, edit, save - and its done. Of course, the editor module does restrict editing to certain classes of users - not just anyone can edit a story.

Its time to celebrate! Don your party hats, grab your favorite drink, and join us in celebrating the eclipse of a new era for social news networking! We have released SWCMS 1.0, a firm bedrock upon which social news website can be built. SWCMS 1.0 is a major accomplishment for the SWCMS team and (as usual) has been delivered on time. You can download this latest release here.
For those who are just joining the party, lets talk about what this release means:

• SWCMS has successfully maintained momentum after forking from the Pligg social news project.
• SWCMS has patched hundreds of security holes helping lock down and secure the platform.
• SWCMS has fixed scores of bugs across the platform, ensuring a stable platform.
• SWCMS has announced a platform that is ready for production utilization.

Celebrations, however, aren’t just about looking back - they also involve looking forward. With that in mind, we’d like to throw out several ways in which we intend to move forward and how you can help us along the way:

• SWCMS has put a high priority on security and stability. Our goal is to ensure the software is bug-free and secure against malicious attacks. You can help by reporting any flaws to us in the bug forums.
• SWCMS has put a high priority on communicating with the community about our direction and difficulties. Subscribe to this blog and take a look at our long-term roadmap to get a better picture of where we are heading.
• SWCMS will be putting a new focus on marketing as we seek to inform the web of the best stand-alone social news networking platform. You can help us by linking out to us from your sites, mentioning us in a blog post, including our url in your signature on a technical forum, and generally spreading the news to everyone you know.
• SWCMS wants to develop stable, secure, and rapidly. You can help us accomplish this by joining in our efforts. We are looking for developers, security gurus, database experts, QA, and designers to join the team. Head on over to the volunteer forums to learn more.

Thanks to everyone who has helped us with this endeavor. To each individual who has found a bug, reported a fix, given a donation, or offered an encouraging word - it is appreciated!

Our roadmap stated that SWCMS 1.0 RC2 would be released on October 4th, 2008 - and we are excited to announce today (Oct. 4th, 2008) the public availability of RC2. This release includes several minor bug fixes discovered by our dedicated userbase as well as some cosmetic changes. Please download this latest release and let us know your thoughts! We intend to keep on-schedule for the SWCMS 1.0 RTM next weekend.

Once again, not a lot of huge changes since Beta 2. Our goal here has been stability and security, not the addition of new features. We want 1.0 to be a solid base upon which to build (and we have already begun working on some of these areas) a new and enhanced featureset. For those who are interested you can read about the long-term roadmap or consider becoming a volunteer and assisting in the SWCMS development/design/etc.

For those interested in reading of detailed release notes for this release see Ash’s post on the forums. You can also read the latest template upgrade instructions that guide you step-by-step through the upgrade process.

Today we want to take a few minutes to discuss one of the major new modules we’ve introduced (and is currently available) that differentiates SWCMS from its predecessor Pligg. The Module Store is nothing like the Pligg Pro shop where one can purchase premium modules for Pligg. Rather the Module Store is more of a repository for existing modules that allows automatic installation of new modules and upgrading of existing modules. One can think of it as a concept similar to Aptitude on Linux or Microsoft Update on Windows.

The Module Store offers several distinct advantages to site administrators:

1. No more multi-steps to deployment of a module (e.g. find it, download it, upload it, install it). Now through the Module Store (which is itself a module) you can see all the available/recommended modules and automatically install any of these modules - just click and go.
2. No more manual module upgrades. Now when a new version of a module is release and certified Module Store detects the new versions and notifies you of the available update. A simple click to install process reduces the complexity of module upgrades to a simple 1-2 process.

After the release of 1.0 it is our intent to combine the Module Store with Module Management. This will significantly streamline the management of modules throughout their lifecycle. We also want to open up a certification path for third parties to have their modules added to the module store, helping you get the largest quantity of quality modules available while avoiding dangerous or badly written modules.

SWCMS is proud to announce the public availability of SWCMS 1.0 Release Candidate 1. For those who are not familiar with the “Release Candidate” terminology it indicates that we have a feature complete product which we believe is free from all bugs/security issues. If users/further review does not reveal any outstanding bugs this Release Candidate will be the RTM (Release to Manufacturing) version. In other words, it is very possible that there will be no code changes between 1.0 RC1 and 1.0 RTM. Any code changes will be restricted to bug/security fixes. If we do find any bugs or issues we will release a second Release Candidate and so on until we have a version that is ready to RTM.

For those who are interested, the enhancements between Beta 2 and 1.0 RC1 have not been extremely significant. They have been confined to a number of bug fixes/security fixes. However, this does not indicate that we have lapsed in our development efforts. Development has continued unabated on the modular front and with some features that will be integrated into the next release after 1.0 RTM.

Look forward to another post in the next day or two that will talk about (in detail) the module store we have released - one of the most exciting new code additions.

Finally, if you need instructions on upgrading from SWCMS Beta 1 or from Pligg 9.9.5 please see the detailed instructions here. If you want to see our roadmap to 1.0 its here. And if you want to know about many of the long-term features we intend to implement over the upcoming months, you can get it here.