If you’ve had problems with the Module Store (and you’re running SWCMS 1.1) please help us test out version 0.40. http://forums.socialwebcms.com/index.php?topic=219.msg2634#msg2634
Module Store Update
February 22nd, 2009Pligg Default Captcha Vulnerability
January 30th, 2009There was another vulnerability released yesterday targeting Pligg 9.9.5. If you’re running a clean install of SWCMS 1.0 or newer you won’t be affected. If you upgraded from Pligg you may still be affected. If you’re still using the ‘default‘ captcha method you should switch to WhiteHat or reCaptcha, and remove the /ts_image.php file (if you have it). If you don’t have the /ts_image.php file, then you’re ok. 
Stamp Out Spam with Submission Approval
January 24th, 2009Social Web CMS has got a handful of excellent anti-spam modules, including Akismet, email registration and a choice of captchas, but one of my favorites is Submission Approval. Quite simply, when a new user tries to submit his or her first article, it gets put into moderation until approved by the site admin. Once approved, all subsequent submissions from the user are accepted automatically.
You might think the process of approving or denying new submissions manually would put off new users, but by the time they are notified that their posts will be moderated, they will have already completed the submission process. As soon as that happens, the site admin - you - will be emailed details of the new post showing the complete content and links to either approve it or deny the user. In fact, with just two clicks, the job is done.
If you’re always on the go and can’t sit at the computer all day waiting for new users to submit something, the module can be easily customized to send email notification to your cell phone. So you can be confident your site is always free of spam. Learn more about Submission Approval in the Social Web CMS forums.
- Nick (longcountdown)
Testing 123 Testing…
January 14th, 2009Here at SWCMS security and stability are our two main priorities. One of the things we’re doing to address stability is Unit Testing with the PHP SimpleTest library. The test suite will be added to the Beta SVN shortly and you’ll see new tests added regularly. The tests will be done mostly, if not exclusively, on the Beta branch. The current Stable (1.x) branch will be slowly rewritten as we progress through versions 2.0, 3.0, 4.0 etc. Much of 1.x isn’t “testing friendly” but if you’d like to create tests for it please PM me in the forums.
- Ash
Go Viral with SWCMS “Tweet This!” Module
January 10th, 2009One of my favorite modules for Social Web CMS is “Tweet This!”. It’s based on a popular Wordpress plugin by Richard X. Thripp which conveniently enables you to announce your latest blog posts to your followers on Twitter.
The SWCMS version places a “Tweet This!” link below each story on your site, and clicking it opens Twitter with the title and a shortened version of the story’s url all ready for you to publish to your followers.
My Social Web CMS site usually only averages a handful of comments on each story, but recently, one topic was apparently so controversial that members of the site took advantage of “Tweet This!” to rally support from their Twitter followers. The result was a whopping 59 comments and a bunch of new members!
Twitter has become a powerful medium for spreading a message and attracting attention. In a previous post, we mentioned how one Twitter user with a following of 2,000+ users started a chain of “tweets” that led to the SWCMS site being bookmarked over 200 times on Delicious in just a few hours!
Thanks to user feedback from Landshark and Ditto, I’ve made some important fixes to our “Tweet This!” module in order to make it as reliable and easy to use as possible so all of us can benefit from Twitter.
You can learn more about and download “Tweet This!” v.0.2 in the forums, and remember, if a popular Twitter user tweets a story from your site, it may just go viral!
(Nick Ramsay a.k.a longcountdown)
Delicious!
January 9th, 2009Our friends over at Tip`d noticed a sudden increase in SWCMS bookmarks at Delicious. We were bookmarked about 200 times in a short period of time.
http://delicious.com/url/add1b95d858893ec3c036e5685d1a8d0
Longcountdown did a little investigating and found a popular Twitter user (designmeme) ummm tweeted (is that the right word?) us.
SWCMS 1.1 Released (2.0 in progress)!
January 8th, 2009We are excited to announce the immediate availability of SWCMS 1.1. This release is a maintenance release that does not include any new features, instead focusing on dozens of security and stability fixes across the framework.
With the release of 1.1 we are also happy to announce that 2.0 is well under way. It will include a number of enhancements we’ll cover in detail in a soon-to-be-released post (for now, think simplified templating and a cleaner/faster module creation process). As of this time we intend to continue closing out any bugs or security issues that arise with the 1.0 release but most efforts (and the new features) will be coming with 2.0.
New Years Update
January 1st, 2009Happy New Year!
Two posts ago we mentioned some template system changes that we’re working on. Here is a status update:
* Separating Back-End Admin Templates from Front-End User Templates. DONE.
* Separating Static Template Elements. DONE.
* Overall Template Modification vs. Page Details. DONE.
* Separation of Styling and Templates. In Progress.
* A template manager with concepts similar to the module store. Not Started.
If you’re interested, the new system is available from the ‘Beta’ branch in our SVN. The SVN link is: http://svn.assembla.com/svn/yadc/
New release soon! Within the next few days we’ll release a version 1.1 Stable. This version will not have any new features. This version will consist of a couple bug fixes and a few overall security improvements. We’ve also tackled a few more ‘Undefined Index’ errors. This is a continuation of our goal to have a rock solid stable release.
We don’t yet have a release date for the next non-stable / beta version. There are numerous improvements that are being worked on and tested. If you’re interested in testing, no need to wait for an official release, feel free to checkout the Beta branch of the SVN at any time.
SWCMS 1.0 / Pligg Beta 9.9.5 Exploit
December 23rd, 2008A new exploit was discovered yesterday that was created for Pligg’s Beta 9.9.5 but also affects all versions of SWCMS. The current exploit creates a file that then executes PHP exec() commands. The exploit, more widely, can be used for the creation of files on a server hosting SWCMS / Pligg Beta 9.9.5.
The fix is fairly simple. Open /evb/check_url.php.
After
include(’../config.php’);
add
include(’../libs/html1.php’);
and around line 36 replace
$url = htmlspecialchars(strip_tags($_GET['url']));
with
$url = htmlspecialchars(sanitize($_GET['url'], 4));
We’ll be reviewing the code to see if this particular vulnerability affects any other part of SWCMS and soon be releasing an updated version of the SWCMS Patcher that will include this fix. The fix above will correct both this specific exploit as well as the general vulnerability through evb to create rogue files.
To see if you’ve already been infected, see if you have a file named /libs/manager.php.
We’ll be setting up a mailing list and we’ve created a Twitter account http://twitter.com/SocialWebCMS to help keep you informed.
SWCMS Subscribe to Comments Module
February 25th, 2009One of the best ways to encourage continued participation on a Social Web CMS site is by giving users the option to subscribe to comments. There have been hacks in the past that would allow the person submitting a story to receive email notification when a comment is posted on it, but until now, there hasn’t been a way for regular commentators to also subscribe to a comment thread.
Subscribe to Comments is a new module for SWCMS and one of the features on our Roadmap that I’ve especially wanted to see implemented. It works in a similar fashion to the Wordpress plugin of the same name, which you can see on this very blog. In SWCMS, a checkbox is added to the comment form, enabling each user to subscribe. Likewise, the story author can subscribe during the submission process, or afterwards in the comment section. When a comment is made, the full content of that comment is emailed to you, along with the obligatory “unsubscribe” notice.
The current version is 0.2, and I’m keen to get some feedback and work out any bugs. If you think your users will enjoy this module, come and grab the download from the Social Web CMS forums.
Nick Ramsay
Tags: comments, module, roadmap, subscribe
Posted in General | 1 Comment »