Welcome to Geeklog, Anonymous Wednesday, December 25 2024 @ 09:15 am EST

News

Geeklog 1.3.11sr3

  • Sunday, December 18 2005 @ 10:30 am EST
  • Contributed by:
  • Views: 21,216
Security

Geeklog 1.3.11sr3 addresses two security issues as well as a few bugs:

  • It was possible to submit comments even if you didn't have read permissions for the story or the topic, provided you knew the story's ID (reported by LWC).
  • When tampering with the dates in a search, Geeklog produced a warning message that would disclose the path in which Geeklog was installed on the server (reported by r0t3d3Vil). It was not possible to use this for SQL injections.

The most notable bugfix in this release addresses the problems editing static pages when 'url_rewrite' was enabled (that bug was only introduced in 1.3.11sr2).

As usual, we provide both a complete 1.3.11sr3 tarball as well as an upgrade over 1.3.11sr2 (please see the included installation instructions).

Note: Both issues also exist in Geeklog 1.4.0b1 but have since been fixed in CVS. We will be releasing 1.4.0rc1 in a couple of days. In the meantime, you can get the nightly tarball if you want to update your 1.4.0b1 install now.

Demo site updated

  • Saturday, November 26 2005 @ 06:44 pm EST
  • Contributed by:
  • Views: 12,822
Geeklog.net

Those who don't want to install Geeklog 1.4.0b1 just yet can now try it out over on our Demo Site.

Please note that we had to disable a few features for security reasons and so that they can't be misused (e.g. Trackbacks). On the other hand, we did enable a few features that we didn't enable on www.geeklog.net, such as remote authentication and FCKeditor.

A note on the themes: The themes available on the demo site have only been updated with a crude shell script. As a result, some of them may look odd (especially the dark ones). If you've updated a theme for Geeklog 1.4, please upload it here on www.geeklog.net and we will update it on the demo site, too.

Geeklog 1.4.0 BETA 1

  • Sunday, November 20 2005 @ 12:35 pm EST
  • Contributed by:
  • Views: 38,171
Announcements

Since this is one of the biggest updates in Geeklog's history, we made a last-minute decision to call it Geeklog 1.4.0 (instead of 1.3.12). After almost one year in development, this update brings you the following new features:

  • Geeklog now officially works with register_globals = off. Please note, however, that some plugins and add-ons may still require it to be on.
  • Support for Trackback, Pingback, and pinging weblog directories (blo.gs, Technorati, etc.).
  • Remote authentication lets registered users of remote services such as Blogger.com and LiveJournal log into your Geeklog site without having to register (optionally, of course).
  • The Admin sections have been revamped to provide a consistent look and sortable lists.
  • Ships with FCKeditor (WYSIWYG editor).
    To enable, set $_CONF['advanced_editor'] = true; in your config.php.
  • New syndication framework can both read and write feeds in RSS (0.9x and 2.0), RDF, and Atom (0.3 and 1.0) formats.
  • New search only returns a specified amount of results per page, thus avoiding the embarrassing timeouts on large databases.
  • The links and polls sections are now plugins, i.e can be disabled, removed, and replaced easily when you don't need them.
  • ... and more ...

Due to the huge amount of changes in the code, we are releasing this beta version before we move on to release candidates (and the final release, eventually). Therefore, the usual warning: If your life, reputation, or income depends on your Geeklog site, don't upgrade just yet. However, we do need your help here and would like to encourage you to download Geeklog 1.4.0b1 and try it out. Please help us track down the (old and new) bugs in this new version.

The documentation still leaves something to be desired and will be updated step by step. We will also be publishing a few stories over the next couple of days, each focussing on one of the new features. And since our bugtracker is currently down, please use the official 1.4.0b1 bug thread in the forums instead.

Page navigation