PostNuke

Next to a project for the promotion of Linux in schools, the one-disc router system "Fli4l", an system for automated geoscientific analyses and a open-source collection CD project, PostNuke is one of the 5 winners of this years Galileo Computing Open Source Sponsorship.

The money will used by the "Postnuke e.V." (German PostNuke Foundation) for the International pnMeeting 2005 scheduled for a weekend in August in Germany. We're currently evaluating Kiel, Bonn and Stuttgart as locations. More information will follow, when details are finalized.

Steffen Voß
Vice-President PostNuke e.V.

Work is in progress for a valid, proper translation for PostNuke in the Hebrew language (he_IL, ISR, heb)

The final product would be offered, for now, as a complete package (modified PostNuke, changes are written onto original english installation).

This is mostly because doing LTR to RTL is most intrusive and doesn't end at just translating all the lang files.

Later on, and as need arises, I would attempt either writing an updater script that would search new versions and replace text as needed, or look for an option to integrate the language as an addon (like all other languages), but the whole idea seems very unlikely, because of the waste of time (doing this 1 man crew thing).

If I would have more support and help, there would be a stable and reliable support for versions newer than 0.750 gold.

Any one who wants to contact me for this project should do so at:
lordskp [at] gmx [dot] net

Requirements:
Basic PHP knowledge (I won't rule out people who wants to learn, though)
Hebrew-English, fluent.
Common sense.

If you still hesitate, I hereby announce that Postnuke is the most assuring project for Hebrew CMS. I've spent about 10 hours of my free time, to check on other leading CMSs, and to see if they like Hebrew -- they didn't!.
And i won't even talk about hebrew for PHPNuke!!.

References:
http://www.securityfocus.com/bid/12505/info
Vender: http://spidean.mckenzies.net

The PostWrap module is not a core component of PostNuke, and so therefore this article does not apply to those who have not installed PostWrap onto their site.

Also, the RTL is not only justifying the text right instead of left but it is also setting the direction to RTL so that the dots, comma, paranthesis shuold look right.

Now looking at the new RC .76, I had to apply the following fixes to make it working with the Arabic language and I am sure the other RTL language users can follow the same procedure to fix the issues. I also wish that the devolopers should take that into account in the future releases:

·On the global.php language file add the following constant to the RTL language file:
o _DIRECTION = RTL
o _ALIGNL = Right
o _ALIGNR = Left

·for the other languages like english if you are planning to use multi languagesite add the following constants:

o _DIRECTION = LTR
o _ALIGNL = Left
o _ALIGNR = Right

·Now scan through all the .php , html files, if there is any output to the browser like table alignment, text alignment, cell formatting, or any thing that mentioned :
o Left ===> replace with _ALIGNL
o Right ==> replace with _ALIGNR
That goes to all .php and css files.

·For the conventional themes to work well, go to the module “header_footer” and add the following line just before the </head> tag:

<style type="text/css">body { direction:; } </style>

That also apply to the eXanthia themes.

·Go over the new HTML templates for the admin module or exanthia theme and any other module and apply the same. Note that if you want to replace a something on the HTML template file then you have to use the following format:
or


·On the Typetool editor, that was a problem by itself, I could alter one line to let it load by default as RTL however, it cannot be modified so that you can have buttons for both options. The editor code is using the command “ExecCommand” which does not support altering the direction. That should be looked at and evaluated in the future by the postnuke developers. You can add the following line :

o setTimeout("document.frames['"+FID+"'].document.body.style.direction='RTL'",200)
somewhere in the function initDefaultOptions0(FID) in the file quickbuild_IE and quickbuild_MOZ. Also, the file language.js needs to be translated if you wish to the language you want but then it will not help if you want to use multilanguage site.

That was in summary what I have done to make Post Nuke RTL. Sorry to make such short but if you have any questions or concerns please contact me at fayez2@fayez2.com or at my web site www.fayez2.com .

Thanks

I would like first to recognize the great work done by the developers to come up with such peace of art.

The new release made life much easer since it is seperating the HTML from the code since that the Arabic language is an RTL languge which means that we have to make sure when doing the translation that the HTML also should be right to left compliant.

As soon as I have some time to spare I will post either an artical or a forum post an explenation of the best practices for implementing the RTL fixes which includes the eXanthia and the typetool fixes.

Thanks again
Fayez2.net

for download please click here

Arabic note: لقراءة النص العربي من هذا المقال يرجى الضغط هنا

VULNERABILTIES
- missing input validation within /modules/Modules/pnadmin.php
- missing input validation within /includes/blocks/past.php
- missing output validation within /modules/Downloads/admin.php
- missing input validation within /modules/Downloads/dl-util.php
- missing input validation within /modules/Downloads/dl-search.php
- possible path disclosure within /modules/News/index.php

SOLUTION
It is recommended that all admins do an immediate upgrade of their sites to v0.750 then apply the latest security fix package available from the locations listed below.
Please note the main package has been updated to include this advisory so there is no need to apply this patch if you have downloaded PostNuke after the date of this announcement.

UPDATED PACKAGES
1. PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-411.html
SIZE: 2410936 Bytes
MD5 checksum: dcb276fa0aae4e22764eb22fd66ccd09
SHA1 checksum: bc8c5ccde62312956f72a144e67efbf65bf82349

2. PostNuke 0.750 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-410.html
SIZE: 3408707 Bytes
MD5 checksum: f49e17d4040892634c53b9fb5afe650c
SHA1 checksum: 82590102de8b0171993eaf94cc73006ad84ae752

3. Security Fix (changed files only) for PostNuke 0.750 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-457.html
SIZE: 26990 Bytes
MD5 checksum: 2e654367bda64f8e9944273991997068
SHA1 checksum: fde99e26357003a8fd36aa7fde0da2859dc2c0b5

4. Security Fix (changed files only) for PostNuke 0.750 (.zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-458.html
SIZE: 32088 Bytes
MD5 checksum: e8b118732f19aa55d80550f6fe4d0caa
SHA1 checksum: f018e4f1d5339dce4b6a8419ac98a555c89945a2

NEW RELEASES
1. PostNuke 0.760RC3 (tar.gz format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-459.html
SIZE: 2936077 Bytes
MD5 checksum: FE0A655663073F9F68F878359CD459B3
SHA1 checksum: 7DCE900CE0B4A4940AB18143FE2B82FB526DBC89

2. PostNuke 0.760RC3 (zip format)
http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-460.html
SIZE: 4265380 Bytes
MD5 checksum: c2cce796bbf803c7018fa2f4b2891c9f
SHA1 checksum: cb5dc8953a562bcf07bca392dcbe18009942e32c


ADDITIONAL INSTRUCTIONS
Place the files contained in this patch into the appropriate PostNuke directory that replaces the current files because by doing this you are applying the security fix to the system fix and this is what is meant by "patching" your system.
If you would like to receive security updates in the future, please subscribe to the PostNuke security list.
SPECIAL NOTE FOR .760RC3
PostNuke .760RC3 is not recommended for production sites. If performing an upgrade to .760 please review manual.txt carefully. Many of the core system modules are upgraded in this release so the process needs to be followed exactly.


CREDITS
The exploits have been originally found by Maksymilian Arciemowicz from http://www.securityreason.com/ and were reported via security contact.


Andreas Krapohl <larsneo>, PostNuke Development Team
February 28th, 2005

All standard modules have been completed and the following third party modules are in progress; Subjects, PostSchedule, Weather, zClassifieds, phPro and myeGallery.
Downloads are available from PostNuke.co.za (register).

Alle standaard modules is voltooi en die volgende derde party modules in ek tans besig mee; Subjects, PostSchedule, Weather, zClassifieds, phPro en myeGallery.
Jy kan dit aflaai by PostNuke.co.za (registreer).