PostNuke
Flexible Content Management System
News
PhpNuke2PostNuke : Your bridge to the PN World
This script is useful ONLY if you have installed PhpNuke 7.0, 7.1, 7.2, 7.3 or 7.4 . If you have older versions, download PhpNuke 7.4 and upgrade your database with the scripts provided there. This script works ONLY for MySQL 3.x schema. For other dbms (PostgreSQL, MsSQL, MySQL 4.x) you need modify the script.
++ UPGRADE SUMMARY ++
PhpNuke 7.0, 7.1, 7.2, 7.3, 7.4 -> PostNuke 0.726
PhpNuke phpBB2 Forums port 2.0.5 -> PNphpBB2 1.2d
PhpNuke Encyclopedia -> pnEncyclopedia 0.2.0
PhpNuke Event Calendar -> PostCalendar 4.0.1
A new version for 0.750 is coming soon. I'm looking for make this a project at noc. Please help me on this topic.
Download link
Support forum
++ UPGRADE SUMMARY ++
PhpNuke 7.0, 7.1, 7.2, 7.3, 7.4 -> PostNuke 0.726
PhpNuke phpBB2 Forums port 2.0.5 -> PNphpBB2 1.2d
PhpNuke Encyclopedia -> pnEncyclopedia 0.2.0
PhpNuke Event Calendar -> PostCalendar 4.0.1
A new version for 0.750 is coming soon. I'm looking for make this a project at noc. Please help me on this topic.
Download link
Support forum
Subjects PostNuke Module SQL Injection Vulnerabilities
## Software ##
Software: Subjects Postnuke module
Version: 2.0
Plataforms: Unix/Win/PHP/MySQL/Postnuke
Web: http://home.postnuke.ru
## Vendor Description ##
Module is designed for structured store & display text content with a possibility to store
content in file on the disc. Probably, the best one for converting existing based on HTML pages
site to PostNuke.
## Vulnerabilities ##
Sql-Injection in pageid, subid, catid variables.
## Sql-Injection ##
The previous variables are vulnerables to SQL-Injection attacks.
These SQL injection vulnerabilities allow a remote user to inject arbitrary SQL commands.
/index.php?module=subjects&func=listpages&subid=[SQL]
/index.php?module=subjects&func=viewpage&pageid=[SQL]
/index.php?module=subjects&func=listcat&catid=[SQL]
## Proof of Concept ##
URL to retrieve the MD5 password hash of a user. This POC needs UNION functionality enabled in Mysql to retrieve the hash.
## History ##
Vendor contacted but no response.
## Solution ##
There is no solution at this time, we recommend to remove immediately this module
## Credits ##
Criolabs staff
http://www.criolabs.net
The Subjects module is not a core component of PostNuke, and so therefore this article does not apply to those who have not installed Subjects onto their site.
Software: Subjects Postnuke module
Version: 2.0
Plataforms: Unix/Win/PHP/MySQL/Postnuke
Web: http://home.postnuke.ru
## Vendor Description ##
Module is designed for structured store & display text content with a possibility to store
content in file on the disc. Probably, the best one for converting existing based on HTML pages
site to PostNuke.
## Vulnerabilities ##
Sql-Injection in pageid, subid, catid variables.
## Sql-Injection ##
The previous variables are vulnerables to SQL-Injection attacks.
These SQL injection vulnerabilities allow a remote user to inject arbitrary SQL commands.
/index.php?module=subjects&func=listpages&subid=[SQL]
/index.php?module=subjects&func=viewpage&pageid=[SQL]
/index.php?module=subjects&func=listcat&catid=[SQL]
## Proof of Concept ##
URL to retrieve the MD5 password hash of a user. This POC needs UNION functionality enabled in Mysql to retrieve the hash.
## History ##
Vendor contacted but no response.
## Solution ##
There is no solution at this time, we recommend to remove immediately this module
## Credits ##
Criolabs staff
http://www.criolabs.net
The Subjects module is not a core component of PostNuke, and so therefore this article does not apply to those who have not installed Subjects onto their site.
PostNuke Themes Converted to Xanthia
The main features of the Xanthia Templating Environment are as follows:
Based on the popular PHP Smarty template system, XTE allows for the complete abstraction of application logic from content through the use of HTML templates.
XTE replaces placeholders in templates with their actual values, created in the application logic. These placeholders have been created to support popular HTML editors such as Dreamweaver.
Conditionals and loops similar to those in PHP are available to make decisions based on output.
Variable modifiers can change a particular placeholder’s content. For example, transforming a string to all capital letters.
Caching in Xanthia of whole pages is available to reduce server load and greatly improve load times. Configuration caches can also be generated, putting Xanthia theme load times on a par with the ‘Classic’ theme variants and competing products in many situations.
Online administration of a theme can change its look, templates, colours and block positioning.
We encourage theme developers and site administrators to take advantage of Xanthia’s power and flexibility in their own sites, and also submit suggestions and improvements to future versions of Xanthia at the NOC Feature Requests area.
The PostNuke Team
Based on the popular PHP Smarty template system, XTE allows for the complete abstraction of application logic from content through the use of HTML templates.
XTE replaces placeholders in templates with their actual values, created in the application logic. These placeholders have been created to support popular HTML editors such as Dreamweaver.
Conditionals and loops similar to those in PHP are available to make decisions based on output.
Variable modifiers can change a particular placeholder’s content. For example, transforming a string to all capital letters.
Caching in Xanthia of whole pages is available to reduce server load and greatly improve load times. Configuration caches can also be generated, putting Xanthia theme load times on a par with the ‘Classic’ theme variants and competing products in many situations.
Online administration of a theme can change its look, templates, colours and block positioning.
We encourage theme developers and site administrators to take advantage of Xanthia’s power and flexibility in their own sites, and also submit suggestions and improvements to future versions of Xanthia at the NOC Feature Requests area.
The PostNuke Team
Latest Stable Release Now Available: A Major Step on the Road to 1.0
Upgrading from Older Versions?
Backup, backup, backup.
Before you upgrade we'd like you to keep in mind much of the core code has been changed. For example, there may be modules, blocks or themes that do not work with this release. So as usual, we recommend you create a test site before upgrading and/or backing up your files and your database. Also, when updating it's a good idea to document which modules work and don't work with the new version so we can help mod devs know the bugs. We suggest you post this information to the forums so module developers will have immediate feedback about which of their modules work with this latest version. Note, if a module is abandoned then you might be able to find a developer who is willing to update it too.
Finally, the upgrade functions have been tested in as many scenarios as possible so you can safely upgrade from any version of PostNuke, and even a few other systems like PHP-Nuke and myPHPNuke. But remember as noted before please make sure you have backed up your files and database before attempting to upgrade to the latest version. As mentioned above, as we've tested this release we've found many of the older modules need to be upgraded to work with this latest release. However, most of the themes should still work without problems. To get support please use the <a href://forums.postnuke.com">PostNuke forums.
Languages: Building International Community Awareness
Full internationalization, 100% language support, has always been a PostNuke goal but has yet to be fully implemented. And although many language packs have been available they have not localized a PostNuke site 100%.
The PostNuke team is turning more attention to this issue in the upcoming 0.8 release and is reaching out to the non-English-speaking PostNuke communities through the main PN site.
The initial approach is to provide English, French, German, Spanish and Portuguese language packs "out of the box" (i.e. simultaneously with each new release), and we'll be doing our best to provide up-to-date translations of documentation as time goes on.
The team is also working on developing closer relations with non-English-speaking PostNuke communities. And in an effort to facilitate this the PostNuke team has created a Language Project Manager, and the role is currently being held by David Nelson. David is looking to work-up a team with French, German, Spanish, and Portuguese members.
If you're interested in contributing to making PostNuke genuinely "worldware", then please contact vanessa at postnuke.com or drak at postnuke.com to volunteer your services or share your story.
Look for more news about language issues in the near future.
In the package you will find installation help in the following languages other than English:
Brazilian Portuguese, Chinese (Simplified), Croatian (HRV + CRO), French , German , Icelandic, Italian, Norwegian, Russian, Spanish, Swedish and Thai.
Visit the Language Project page
Modules
Included in the New release are new tools providing better perfomance and usability.
Mailer:
A new mailing class for easier integration with other modules. The Mailer module is based on PHPMailer.
pnRender:
Enabling Smarty functions is PostNuke for caching the PHP as HTML pages. The cached files will be updated when a change in the database or the templatefile is made. This will meen faster pageviews.
Typetool:
A new WYSIWYG editor. (Note, look for updates to this module with respect to better usability and graphics.)
Xanthia:
A theme rendering engine that extends the use of Smarty to the theme. What does this mean to you? It means that not only pnRender based module pages will be cached but also the use of HTML pages as PostNuke templates is at its strongest point. And makes it easier for people not familiar with PHP to easily edit and create new themes for PostNuke.
In our efforts to meet W3C standards the .75 provides strict HTML compliance and XHTML compatibility. One caveat, this is dependent on theme and module compliance, however all core modules now render compliant to HTML and XHTML guidelines.
Note, during the next couple of months we will be refining the XTE interface, releasing tutorials, and asking for feedback from designers on how we can make Xanthia better and for those curious the AT module still works in this latest version.
Staying Informed
As a reminder, we have two valuable mailing lists available to keep you updated about security issues and release announcements. You can subscribe and access them with the following links:
- New Releases
- Security Updates
Thank you, Thank you, Thank you
In closing, we would like to thank everyone for their contributions and support over the past three years, they include: forum support people, doc writers, coders, management, international partners, 3rd party devs, themers and users who have submitted bugs, code fixes and ideas. Your support and continued participation is one of the many reasons PostNuke continues to grow. And last but not least, of course tremendous thanks goes out to the team of volunteers directly involved in making this release a great success!
Woo hoo!
Download the latest release: http://downloads.postnuke.com/pafiledb.php?action=category&id=45
The PostNuke Team
P.S. You can also read the previous annoucement and get support in the forums
Backup, backup, backup.
Before you upgrade we'd like you to keep in mind much of the core code has been changed. For example, there may be modules, blocks or themes that do not work with this release. So as usual, we recommend you create a test site before upgrading and/or backing up your files and your database. Also, when updating it's a good idea to document which modules work and don't work with the new version so we can help mod devs know the bugs. We suggest you post this information to the forums so module developers will have immediate feedback about which of their modules work with this latest version. Note, if a module is abandoned then you might be able to find a developer who is willing to update it too.
Finally, the upgrade functions have been tested in as many scenarios as possible so you can safely upgrade from any version of PostNuke, and even a few other systems like PHP-Nuke and myPHPNuke. But remember as noted before please make sure you have backed up your files and database before attempting to upgrade to the latest version. As mentioned above, as we've tested this release we've found many of the older modules need to be upgraded to work with this latest release. However, most of the themes should still work without problems. To get support please use the <a href://forums.postnuke.com">PostNuke forums.
Languages: Building International Community Awareness
Full internationalization, 100% language support, has always been a PostNuke goal but has yet to be fully implemented. And although many language packs have been available they have not localized a PostNuke site 100%.
The PostNuke team is turning more attention to this issue in the upcoming 0.8 release and is reaching out to the non-English-speaking PostNuke communities through the main PN site.
The initial approach is to provide English, French, German, Spanish and Portuguese language packs "out of the box" (i.e. simultaneously with each new release), and we'll be doing our best to provide up-to-date translations of documentation as time goes on.
The team is also working on developing closer relations with non-English-speaking PostNuke communities. And in an effort to facilitate this the PostNuke team has created a Language Project Manager, and the role is currently being held by David Nelson. David is looking to work-up a team with French, German, Spanish, and Portuguese members.
If you're interested in contributing to making PostNuke genuinely "worldware", then please contact vanessa at postnuke.com or drak at postnuke.com to volunteer your services or share your story.
Look for more news about language issues in the near future.
In the package you will find installation help in the following languages other than English:
Brazilian Portuguese, Chinese (Simplified), Croatian (HRV + CRO), French , German , Icelandic, Italian, Norwegian, Russian, Spanish, Swedish and Thai.
Visit the Language Project page
Modules
Included in the New release are new tools providing better perfomance and usability.
Mailer:
A new mailing class for easier integration with other modules. The Mailer module is based on PHPMailer.
pnRender:
Enabling Smarty functions is PostNuke for caching the PHP as HTML pages. The cached files will be updated when a change in the database or the templatefile is made. This will meen faster pageviews.
Typetool:
A new WYSIWYG editor. (Note, look for updates to this module with respect to better usability and graphics.)
Xanthia:
A theme rendering engine that extends the use of Smarty to the theme. What does this mean to you? It means that not only pnRender based module pages will be cached but also the use of HTML pages as PostNuke templates is at its strongest point. And makes it easier for people not familiar with PHP to easily edit and create new themes for PostNuke.
In our efforts to meet W3C standards the .75 provides strict HTML compliance and XHTML compatibility. One caveat, this is dependent on theme and module compliance, however all core modules now render compliant to HTML and XHTML guidelines.
Note, during the next couple of months we will be refining the XTE interface, releasing tutorials, and asking for feedback from designers on how we can make Xanthia better and for those curious the AT module still works in this latest version.
Staying Informed
As a reminder, we have two valuable mailing lists available to keep you updated about security issues and release announcements. You can subscribe and access them with the following links:
- New Releases
- Security Updates
Thank you, Thank you, Thank you
In closing, we would like to thank everyone for their contributions and support over the past three years, they include: forum support people, doc writers, coders, management, international partners, 3rd party devs, themers and users who have submitted bugs, code fixes and ideas. Your support and continued participation is one of the many reasons PostNuke continues to grow. And last but not least, of course tremendous thanks goes out to the team of volunteers directly involved in making this release a great success!
Woo hoo!
Download the latest release: http://downloads.postnuke.com/pafiledb.php?action=category&id=45
The PostNuke Team
P.S. You can also read the previous annoucement and get support in the forums
Postnuke Makes Top 10 Open Source Tools for eActivism
For the rest of the article go here:
http://www.makeworlds.org/book/view/116
Shameless promotion alert...
Our own website was chosen as the PostNuke example for eActivism!
What can we say... PostNuke is the single best tool for eActivism or any other use you may think of!
CDM Web Team
http://www.makeworlds.org/book/view/116
Shameless promotion alert...
Our own website was chosen as the PostNuke example for eActivism!
What can we say... PostNuke is the single best tool for eActivism or any other use you may think of!
CDM Web Team
Final Release of 0.750 coming up !
Footnote: 1
OSCOM.4 with ApacheTrack
Press Release
http://oscom.org/events/oscom4/registration
The Open Source content management community is rich and varied
with many projects such as OpenCMS, Plone, Midgard, Cofax, Apache Lenya,
Drupal, Typo 3 and many others. Almost all Open Source CMS rely on software
from the Apache Software Foundation (ASF), and we look forward to lots of
cross-pollination between the Apache and CMS communities.
In addition, market awareness is rapidly growing, with several
Open Source CMS and ASF projects being mentioned favorably
in recent analyst reports.
OSCOM.4 features a wide range of talks and tutorials. Keynotes by Roy Fielding
and Rolf Auf der Maur are followed by talks and tutorials from members of the W3C,
the Apache Software Foundation and the open source community at large.
The ApacheTrack focuses on Apache technologies, while the OSCOM tracks focus
on content management issues.
The program is separated into 3 tracks.
1) OSCOM Technical / Community Track
2) OSCOM Business Track
3) ApacheTrack
OSCOM.4 is a place for developers, vendors, integrators and
users to mingle and learn from each other. Register today.
http://oscom.org/events/oscom4/registration
http://oscom.org/events/oscom4/registration
The Open Source content management community is rich and varied
with many projects such as OpenCMS, Plone, Midgard, Cofax, Apache Lenya,
Drupal, Typo 3 and many others. Almost all Open Source CMS rely on software
from the Apache Software Foundation (ASF), and we look forward to lots of
cross-pollination between the Apache and CMS communities.
In addition, market awareness is rapidly growing, with several
Open Source CMS and ASF projects being mentioned favorably
in recent analyst reports.
OSCOM.4 features a wide range of talks and tutorials. Keynotes by Roy Fielding
and Rolf Auf der Maur are followed by talks and tutorials from members of the W3C,
the Apache Software Foundation and the open source community at large.
The ApacheTrack focuses on Apache technologies, while the OSCOM tracks focus
on content management issues.
The program is separated into 3 tracks.
1) OSCOM Technical / Community Track
2) OSCOM Business Track
3) ApacheTrack
OSCOM.4 is a place for developers, vendors, integrators and
users to mingle and learn from each other. Register today.
http://oscom.org/events/oscom4/registration
PostNuke Communities Around the World: Spain
We have several members working exclusively in support & documentation for spanish users ( dpDocs Section ) and they have translated almost every postnuke official user guides (including XTE & Xanthia User Guide) and created many new ones. They does a great help for newbies and forum support. Some of them are: Hache, Razorman, Sultan, achica .....
Since October 2003 our site has attraced more than 11,700 registered users, who produced close to 20,000 forum posts and more than 3,500,000 pageviews.
Our main feature is our forum, we offer full support for all our modules/blocks and themes and programming by user demmand. Our projects are posted in Forum a few days before we start programming, so our users can writel their own ideas about the module or block, later we try to add every feature.
Thanks to all postnuke.com team for making one of the best CMS, you are an inspiration for me. Thank you
Best Regards
Fernando Jordán (el_cuervo) & Javier Waisen (Waisen)
Admins (dev-postnuke.com)
( Note: sorry for my really bad english, I'm spanish!! ;) )
Since October 2003 our site has attraced more than 11,700 registered users, who produced close to 20,000 forum posts and more than 3,500,000 pageviews.
Our main feature is our forum, we offer full support for all our modules/blocks and themes and programming by user demmand. Our projects are posted in Forum a few days before we start programming, so our users can writel their own ideas about the module or block, later we try to add every feature.
Thanks to all postnuke.com team for making one of the best CMS, you are an inspiration for me. Thank you
Best Regards
Fernando Jordán (el_cuervo) & Javier Waisen (Waisen)
Admins (dev-postnuke.com)
( Note: sorry for my really bad english, I'm spanish!! ;) )
PostNuke @ OSCOM 4
Info about OSCOM:
The Fourth International Open Source Content Management Conference with Apache Track
ETH (Swiss Federal Institute of Technology), Zürich, Switzerland
Wednesday, September 29th - Friday, October 1st, 2004
OSCOM, the international association for Open Source CMS is arranging the Fourth Open Source Content Management Conference (OSCOM 4). Previous OSCOM conferences have been held in Switzerland, California and Massachusetts.
The OSCOM 4 conference includes product presentations, case studies, technology presentations and a track dedicated to Apache projects. Have a look at the conference program.
Registration is now open! Please add your name to our mailing list for participants to keep informed.
http://oscom.org
http://www.oscom.org/events/oscom4/program/
The Fourth International Open Source Content Management Conference with Apache Track
ETH (Swiss Federal Institute of Technology), Zürich, Switzerland
Wednesday, September 29th - Friday, October 1st, 2004
OSCOM, the international association for Open Source CMS is arranging the Fourth Open Source Content Management Conference (OSCOM 4). Previous OSCOM conferences have been held in Switzerland, California and Massachusetts.
The OSCOM 4 conference includes product presentations, case studies, technology presentations and a track dedicated to Apache projects. Have a look at the conference program.
Registration is now open! Please add your name to our mailing list for participants to keep informed.
http://oscom.org
http://www.oscom.org/events/oscom4/program/
Page 26 / 277 (251 - 260 of 2763 Total)
