PostNuke

Flexible Content Management System

News

Rogue .71 Released

Contributed by on Mar 17, 2002 - 02:44 AM

Here's the short list of features that we have been working on, with their proper credits. I wish I could list all of the people that contributed behind the scenes work that went into this release, but my fingers are bleeding from the thought of it.




* Security *




Many of the enhancements in .71 are more for security reasons. Instead of waiting for new reports of security problems we tightened every aspect of PostNuke to fix problems before they arise. Instead of hearing about a new CSRF exploit and releasing a patch, we believe that the script is now very secure against common and uncommon attacks.




*Session -- Jim McDonald: Providing privacy to users is a priority, sessions provides you with a safer way of handling user logins without exposing information through the browser. The plus side of the sessions is this fixes for once and for all many of the security issues that could arise with the use of cookie's controlling the user variables. The sessions are safe, and beyond the security, they also give you a higher level of control over the security of your site:




High -- When the session expires so does the user's login.


Medium -- Set the user login to expire in whatever number of days, weeks, months, years.


Low -- User's stay logged in until I believe the year 5000 (hey, we didn't call it low for nothing).




*Improved security -- Jim McDonald (author) and implemented by many, but namely adam_baum: new system for handling user input and automatically protecting sites against the most common PHP and cross-site attacks. Variables are now cleaned from start to finish, which will stop malicious attacks. In addition, data is secured by a one time key when modifications, additions, or deletions are performed in the Admin. This goes even farther into your website protection.




* Performance *




PostNuke performance has been greatly enhanced by optimization of many portions of the codebase. The core has now almost completely undergone the rewrite, with just odds and ends to replace. This rewrite has done away with many of the old legacy code that slowed performance, and created a nightmare for support.




*Improved stability -- Jim McDonald: new core codebase provides far greater stability than any other Nuke variant. Jim is a monster when it comes to code. The API has been developed by Jim to create the consistency throughout the core, modules, blocks and themes to provide better stability and performance.




*E_ALL Errors corrected --PostNuke Team: Errors that slowed performance, and left phantom problems in the codebase have all been corrected.




*Blocks Performance Enhanced -- Patrick Kellum and adam_baum: More optimizations to the core that fall under performance enhancements.




* Administration *




Even with the concentration towards the security and performance, we managed to squeeze in a few features that stick with our roadmap. We made some administration easier for you, now and in the future. Some of these features have been asked for, for a very long time.




*Configuration moved to database -- Hinrich Donner, Jim McDonald(authors) Gregor J. Rothfuss implementation: Site configuration now held in a database table for improved ease of use and speed of access. Also allows modules and plugins to add to the site configuration without the hacking of core scripts. In addition, with the moving of the config to the DB, future upgrades will not mean setting your site preferences again.




*Admin control of themes -- J. Cox: Finally, I have done something to deserve a little credit, even something as small as this. There is now an admin setting to allow users to control their theme or set a site-wide theme for all users through the use of a setting.




*Dynamic User Data -- Gary Mitchell: Allow you to choose what information to be collected on your site. In the beginning stages of development, but is very well integrated into the system. This has been a requested feature from the .5 days. The system allows you to define new fields to collect data from your users. You can deactivate fields as well, so if you have no need for the avatar field, it's pretty easy to remove.




* XML-RPC Integration -- Gregor J. Rothfuss: From the press release:




XML-RPC is enabling technology. It will allow to connect multiple PostNuke Sites together, and build sophisticated functionality on top, like scheduled synchronization of content, cross-site rating systems or in other words, Web Services. With technologies like XML-RPC, PostNuke will move beyond its CMS roots, and become a framework for web applications in its own right.




To get the process started, we implemented support for the Blogger API in PostNuke. This allows you to post to your Site from the comfort of your desktop (no browser needed). You can get a list of Blogger clients here: <a target=_top href="http://www.xmlrpc.com/directory/1568/services/pyraLabsblogger/clients">Blogger Clients.




* Modules *




Quite a bit of work has been done with the modules system. It starts with the above mentioned API, but affects many things. Care has been taken to make modules backward compatible with .7. There may be some slight changes because of our prefix change in the database to pn for all fields, but other than that most modules should work. I know that there has been work on the major message forums, and they should all be release very shortly after this announcement, if they haven't been already.




*New modules system -- Jim McDonald (author) adam_baum (implementation): allows for future versions of PostNuke to be backwards compatible with older modules, no more being stuck on an old version of PostNuke because you use a module which has not been upgraded. Module developers should have plenty of time to learn the new system, but after they are are adapted, there should be no further work to have to get the modules ready for future releases.




*pnHTML -- Patrick Kellum, adam_baum, Jim McDonald: Quite a bit of work has been thrown into the pnHTML to allow modules authors reusable code that is easy to implement. Items such as forms, etc can all now be easily written through the use of pnHTML.




*Modules Developer Guide --Jim McDonald: Unlike usual, we aren't just dropping a new system on the module developers laps and asking for you to learn it by trial and error. Jim has written a full featured guide on how the API works, along with examples in the codebase, such as the template module.




* Ratings Module -- Jim McDonald: By itself, does nothing, but is a tool for module developers to add ratings to content without having to develop new code. Quite a few modules such as these are in the queue for module developers to work with.




* Display *




* Center Blocks -- Jim McDonald: Now the ability to add center blocks in conjunction with left and right blocks. This has been a popular hack for quite some time, and has now moved into the core. Make a block in the center, besides just your standard admin message.




* New default theme -- Vanessa Haakenson, Andy Varganov, Abraham Irawan - Brumie: Three brand new designs added to the install. The default theme is now random, but as always you can choose which theme you would like to display from your admin. All three are very, very, nice, and look very professional.




* Block hiding -- Michael Meyer: An admin configurable selection that gives the ability for users to hide any of the admin-defined blocks if they do not wish to see them. A nice feature that expands what your users can do.




* PHPLive Support -- Sascha Endlicher: Very cool application (free) for PostNuke users only. .71 comes with a block to allow you to enable live support from your website. The system allows you to connect to your users and provide support in real time. Take some time to visit the PHPLive website for more information.




* ML Privacy Statement and Terms of Use -- Michael M. Wechsler: Our legal team has put together some documents that every website should have. All of the documents are ML ready, so if you are running a Multi-Lingual website, then your users should be able to read them in their natural language.




I want to take the time and thank every developer that has worked on the thankless job of bug fixing, support, implementation, and translation. Many hours of hard work has been spent behind the scenes on this release getting everything ready. People like Johnny, Jan Schrage, Antonino Sabetta, Volodymyr Metenchuk, Philippe Belin, Rabalder, Pablo Roca, and so many others are what make PostNuke what it is. I wish I could name everyone that has put forth a large effort for this release, but I am getting too old to remember everyone's name. I ask that you take some time and read the credits file, and even go over the ChangeLog, and go to SourceForge and extend a rating for some of these folks.




I hope that you enjoy this release of PostNuke. We probably are going to have an extended development time for next version, but we will be releasing modules that are changed to the API as we have them ready. In addition, we also might have a little surprise for an interim release before our next major one.




Enjoy!
22109