CMS Made Simple 1.0.3 Released!

[Ted]

Reposted from: http://blog.cmsmadesimple.org/2007/01/1 ... -released/

Yes, it’s incredibly overdue, but it’s finally released. This is basically just a bugfix and security release. It’s released in both the full download version, and also a diff installation that you can overwrite an existing 1.0.2 installation with only changed files.

The security issues were not major by any means, but it’s still good to patch XSS issues. The ones we had were non-permanent and didn’t cause any damage to your site, but they still needed addressing.

The changelog goes as follows…

Code: Select all

Version 1.0.3 "Kauai" -- Jan 18 2007
-----------------

- Fixed several non-permenant XSS vulnerabilities
- Fixed issue with breadcrumbs plugin displaying root node multiple
  times
- Fixed issue with multiple events being entered
- Removed global references to $db from the admin and include.php
- Added a "Modify Events" permission
- Added event for "Change Group Permissions"
- Added ability to select a file for the Link content type
- Added ability to specify default boilerplate page content
- Fixed print plugin output so that it's xhtml compliant
- Added text direction to languages for suppot of languages like
  Hebrew and Arabic
- Fixed issue where 2 installs on the same domain shared login
  sessions
- Fixed issue with contact form with pretty_urls turned on
- Fixed issue with LoadStylesheets() not loading the modified date
- Changed search schema layout.  Now allows for expiration dates on
  entries
- Changed the icon for global content so that it doesn't look like
  the Gentoo logo
- Fixed issue with expanding content in the content list when user
  didn't have the Add Page perission
- Added catpcha module support to the contact_form plugin (you still
  need to manually install the Captcha module for this to work)
- Added messages when admin log is cleared
- Much much more

Enjoy!

[MichaelK]

ERROR
filemanager/browser/default/frmresourceslist.html
line 104


I personally think it's not in this file above. The error says line 104 on source: filemanager/browser/default/frmresourceslist.html
but this is exactly the same as from fckeditor.net.
I think it's something with /include.php.

Please can someone help me? Now i can't add links from the server and insert images.

[CMSMS-Fan]

When installing I got the warning that :-

Checking if session.save_path is writable

Your session.save_path is "/home/phpsessions". Not having this as writable may make logins to the Admin Panel not work. You may want to look into making this path writable if you have trouble logging into the Admin Panel.

Anyway I continued as my site was trashed by the install anyway now.

I then get the error

Fatal error: Call to undefined function: adodb_date() in /home/fhlinux186/m/merylwatts.co.uk/user/htdocs/lib/adodb_lite/adodbSQL_drivers/mysql/mysql_date_module.inc on line 99

I appreciate you have all worked hard on this but was this release ready for release?

[CMSMS-Fan]

I have now completely deleted everything on the site and done a completely clean install then change the prefix in the DB back to the original in the config.php the site is up again but I still got the warning

Checking if session.save_path is writeable

Your session.save_path is "/home/phpsessions". Not having this as writeable may make logins to the Admin Panel not work. You may want to look into making this path writeable if you have trouble logging into the Admin Panel.

The site appears stable now but I have several sites running on 0.13 and now do not feel very confident in updating them to the latest release.

[Ted]

Is /home/phpsessions writable by the web server?

The installer is just trying to cover it's bases and make sure that it can use sessions.  Because of the literally millions of ways to configure php (and many times incorrectly), we're trying to solve things before install that can become mysterious problems later.

And, to be honest, it should work without sessions, but it's going to require more processing while in the admin because it's working off of cookies constantly and hitting the db several extra times to verify the cookie's validity.

[CMSMS-Fan]

The Admin does work but unless you are actually managing your own server you will never get write access to /home/phpsessions as you can see my site is actually sited deep inside home/ and no server administrator will give me access to that folder.  However, the Admin appears to be working OK without access and as you say that is due to relying on cookie validation.
Hey ho I will have a play with the new set-up and see how it goes before attempting to upgrade other sites.  This one is small and I have a lot of work to do to it so thought I would upgrade before doing the work.

Anyway thanks a million for all your hard work on the project and without the team there wouldn't be any CMSMS so I should shut up.... 

[Ted]

Shut up?  Nah.  Feedback is good.

Though, it's not like you need write access...  just the webserver.  If the webserver doesn't have write access to a directory called phpsessions (it can't possibly server any other purpose), then it's a misconfiguration.

[3dc]

Just want to say THANK YOU DEVs, what a great CMS-System

[reidjazz]

Just want to say THANK YOU DEVs, what a great CMS-System

Here, here! I've been looking a CMS that produced web standard output...when I found CMSMS, my search was over!!!!

[amygdela]

Congratulations on this release Ted and the developers!!! Keep 'em comin, it's the best CMS out there for sure.

[wientanz]

@HuttonIT:
I had the same problem with 1.02 on Powweb. Before 0.13 it worked fine and suddenly *bang* it would not work. Session path not writable. I found a solution that I can't completley remember, but I think it had something to do with making your own php.ini and placing it in CMSMS's home dir, changing the session path to a folder of your choice i.e. best NOT in htdocs or generally a public folder, making it writable and voila, it worked for me. But as I said, I can't remember the specific settings, but it should give you something to think or google about.

Think I will let this update pass, it's working perfectly here (yes, I know security reasons and all... thinking about it).

[cyberman]

But as I said, I can't remember the specific settings

Do you mean this thread?

http://forum.cmsmadesimple.org/index.ph ... l#msg32615

I know security reasons and all...

You can switch off security problems by yourself. Please look here  :

http://forum.cmsmadesimple.org/index.ph ... 284.0.html

[wientanz]

nope, I googled a bit and (used the error message) and found a post in the Gallery2 forums at gallery.menalto.com. From there I went to the forums of my hosting cmompany at forum.powweb.com, which are a great resource of knowledge and then from there to a Knowledge Base section of Powweb's website.

Good place to look may be http://at.php.net/session ... Sorry that's it's in German. But it should work.

[PatDeLux]

Thank you Ted !

May I suggested to all people who download and install this version successfully to say so here ?
If only people with problems are leaving messages, it might frighten happy users of a working 1.0.2 version to upgrade.

Patrick

[cyberman]

WARNING !

There must be a problem inside install procedure if it should be installed under Windows(2000?). I've checked two times on my local xampp server (PHP5/MySQL) and got pathes like this in config.php

Code: Select all

$config['root_path'] = 'C:Programmexamppxampphtdocscms103itest';

$config['uploads_path'] = 'C:Programmexamppxampphtdocscms103itest\uploads';

$config['image_uploads_path'] = 'C:Programmexamppxampphtdocscms103itest\uploads\images';

Only preview path has a correct setting

Code: Select all

$config['previews_path'] = 'C:\Programme\xampp\xampp\htdocs\cms103itest\tmp\cache';