2015-07-20 What's going on
Verfasst: Mo 20. Jul 2015, 10:59
Here's a little update about what's going on.
Please note: Some links refer to the security forum, which requires a forum account. (Not readable for guest users.)
Path traversal vulnerability in v1.1.x
In June, we received information about a path traversal vulnerability caused by the module "blackcat" and the "View logs" widget. To fix, please upgrade the module asap. See http://forum.blackcat-cms.org/viewtopic.php?f=22&t=423 for more informations.
We released a fixed BC full version 1.1.2, but no upgrade version, as it's sufficient to upgrade the module.
Intro page functionality
I found that there is a missing file for the intro page functionality (intro2.php), so you're unable to store the contents of the page. Thinking about it I thought the whole thing should be reworked, which is done now. (BC version 1.2) Users can be forwarded automatically by browser language or (!) sub domain now; no need to code it by yourself.
See http://forum.blackcat-cms.org/viewtopic ... t=10#p3049 for a preview.
For a "traditional" intro page, just use a "regular" WYSIWYG page.
Module catalogue
Nearly finished. See http://forum.blackcat-cms.org/viewtopic.php?f=6&t=337 for some screenshots.
WYSIWYG Admin recoded (v1.2)
See a preview here.
Maximal mySQL password length in installer
User "Snoopy" reported a problem with long database passwords in the installer. (http://forum.blackcat-cms.org/viewtopic.php?f=22&t=439) As a workaround, check the "Don't check database password" checkbox on the DB settings tab. The issue is fixed in the next version of BC.
Postponed (not in v1.2)
I've posted pre-release versions of CKE 4.5.1 (Beta available here) and TinyMCE 4.2.1 (Alpha2 available here). Please note that there are some restrictions relating the filemanager included with the TinyMCE module.
Organizational
From time to time we cleanup unused forum accounts. See http://forum.blackcat-cms.org/viewtopic.php?f=2&t=436 for more informations.
Other
The phpManufaktur is back (http://phpmanufaktur.info)
Another WebsiteBaker Fork is available: The WebsiteBaker Community Edition (http://wbce.org)
Please note: Some links refer to the security forum, which requires a forum account. (Not readable for guest users.)
Path traversal vulnerability in v1.1.x
In June, we received information about a path traversal vulnerability caused by the module "blackcat" and the "View logs" widget. To fix, please upgrade the module asap. See http://forum.blackcat-cms.org/viewtopic.php?f=22&t=423 for more informations.
We released a fixed BC full version 1.1.2, but no upgrade version, as it's sufficient to upgrade the module.
Intro page functionality
I found that there is a missing file for the intro page functionality (intro2.php), so you're unable to store the contents of the page. Thinking about it I thought the whole thing should be reworked, which is done now. (BC version 1.2) Users can be forwarded automatically by browser language or (!) sub domain now; no need to code it by yourself.
See http://forum.blackcat-cms.org/viewtopic ... t=10#p3049 for a preview.
For a "traditional" intro page, just use a "regular" WYSIWYG page.
Module catalogue
Nearly finished. See http://forum.blackcat-cms.org/viewtopic.php?f=6&t=337 for some screenshots.
WYSIWYG Admin recoded (v1.2)
See a preview here.
Maximal mySQL password length in installer
User "Snoopy" reported a problem with long database passwords in the installer. (http://forum.blackcat-cms.org/viewtopic.php?f=22&t=439) As a workaround, check the "Don't check database password" checkbox on the DB settings tab. The issue is fixed in the next version of BC.
Postponed (not in v1.2)
- CSS-/JS-files minimization (the library I was going to use has some issues)
- Integrated page cloner (needs some conceptional work)
- Image optimizer (Admin Tool available)
I've posted pre-release versions of CKE 4.5.1 (Beta available here) and TinyMCE 4.2.1 (Alpha2 available here). Please note that there are some restrictions relating the filemanager included with the TinyMCE module.
Organizational
From time to time we cleanup unused forum accounts. See http://forum.blackcat-cms.org/viewtopic.php?f=2&t=436 for more informations.
Other
The phpManufaktur is back (http://phpmanufaktur.info)
Another WebsiteBaker Fork is available: The WebsiteBaker Community Edition (http://wbce.org)