News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christian Wenz's Blog:
Serendipity Upgrade to v 1.5.x Gotcha
December 24, 2009 @ 06:44:55

Christian Wenz points out a "gotcha" for those upgrading Serendipity to the latest 1.5.x version - an issue with a SQL script not being run.

I just updated Serendipity to version 1.5.1 on one of our servers; yet afterwards I could not log in anymore. Also, Serendipity reported that version 1.5.1 was present, although I did not run the update script from the admin console yet. At first I thought I did something wrong, but a s9y forum posting described a similar issue.

The issue came from a SQL update script that hadn't been run when the upgrade process thought it had. He includes the two SQL statements you'll need to run to fix the problem.

0 comments voice your opinion now!
serendipity upgrade gotcha


Christopher Kunz's Blog:
Review Serendipity - Individuelle Weblogs fur Einsteiger und Profis"
May 29, 2008 @ 13:49:17

Christopher Kunz has posted a quick review of a book from the Open Source Press covering Serendipity, a popular blogging system.

Yesterday, my review copy of Garvin Hicking's book "Serendipity - Individuelle Weblogs fur Einsteiger und Profis" (Open Source Press, 39,90, ISBN 978-3-937514-54-3) was in the mail. Unfortunately, this book is currently only available in German, but I'm sure Garvin (or someone else) will translate it and publish it (maybe with the nice guys at Packt publishing?) soon.

He notes that the book (the massive book at 750 pages) covers just about everything you'd ever need to know about the Serendipity blogging system. Christopher specifically mentions a few things - a good summary for installation and configuration, a meticulous list of the plugins and the chapter that focuses on administration and security.

0 comments voice your opinion now!
book review serendipity opensourcepress german


Community News:
Serendipity 1.1.3 and 1.2-beta2 released due to SQL exploit
June 19, 2007 @ 07:47:00

As Christopher Kunz points out, Serendipity users should check out a new blog posting over on the CMS system's website concerning an immediate update they've released.

Serendipity 1.1.3 and 1.2-beta2 have been released due to a SQL injection attack reported by Dr. Neal Krawetz today. It is possible to abuse a 'commentMode' variable to inject SQL code that was targeted to the function that fetches comment information. This variable was introduced to Serendipity 1.1 - all prior versions are not affected.

They also suggest checking you access logs for a "commentMode" variable issued in requests to see if there were any kind of attacks made already. The fix is a simple matter of editing the functions_comments.inc.php file and replacing the line of code they give with the more secure versions. Again, this is recommended as an immediate upgrade for Serendipity users.

0 comments voice your opinion now!
serendipity cms sql exploit commentmode functioncomments serendipity cms sql exploit commentmode functioncomments


Pierre-Alain Joye's Blog:
how to do not work around filter (don't be lazy )
December 22, 2006 @ 07:14:01

On his blog, Pierre-Alain Joye talks about the ext/filter extension and how several developers just choose to "work around" it instead of using its features right out.

On the other hand, the same persons worked around ext/filter with ugly hacks. Edin pointed me to one of these horrible codes in Serendipity, as I saw this code in other applications like flyspray, I think it is time to raise your attention about what to do not do.

The code he's referencing is a snippet that manually filters each of the superglobals to get rid of any problems that might have been put in. He points out two security problems with the code too: only use PHP functions as a fallback when filter isn't available and never use the superglobals directly outside of the filtering.

Stefan Esser has his own comments on the topic too. He votes for the other way around (own functions over filter's methods) and expresses the opinion that the ext/filter extension is a bad idea similar to the impropper use of magic_quotes_gpc.

Pierre has also responded to these comments in an update to how own blog entry. Check it out for the full story...

1 comment voice your opinion now!
pecl filter extension workaround example serendipity pecl filter extension workaround example serendipity


Dan Scott's Blog:
Serendipity (s9y) blog Security release
October 19, 2006 @ 11:23:00

If you're a Serendipity user, you need to install the pactch that Dan Scott mentions in his latest blog post:

I thought you should know they just released a security update to fix an XSS issue in the administration backend. Unfortunately, s9y.org itself appears to be very ill at the moment: I kept getting 500 - Internal Server Error.

There's an update that's been released and (will be) available from their site, but you can also just upgrade to the latest version as downloaded from their sourceforge repository.

For more information, check out the Hardened-PHP Group's security advisory on the issue.

0 comments voice your opinion now!
serendipity security release patch xss latest download serendipity security release patch xss latest download


NewsForge:
New kid on the blog A look at Serendipity 1.0
July 19, 2006 @ 06:17:40

On the NewsForge website, there's this new look at the latest version of a popular PHP-based content management system - Serendipity 1.0.

Serendipity is a PHP-based content management system (CMS) for powering blogs and other sites, and has a feature set that should make any blogger happy. After several years in development, the Serendipity team hit the 1.0 mark on June 15. Let's see how the 1.0 release shakes out.

The author (Joe Brockmeier) opts to jump in with both feet, making a complete switch over from WordPress to Serendipity. He goes through some of the common tasks like posting items and management behind the scenes. He also talks a bit about extending Serendipity, using the wealth of plugins offered both officially and by the community.

In the end, though, what it boils down to are his thoughts on the latest release - overall good, but nothing he saw that made it outstanding in its field.

0 comments voice your opinion now!
serendipity version1.0 content management system review serendipity version1.0 content management system review


Community News:
Serendipity Reaches Milestone - Version 1.0 Released
June 15, 2006 @ 12:51:11

As noted by both Tobias Schlitt and Sebastian Bergmann, the popular blogging software, Serendipity has reached a huge milestone in its development - the release of version 1.0.

The Serendipity Team is proud to announce the final release version of Serendipity 1.0, an advanced and flexible blogging/cms web application. With its comprehensive feature set, including multiple authors, internationalization, templated output, and an open plugin architecture, Serendipity's stable 1.0 release is ready to become the most popular Web application in the world!

You can get the full story in their latest blog post today, including the latest bugfixes, how to upgrade your current installation, the future of the project, and, of course, the "thank you"s going out to all those that helped.

You can download this latest release directly from their site.

0 comments voice your opinion now!
serendipity version1.0 release milestone blogging software serendipity version1.0 release milestone blogging software


Davey Shafik's Blog:
Spring Cleaning (or a Move from Categories to Tags)
May 03, 2006 @ 07:13:37

Davey Shafik has done some "spring cleaning" on his blog and finally implemented a tagging based system for it (using the Serendipity software) away from the category system it uses by default. In this new post he shares the simple solution to how he did it.

One of the many things I have planned to do for this site is use tags instead of categories. However, when I first tried the plugin, it was quite broken. So I dropped the idea.

However, when setting up the PHP Thinktank blog I gave it another whirl and it works beautifully. So I decided to try again on this site.

He populates the tags for the entries in a simple way - a SQL query that goes through and updates the tag table with the current category for the entry.

2 comments voice your opinion now!
tags categories move serendipity plugin tags categories move serendipity plugin



Community Events





Don't see your event here?
Let us know!


developer framework community interview wordpress project bugfix release series podcast api laravel language application code configure threedevsandamaybe library list introduction

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework