Just a quick bugfix release. The reason is was pushed out quickly was because of issues installing on Windows machines, and had to be handled immediately. It also fixes two different problems with breadcrumbs that people were reporting. We've thrown in a couple of extra bugfixes as well. The ChangeLog looks like:

 Version 1.0.4 "Lanai" -- Jan 23 2007 ----------------- - Fixed issue with number of queries not showing up properly at the end of index.php - Fixed issues with breadcrumbs, including nodes not showing up and duplicate nodes showing - Fixed the warning that showed up in the 25 to 26 upgrade script if you didn't have any events - Fixed bug with installer where it doesn't write windows paths correctly - Fixed issue with Search where it would mess with the letter case when showing the highlighted text 

Thanks!

Hey Guys n Gals, If you're running a good install of 1.0.2 here's the way I go about upgrading to 1.0.3. Works fine, and has been tested on both an IIS and an Apache install in the last couple of days. This update is recommended as some security issues have been fixed, and the contact form now uses Captcha which can of course limit spamming of your site. Download the upgrade zip or tar. Make sure that you are LOGGED OUT from your site admin! Extract the files in the archive somewhere safe and remember where it is! FTP, SSH or copy the files into the root directory of your site. If you now log into your admin with your usual username and password there will be an option in the main part of the admin interface to upgrade, so click away and you should be up and running in no time! Take care all, and enjoy 1.0.3 Ade (3dcandy)

Ok, so I keep spouting off about the goals of CMSMS 2.0. At this point, there are like 40 goals and all are equally important. You've heard it all before... Oh well, I'm bringing up #41 #41: Serious, concise, functional and documented API. What does this mean? CMSMS 1.x has an API of sorts. The module creation parts of the API are probably the most organized of the bunch. Most other parts of the CMSMS code are scattered through out smarty plugins, global functions, poorly named classes that should be called staticly, etc. One of the things I took on early in the 2.0 development cycle was the formulation of a consistent API to work from. And honestly, the lib/classes directory was on the right track. It just wasn't implemented as well as it could. Live and learn... 1.0.x has too many global functions for doing random things. I wanted to cut all this out. Also, there are too many $gCms->GetSomethingOperations() methods. This is stuff that can all be moved to static methods in classes. index.php and include.php were both WAY too messy. I wanted to offload a lot of that stuff into clearly marked methods, using as much DRY (don't repeat yourself) development as I could. And, I wanted to "namespace" all of the CMSMS classes so that they don't get in the way of other classes that might be used for modules, addons, etc to the system. Since PHP doesn't use real namespacing, every class starts with Cms (CmsTemplate, CmsApplication, etc). Because of this consolidation, I could take advantage of the autoloading feature in php5. So I get two benefits with this... no require(_once) statements littering the code, and no files loaded into memory that aren't needed. So, at this point, 90% of the CMSMS code has been converted to this API setup. index.php and include.php are readable, and memory usage is way down. In fact, I've segmented it in such a way that it could almost be used as an API for other php applications. As an example, the new installer is a totally separate application. It doesn't use anything really CMSMS specific, instead it just includes the bare minimum and pulls out what methods it needs for the database, smarty, etc. I've also documented the code as I'm going. There is still a lot more to go, but it's coming along. We'll be dumping doxygen docs nightly so that people will have quick access to the classes and methods. I've already been dumping docs of the svn builds out, though it's not guaranteed to not change drasticly before 2.0 is released. http://cmsmadesimple.org/api Maybe someday we can break out the API and have a framework for other apps to use. That would be pretty slick. Ted

Yesterday I made an entry about CMSMS getting bigger and having a fair amount of users. Now, there is also a downside to this. Getting more attention will also attract hackers, knowing when they can get into one CMSMS website they can get into a lot more. However, the development of the core is done by a of couple great developers. I don't think the CMS Made Simple core would get into a lot of problems when getting bigger and having more users. Also, they would be releasing patches quickly when serious security holes would occur. But how about the modules? And I'm not talking about the much used modules as they will grow and get updated with the core system because so many people use them. But the more unknown modules which don't get updated very often. Those modules will probably cause potential security risks in the future, since scripting never stands still and new vulnerabilities get discovered every now and then. Now we all know that using GPL/Open source software comes without warranties, and using it is at your own risk, but when old modules get security issues CMSMS gets blamed, or at least associated with the vulnerability. This is kinda the way Joomla got his bad name in my opinion. Joomla as a clean install combined with decent chmodding is pretty safe, but with so many 3rd party modules its hard to keep track of what's safe to use and what's not, maybe not for the hardcore coders between us but it is for many others. So what would be a good way to "protect users" against the risk of using older not updated modules? Maybe a new module category in the forge called "Not updated in the last 12 months - could have potential security risks and/or isn't compatible with new core systems" and automatically put all the modules in there which have not been updated in the last 12 months. I'm really interested in how other people think about the module security. Am I just paranoid or could these thoughts be potential ideas? Drop your thoughts in the comments! Regards Signex / Benjamin

Yes, it's incredibly overdue, but it's finally released. This is basically just a bugfix and security release. It's released in both the full download version, and also a diff installation that you can overwrite an existing 1.0.2 installation with only changed files. The security issues were not major by any means, but it's still good to patch XSS issues. The ones we had were non-permanent and didn't cause any damage to your site, but they still needed addressing. The changelog goes as follows...

 Version 1.0.3 "Kauai" -- Jan 18 2007 ----------------- - Fixed several non-permenant XSS vulnerabilities - Fixed issue with breadcrumbs plugin displaying root node multiple times - Fixed issue with multiple events being entered - Removed global references to $db from the admin and include.php - Added a "Modify Events" permission - Added event for "Change Group Permissions" - Added ability to select a file for the Link content type - Added ability to specify default boilerplate page content - Fixed print plugin output so that it's xhtml compliant - Added text direction to languages for suppot of languages like Hebrew and Arabic - Fixed issue where 2 installs on the same domain shared login sessions - Fixed issue with contact form with pretty_urls turned on - Fixed issue with LoadStylesheets() not loading the modified date - Changed search schema layout. Now allows for expiration dates on entries - Changed the icon for global content so that it doesn't look like the Gentoo logo - Fixed issue with expanding content in the content list when user didn't have the Add Page perission - Added catpcha module support to the contact_form plugin (you still need to manually install the Captcha module for this to work) - Added messages when admin log is cleared - Much much more 

Enjoy!

Browsing thru the development part of the CMS Made Simple website yesterday I noticed that there are almost 100.000 downloads of the CMS Made Simple Core. With the release of 1.0.3 It cant take long before it reaches this magical number. With the plans of CMSMS 2.0 coming with all the nice new features it can only get better. Off course it will take a long time before stable 2.0 series will be released but I cant wait for the first beta's to be released. So I would like to take this first blog entry for me as an opportunity to congratulate all the people that supported CMS Made Simple, whether that is with development, time in the forums, donating or just by using it. More serious entries will follow soon! Regards, Signex / Benjamin