It's been brought to our attention that there is a potential SQL injection bug in stylesheet.php. We were due to release 1.0.6 anyway, but this just made us rush out a release as soon as we were notified. My suggestion is to update AS SOON AS POSSIBLE. If for some reason you can't then at the very least, replace your stylesheet.php with this file: http://svn.cmsmadesimple.org/svn/cmsmadesimple/tags/version-1.0.6/stylesheet.php. This flaw has been in the code for awhile, so if anyone has a legacy version and wants to know if they need a patch and how to do it, let us know in IRC or email. Here is the ChangeLog:

 - Fixes a potential SQL injection hole in stylesheet.php - A new installer that uses smarty templates and classes. it doesn't look much better atm, but does have alot more power and is alot cleaner for the future. - Show the footer on tags about and help pages - Fixes to the expression that caused session_start to not always be called. - Fixes for errors in get_template_vars with newer php versions - (important) Fixes a problem where the wrong module could be unloaded from memory if module files had been deleted manually, without explicitly uninstalling the module first. - Fixes to the safe mode tests - Fixes for open_basedir issues in ImageManager - Repeated quick reloads should no longer violate the 'cachable' page property. - Add a download link for the admin log - Fixes for the umask test in global settings 

Thanks! Sorry for the alarm, but we want to get this resolved as soon as possible.

We've released 1.0.5. It's basically a security release for FCKeditorX with a few bugfixes. I would suggest upgrading when you get a chance. Here is the changelog...

 Version 1.0.5 "Molokai" -- Mar 26 2007 ----------------- - Fixes to Global Settings - Fixes to Delete Stylesheet Association - Spaces are no longer allowed in UDT names - $gCms is now given to smarty by default - Added ability to test the file creation mask in Global settings - Added page alias on mouseover when in listcontent. - Added safe_mode check into the admin section - Modified listmodules to display a message when safe mode is enabled and installing files via XML could be a problem. - Appropriate modifications to ModuleManager and ThemeManager for safe mode. 

All good developers using the CMSMS know how flexible it is and easy it is to develop a good website with solid design and good functionality. One caveat of the dilligent work we put into making websites is that 9 times out of 10 the client wants to take a stab at making the changes themselves. This is a major selling point for people, many of then used to phoning up a web company, only to request a few changes, wait forever for the work to be done to the right standard, meanwhile their own deadlines are shifting and bosses giving hassle wanting to know what is going on. Eventually when an invoice comes in the door in exchange for the hassle, they will only jump at the chance to take this painstaiking process out of their work day.

The important part to know about developing a site with the CMSMS is that the site isn't done on launch day. The training element is crucial to the successful website. Many days spent on validation and good code can be wrecked by someone in the client's company copy and pasting from Front Page, or Word, or some other horror that has been imposed on us all. This can invalidate the good put into the site and in the end affects your own reputation as a developer.

It is a good idea to think of the CMSMS not from your own familiar point of view of it, but from the client's noobie look at the back-end. Simple things like restricting their access to the really important (and dangerous) items such as custom content blocks, templates, stylesheets, php code etc can save alot of grief and questions in the long run. The more comfortable a client is with non-technical areas of the site and the less bewildered they are at the total package, the more eager they will be to make an effort at making changes without worrying about 'breaking' something.

Compliant standard editors (we use x-standard as a default) are helpful to clean up bad code inserted from the above mentioned offenders of bad code. But added to this, a small user manual is often helpful. Take the main important sections of the site that a client will be using and put the process clearly down on paper. Numbered lists of what to do in a step-by-step basis, along with screenshots helps guide them through editing or adding pages and images. This gets rid of the fear factor often seen by clients facing an imposing admin panel.

Taking the time go sit with them and go over the manual helps build your relationship with the client, adds to their own assurances that they will not 'break' the site and incur the wrath of their respective bosses, and lets them know they haven't been left on their own to fend for themselves. In our own experience as much as a client wants to 'do it all all by themselves', when the time comes to make the leap, they tend to hesitate on actually pushing the 'submit' button. A little hand-holding in the way of training goes a long long way to the future success of the website.

One important thing when running websites in corporate environments is the secure feeling that updates will work and be compatible. But when your biggest fear becomes reality and websites break down after updating to the latest version here are some step you could follow. You should, ALWAYS, have back-ups, not only because it could crash when updating but also if you experience a HD failure or whatever. If a website is critical for your business and down-time is not done, you can also restore a back-up in a sub dir on the same server with the same settings, and test the update before you apply it on a live website. If you have updated your website and it breaks down you can do the following; If errors occur on the front-end, and you cant fix them within an hour or so, restore a back-up, make a test dir and try again, if it al works well something in the update process went wrong, and you should try again. If it doesn't and you cant get it to work, get help on the forums, and just keep you live website un-updated for the time being. If the errors only occur on the back-end (admin) part of the website, you can take some more time trying to fix it because regular visitors wont notice, and if you cant work it out, the forums will probably help you out. Also make sure that modules you are using are compatible with the new updated version, you can, most of the times, see based on the Php error what file and path is causing what error, if the path is from a module, disable the module and see if everything works well. So what would be nice to see in CMSMS 2.0 for updating problems. If all hell breaks lose and no one else can help you, you can, apart from calling the A-team, make a clean install, export and import your theme, but if you have about 100+ pages and maybe 300 news items, it wont be fast job rebuilding the content. Regular page content and news items is probably the most used CMSMS content, I know lotsa websites have modules and such but they are restored pretty quick most of the times, and if updating really fails you, you have no choice. So it would be nice to see in 2.0 that one can export pages and news items like you can do with themes, this would make complicated updating errors allot less fearful, since in most cases you could be up and running within one hour if you dont have any special modules which are hard to restore content for. I you have more ideas on what people can do when having updating problems, or have an idea on how to make the updating safe/easier in the future and reducing forum topic about updating problems please comment.

Today we will start a new article "Featured Site of the Week" which will show you some of the sites created with CMSMS usually found from "CMS Show Off" forum. This weeks site is brought to us by forum user kovver. I had the pleasure to interview him a bit about the site. tsw) Who are you and where are you going to? kovver) My name is David De Beukelaer and I'm studying in Holland for Waldorf teacher. Currently I live in Belgium and have studied art in Ghent. I work as a freelancer every once in a while, mostly making artwork for myself, but sometimes making sites for friends and relatives. I also do book illustrators and writing but only in dutch. tsw) So what is this site all about? kovver) Its the artist portfolio for me and a friend. I designed the whole concept in photoshop after styling the color palette. We will have regular updates on the site, mostly with links, archive products, etc... Me or my friend will do the updates. I did the design for this version. Another large project of mine is: http://www.anthros.net which is mentioned in eight CSS galleries tsw) Why did you choose CMSMS? kovver) I discovered CMSMS a half year ago. I work with it when applicable and useful. Sometimes i write extras on it or fix bugs, etc. That makes me think that i should mention them more often, end even help on the development. If needed... tsw) How do you create your designs? kovver) Its very useful to make the design completely offline, in photoshop, with guides, color codes and separate layers. tsw) What have been your major problems with CMSMS? kovver) The largest problems are currently the bugs between IE opera safari and mozilla. tsw) But aren't those problems more CSS related than CMSMS? kovver) Mostly it is a horror experience for every designer, included the ones not using CMSMS, but. So to answer the questions above: no problems that can't be solved. tsw) How did the site launch go? kovver) I did not yet get pointers or opinions from others, because the site is only redesigned for three days now. I don't really know how much traffic I receive daily, some 3500 a month I suppose... tsw) In your own opinion what's good about this site and what's bad? What would you do differently? kovver) I’m recently developing an own style in web-designing which leads me to simplicity! I was wondering what makes a site worth looking at and in the meantime proudly presenting a clear overview, with valid XHTML. This is a new episode in my search for it. tsw) Thank you very much on taking the time to answer these questions. Now, what would you like to say to fellow CMSMS'ers. kovver)

• Focus on your CSS skills, they are the basis
• Try, if capable to contribute to the CMSMS development.
• Make your designs in photoshop, know what you want before you change the css.
• Post your designs, take a look and learn form others. Never copy, it might not satisfy!
• I question the overload on css-galleries! So I'm looking for serious volunteers to make one board to connect them all, but how?

Destile webdign to an art. Because kovver says: style life into art. So take a look at http://www.kovver.com/ and form your own opinion. We will try to continue this article series once a week to show you some of the backgrounds of the sites done in CMSMS.

Put the green bar to work for you— whether you're a developer, designer or an editor. I was halfway through development of my first CMS Made Simple site before I really took a look at the Shortcut bar. It sits so neatly out of the way at the right side of the page that I never gave it any thought. Then, one day, weeks into the project, after navigating to the site's primary stylesheet a dozen times — one after another — the power of the Shortcut bar suddenly clicked. Since then, I've put that little green bar to work everywhere, and it's made developing and maintaining sites faster and easier — for me and for my clients. Here are some tips and ideas on how you can do the same, and get more out of CMS Made Simple right now. Activating The Shortcut Menu The Shortcut bar is activated with the Administration Shortcuts checkbox in the My Preferences / User Preferences menu. Javascript must also be enabled in your browser. After that, just click the green bar at the right of the page to access the current shortcuts or to add/modify them. Adding Links Capture any link by right-clicking and selecting "Copy Link Location" or "Copy Shortcut" for pasting into the Shortcut "URL" field.

Development / Design

During development and design, you'll spend a lot of time on the same few templates and stylesheets, and adding new content. Speed access to those functions with these shortcuts:

• Edit Stylesheet / Edit Template Most sites have a few key page templates and CSS stylesheets, and you'll probably find yourself editing them frequently during development. Add one-click access to these frequently-accessed templates and stylesheets for quick direct editing.
• Collapse & List Pages If your site has a lot of pages or complex hierarchy, it can take several seconds for the page list to display completely. Add a shortcut to the "Collapse All Sections" link on the page list, and your page list will display in a snap, ready for navigation.
• Module Help Working with a particular module frequently? Link to its "help" page for fast access to reference on its syntax and features.
• Add Page You'll be adding a lot of pages when you first build your site. Get right to it with a shortcut to the "add new page" option from the page list.

Site Maintenance

Once your site has been developed, the focus shifts to content. You can streamline the process of keeping online information up to date, and reduce the need for user training by focusing editors directly on their content. Give your page owners and editors quick access to the areas they're responsible for with these shortcuts:

• Edit Key Content Your site probably has a few pages or global content blocks that change more often than others. Make a shortcut directly to these key pages and editors won't have to navigate the pages menu to get there.
• Instant News / Events Add a shortcut to "Add Article" and "Add Event" links in the News and Calendar modules to add new items with a single click.
• "Edit My Pages" If your site has multiple page editors, add shortcuts to the pages they can edit for each editor's account. You'll have less to explain and they're less likely to get lost.
• "Change My Password/Email" Give users one-click access to basic account login information by linking directly to the My Preferences/My Account page.
• Site Standards / Documentation Link directly to any site documentation, standards guides or cheatsheets you've developed for your users.

General Tips / Tricks

• Open Shortcut in A New Window/Tab Add '" target="_blank' to the end of the URL in your shortcut to make it appear in a new window. Include the double-quotes, but exclude the opening and closing single-quote, and note the space after the first double-quote and before "target." You can also right-click any shortcut link and select the option to open it in a new window or tab.
• Use Relative Paths For Portability If you want shortcuts to work even if the host changes (such as a development site that will later be migrated to another host), use relative paths instead of absolute paths. You can delete everything through "\admin\" on the left side of the path. For example, to add a page, all that's needed in the URL is "addcontent.php".
• Sort Shortcuts Shortcuts are sorted alphabetically by name (in ASCII order). Add punctuation or numbers as prefixes to display items in your preferred order.

Your Shortcuts

Have you found other handy shortcuts? Share yours in the comments!