Karma's Nucleus DevBlog

A new tag has been added to the CVS repository, to indicate the fies for Nucleus v3.21:

• Nucleus-3-21-p0 tag, which points to the released version of Nucleus v3.21

For information on previous tags and branches, see the archive for the CVS category.

You might have come across the security bulletin already, but there's quite a serious security issue in the PHP XML-RPC Library that is used by Nucleus and a bunch of other projects. Untill we have a new package available for download with the updated library, here is how to disable XML-RPC support on Nucleus:

1. Delete the /nucleus/xmlrpc/ directory on your server. This will remove the XML-RPC server from Nucleus. As a result, nobody will be able to connect to Nucleus using external tools (wbloggar to name just one) anymore.
2. In the /nucleus/libs/ directory, replace xmlrpc.inc.php and xmlrpcs.inc.php by empty files. These are the actual libraries. Though this step is optional, you should do this just to be sure.

After these steps have been completed, the XML-RPC library is fully removed and your Nucleus installation is safe again.

Update: Nucleus v3.21 has been released!

• Tools/Software
  • Cropper: Screen capture utility in C#.
  • KeePass Password Safe
  • The Regulator: Regular expressions testing tool.
  • "That" is "My" for C#.
  • Opensourcetesting.org: Open source tools for software testing professionals
• Groktalks: 10 minute micro-presentations recorded at TechEd
• Lifecycle of Bloggers. Familiar.
• ThinkGeek: TCP/IP Creeper & Toddler Tee
• Blinky Pointer Fun Video: a fun 3 minute video that explains the basics features of pointers and memory.
• Abusing Amazon Images
• Ten good practices for writing JavaScript in 2005 (or in dutch: Naar Voren: 10 JavaScript vuistregels)
• PHP5: http_build_query & headers_list
• Google Sitemaps
• Safari Screenshot Generator (offline?)
• Sudoku
  • Sudoku Fun
  • Wikipedia: Sudoku

I stumbled across TagCloud today, which combines a feed list with data from the Yahoo! Term Extraction Webservice to create a tag cloud. To test it out, I created a Nucleus CMS Cloud, using the feeds from the Nucleus Planet. Nothing much to see there, but one word definately stands out from the rest :)

Remember the What's wrong with this code? post from a week ago?

Niels catched most of the problems that I injected in the code. Allow me to describe the problems a little more detailed:

A quick hack can allow authors of items to preview the item-pages for their draft items. This can be handy to spot HTML/layout errors before actually publishing.

The basic idea is to replace all idraft=0 strings in SQL queries by (idraft=0 or iauthor=id) when the member is logged in.