glFusion Stories

glFusion v1.1.0 Released

Tue, 11 Nov 2008 10:19:42 -0600

The glFusion Community is pleased to announce that glFusion v1.1.0 is now available for download. glFusion v1.1.0 represents another major milestone in glFusion's development. This release brings enhanced security, improved WSYIWYG editor integration, increased performance and scalability, and enhanced integration of key plugins.

Language Packs

The glFusion v1.1.0 archives only contain the English language files. The full language pack, which includes all language files, is available for download here.

Required Plugin Upgrades

IMPORTANT NOTE: glFusion v1.1.0 makes some significant changes to the search API and the theme API. If you run the DokuWiki Integration plugins or Chameleon, you will need to upgrade those as well. We are releasing updates to both of these plugins now. DokuWiki v1.6.0 for glFusion v1.1.0 or newer and Chameleon v2.1.0 for glFusion v1.1.0 will only work with glFusion v1.1.0 or newer. Please do not update these plugins if you are still running glFusion v1.0.2.

Upgrading

If you are upgrading from a previous version of glFusion, check out the glFusion Upgrade Tip Sheet for additional tips on upgrading.

glFusion v1.1.0 Full Release (.tar.gz format)

glFusion v1.1.0 Full Release (.zip format)

Improved Security

The glFusion team has moved several files that were located in the web space to the private space. Only files that are designed to be directly accessed via the browser are now located in the public_html/ directory. All other supporting library and include files have been moved into the private/ space. This makes the attack vector used by malious users and hackers much smaller. We have also implemented improved Remote File Include (RFI) protections. Finally, we have improved the integration method used with the FCKeditor to provide improved security, preventing non-authorized users from uploading files via the editor's filebrowser plugin, but still allowing authorized users full access to FCKeditor's features.

Improved Search Engine / Results Page

If you do a search on the site, you'll notice the search results are now presented in a nice Google like format, with the results for each of the areas or plugins all bundled together. Results are returned in date order, but can easily be sorted by several attributes.

The new and improved search system is a result of Geeklog's participation in Google's Summer of Code. Sami Mazen Barakat is the student who developed the new search functionality. He was mentored by Randy Kolenko. What they developed is in our opinion one of the best enhancements for Geeklog and it is reflected in glFusion.

Improved Comment System

Another Geeklog Google Summer of Code project was to enhance the comment system. The goal was to allow comments to be edited and also moderated. glFusion has implemented the features that allow a user to edit their comments (admin configurable) and to also set an automatic comment close date on articles. glFusion has not implemented the moderation feature at this time. Jared Wenerd is the GSOC student who developed these enhancements. He was mentored by Michael Jervis on the Geeklog team. This is another excellent enhancement that brings tremendous value to Geeklog and glFusion.

Consolidated CSS and JavaScript

glFusion uses several CSS and JavaScript files to accomplish some of its great Web 2.0 features. To allow you to customize parts of your site, we have separated out the CSS into several files. As a result, page load times were a little longer since there were so many requests from the browser to the server to get each of the individual files. We've solved this problem by consolidating all the CSS into a single call statement. We've done the same thing for all the JavaScript files as well. Now, only two statements are required to load all the CSS and JS. We've leveraged the caching technology used in glFusion to make building and serving of the files much faster. As a result, we're seeing about a 20% reduction in page rendering / load times!

Multiple Menus with Site Tailor

We've enhanced Site Tailor so you can now create multiple menus. You'll notice the new Navigation menu here in the left navigation bar. The footer menu is also administered via Site Tailor. You can now create and customize multiple block menus and even get creative and place a horizontal navigation menu in a static page. glFusion now has a full featured integrated menuing system!

Forum Enhancements

New with glFusion v1.1.0 is the ability to easily sort your bookmarks. Check out the new Bookmark tab in the Forum navigation bar to sort your bookmarks by Forum, Topic, Title, Views, and Date.

We've also added a Latest Posts tab. This will display the last n (where the site admin sets the value for n) number of posts. What we've noticed in usage of the system, is that we've fallen victim to relying on the Forum centerblock on the homepage to see new forum posts. Since it only lists 10 items by default, we found we were missing some posts on days with lots of activity. Now, we can easily see the last say 50 posts to make sure we don't miss anything!

Administrative Enhancements

We've made a few tweaks to the Administrative interface as well. We've separated the Command and Control screen from the Submission screen. We've also added a new Log Viewer so you can easily monitor your common glFusion logs. Finally we've also added a configuration option to hide the Admins Only block except when you are on an administrative screen.

Online Configuration

With our ongoing effort to bring better integration and synergy to all the various parts and pieces of glFusion, we've moved the configuration options for CAPTCHA, Forum, and FileMgmt into the core glFusion online configuration system. This means no more config files to edit!

Media Processing APIs

We've moved all the media handling (resizing of images, thumbnail creations, etc.) out of Media Gallery and into the core glFusion code base. This means that all plugins can leverage the same media management code. So for example, attachments in the Forum are processed using the same code that images in Media Gallery are processed by. This gives you a single spot to configure your graphics drivers and provides a mature and consistent interface for all plugins to use!

Mail System Enhancements

We've modified the internal email handling routines to include improved HTML email support and secure SMTP (TLS or SSL). This makes it possible to use email providers like Gmail to send your outgoing emails through.

Complete Details

While the above list is not exhaustive, please refer to the v1.1.0 roadmap for additional features. For a complete list of additions and changes in glFusion v1.1.0, please refer to the changelog located in the release archive at public_html/docs/changelog.

Around the Corner

Finally, don't forget to check out the v1.2.0 roadmap to see what is yet to come. As usual, if you have an idea for a feature, or see a bug that needs squashing, please check our Known Issues page and then feel free to post in our support forum or in the glFusion Tracker.

glFusion v1.1.0 Release Candidate 1 Available

Fri, 31 Oct 2008 16:31:46 -0500

The glFusion Community is pleased to announce that glFusion v1.1.0 Release Candidate 1 is now available for download. This release brings enhanced security, improved WSYIWYG editor integration, increased performance and scalability, and integration of key plugins. We've tested this release pretty well, but would like to have a few early adopters or those with test environments to help us with this final phase of testing.

IMPORTANT NOTE: glFusion v1.1.0.rc1 makes some significant changes to the search API and the theme API. If you run the DokuWiki Integration plugins or Chameleon, you will need to upgrade those as well. We are releasing updates to both of these plugins now. DokuWiki v1.6.0 for glFusion v1.1.0 or newer and Chameleon v2.1.0 for glFusion v1.1.0 will only work with glFusion v1.1.0.rc1 or newer. Please do not update these plugins if you are still running glFusion v1.0.2.

Please provide any feedback in the glFusion Support Forum and with your help, we should get glFusion v1.1.0 production out the door very soon!

glFusion is now on OpenSourceCMS.com!

Wed, 29 Oct 2008 22:34:46 -0500

If you aren't already familiar with OpenSourceCMS.com, stop by and check it out! glFusion has just been added to their list of hosted demo sites. OpenSourceCMS.com is a fantastic resource for anyone wanting to try all kinds of open source systems—from content management systems to news portals, blogs, e-commerce, groupware, forums, e-learning... the list goes on.

While you're there, take a look at the other fantastic open source projects out there! It's always inspiring to see how developers from all across the world are working together to build great software for the common good.

CHECK IT OUT: glFusion on OpenSourceCMS.com

glFusion v1.1.0 Feature Freeze

Fri, 17 Oct 2008 13:30:14 -0500

As the end of October approaches, we are feverishly working on the next major milestone release of glFusion. We are now in a ‘feature freeze’ state that means all the features have been coded and are now ready for final testing and documentation. We expect to roll out a Release Candidate in the next few days so the glFusion community can see what’s coming and give us a hand in final testing. We’ve updated glfusion.org with the latest code, so please let us know if you run into any issues.

glFusion v1.0.2 Released (Security Update)

Fri, 19 Sep 2008 11:17:02 -0500

The glFusion team is releasing glFusion v1.0.2 which addresses several Remote File Inclusion (RFI) vulnerabilities we have discovered. These vulnerabilities could allow properly crafted URLs to load files onto your web server and potentially overwrite existing files. The vulnerability only affects users who host on a Windows platform and have register_globals set to on, but we recommend all glFusion users upgrade to the latest production release as we've also included all the fixes from the Known Issues list. Now is probably a good time to remind everyone that there are several steps you can take to help secure your glFusion site. Please read the glFusion Hardening Guide for some good tips.

As usual, we are providing both a full release archive (in ZIP and TAR.GZ formats) and a delta archive that only contains the files that changed from v1.0.1. Upgrading is very simple and straight forward, simply copy the new files over the existing files on your server. There is no need to run any update utilities since there are no database changes.

glFusion v1.0.2 Full Release (.tar.gz format)

glFusion v1.0.2 Full Release (.zip format)

glFusion v1.0.2 Incremental Release (.tar.gz format)

glFusion v1.0.2 Incremental Release (.zip format)

glFusion Development Update 2

Wed, 17 Sep 2008 21:37:15 -0500

Some of you may have noticed things look a little different here at glFusion.org. We decided it was time to take some of the latest developments with glFusion for a little test drive and make sure everything is working as it should. We are running the latest development snapshot, and so far things appear to be working well.

Read on for a quick overview of some of the changes you can see on the surface and then we'll describe a few of the administrative changes. Keep in mind, we're not done yet, but we wanted to make sure what we've done so far is working as it should.

Improved Search Engine / Results Page

As much as we would like to take credit for the absolutely wonderful feature, we can't. As most of you know, glFusion is a fork of Geeklog v1.5.0. We chose Geeklog as our based because of its mature code base, straight forward implementation of features, and overall robustness. Because the code between Geeklog and glFusion still shares many similarities, we are able to leverage some of the enhancements implemented by the Geeklog team. The new and improved search system is a result of Geeklog's participation in Google's Summer of Code. Sami Mazen Barakat is the student who developed the new search functionality. He was mentored by Randy Kolenko. What they developed is in our opinion one of the best enhancements for Geeklog and it is reflected in glFusion. Give it a try and let us know what you think!

Improved Comment System

Consolidated CSS and JavaScript

Multiple Menus with Site Tailor

Forum Enhancements

glFusion v1.0 included the Forum plugin by Blaine Lang, with the ability to set bookmarks. New with glFusion v1.1.0 is the ability to easily sort your bookmarks. Check out the new Bookmark tab in the Forum navigation bar to sort your bookmarks by Forum, Topic, Title, Views, and Date.

Administrative Enhancements

Online Configuration

Media Processing APIs

Mail System Enhancements

We Need your Help

With all these features, and still a few more left to implement, glFusion v1.1.0 is shaping up to be a great release! But we need your help in squashing development bugs and beefing up our online documentation! As we continue to grow, we want to make sure these important things aren't left behind. If you see any issues here at glFusion.org, please post them in the forums. Browse the documentation and feel free to enhance it where you can improve it. And finally, if you have any feature requests, feel free to post them in our Tracker.

Vote for glFusion at WebMonkey!

Tue, 09 Sep 2008 14:52:17 -0500

Over at www.webmonkey.com they are running a vote for your favorite web framework, and I of course added glFusion to the list.

If you're as enthusiastic about glFusion as I am, head on over to put your vote in!

glFusion v1.1.0 Development Update

Thu, 04 Sep 2008 19:47:50 -0500

While the team here at glFusion are furiously finishing up code work on new features in the upcoming release, we thought it would be good to take a moment and give everyone a progress update. Read on to see what we've been up to...

Some of the key enhancements for v1.1.0 include:

Moving the media processing APIs out of Media Gallery into the core. This allows both glFusion and plugins to leverage a more secure and improved upload and media processing system. All core upload functions like uploading user photos now use these APIs. We also enhanced the Forum plugin to utilize these same interfaces too. FileMgmt also uses these interfaces to provide better thumbnail management for uploaded files.
Where feasible, we have moved the online configuration options for plugins into the core configuration system. So far, the Forum, FileMgmt, and CAPTCHA configuration screens are now part of the main glFusion online configuration system.
We've updated the Forum plugin to make better use of bookmarks, now you have a method to quickly retrieve your bookmarked topics, and sort them by a number of different fields including Forum, Topic, Replies, Views, Date, and Author. We've also included a Latest Topics tab that will be user configurable to display the last n number of posts (think an expanded version of the forum centerblock).
The comment engine has seen some improvements with the ability to automatically set a future date for closing comments on a story and to allow users to edit their comments if you choose.
The search engine has been overhauled to display a much improved set of search results.
Site Tailor has been enhanced to include the ability to define multiple menus, both block style (vertical) and navigation style (horizontal). This gives you the ability to define both header and footer menus, as well as define as many block menus as you need. For a sneak peek of what additional block menus and footer style menus will look like, visit geiss.getmyip.com/glfusion_trunk
The core email system now uses a new email engine which allows both HTML and text based emails.

glFusion v1.1.0 continues to evolve, and part of this evolution is better organization of the source files. We've moved many of the common source files out of the plugin area into the core. For example, getID3 is the library used by Media Gallery to identify the mime-type of an uploaded item. This library, and several others, have been moved into the core code space to allow all plugins to leverage them and provide better organization for long term maintenance.

These are just some of the major changes in the upcoming glFusion release. There have been several other small tweaks here and there and also several bug fixes along the way.

We've also received a gracious offer from Sam (aka Rocky), volunteering to do Chinese translation for glFusion, and he has indicated that he will be setting up a Chinese glFusion demo site in the near future as well! Thanks Sam for your effort and support of glFusion!

This brings us to our last ongoing effort, documentation. You'll notice by the Dokuwiki activity in the What's New block over the last few weeks that we've been beefing it up with all sorts of great information. Trinity has started work on documenting plugin APIs, the database layer, and some other developer oriented documentation.

While this is great, we still need your help! Please take a moment and proofread a couple pages in the wiki that interest you. When you see where improvement can be made, please do so. The documentation is a community effort, and as we pool our resources, we can accomplish great things for the glFusion community!

Why do we feel strongly about it? Because we have set a goal to include a full .pdf manual, based off the living wiki document, in glFusion v1.1.0. We've been fortunate enough to engage the services of a professional commercial real estate appraisal formatter (aka Eric's wife Kim) to convert and format the wiki pages into .pdf manual form. She formats multiple 100+ page reports daily, so making our humble little manual look fantastic should be a walk in the park! Make sure to tell her thanks!

As always, if you have any ideas or suggestions, feel free to voice them in the forums. If you see something that needs fixing, report it in the Tracker. We're looking forward to a feature packed release, so spread the word!

FCKEditor Upload Exploit

Wed, 03 Sep 2008 05:20:44 -0500

glFusion v1.0.0 and v1.0.1 are vulnerable to unsolicited file upload via the FCKEditor. A malicious user could upload files to the public_html/images/library/ directory of your web server using this hole. Fortunately, the file types are filtered by the whitelist in FCKeditor so only media type files can be uploaded. This means no PHP or JavaScript files could be uploaded. Regardless, you should update the upload.php file shipped with glFusion with the latest patched version to prevent any unsolicited uploads.

A fix is published on the glFusion Issues Page. To manually patch upload.php, make the following modification: edit public_html/fckeditor/editor/filemanager/connectors/php/upload.php, at the beginning of the upload.php file, after the copyright notice but before the first require(...), add this piece of code:

if (strpos ($_SERVER['PHP_SELF'], 'upload.php') !== false)

{

die ('This file can not be used on its own.');

}

Save the file and you are done.

Chameleon v2.0.0 for glFusion

Thu, 24 Jul 2008 21:47:14 -0500

Right on the heels of the glFusion v1.0.1 release, we are pleased to announce the release of Chameleon v2.0.0 for glFusion. Chameleon v2.0 leverages some of the new features of glFusion's Site Tailor plugin, including cascading menus and logo management. Now you have the option of multiple layouts and styles with the flexibility of an online menu editor. This will be the final release of Chameleon. All of the Chameleon functionality / flexibility will be moved into Site Tailor and Nouveau with the next milestone release of glFusion. If you have any suggestions on features or enhancements, please post them in the glFusion Development Forum.