glFusion Wiki

Site Tools


Table of Contents

glFusion v1.7.4.pl1 (Current Release)

glFusion v1.7.4 continues to refine the Long Term Support release of glFusion, brining several minor bug fixes and improved compatibility with later releases of PHP and MySQL.

Security Updates

glFusion takes the security of our code very seriously. Security is much more than just a slogan to us, it is something we have to constantly strive for every day. glFusion is fortunate to have an awesome user base! Once again, one of our users has offered their services / capabilities to glFusion and provided a Web Application Security scan of the glFusion system. HPE Fortify WebInspect has been used to scan the latest development code and we are happy to report, no major issues were identified. Matter of fact, the report was very short this time around (not always true on scans in the past!). Only 4 issues were identified. Three of the issues were false positives.

For full results of the security scan - please see Security Scan Results - April 2018

Privacy Controls

Online privacy is getting a lot of attention these day. With the recent Facebook / Cambrige Analytica debacle and the European GDPR going into effect, user's privacy is getting a lot of focus these days.

glFusion has implemented a few additional features to ensure a user's privacy is properly protected, at least from a technical point of view.

See the new Privacy & Privacy Controls Documentation in the glFusion Wiki.

Right to Be Forgotten

If a user chooses to leave a glFusion site, they should be able to completely delete their digital information off the site. With glFusion v1.7.4, we have enhanced the user delete function to fully scrub all information for the user. Their profile information is completely deleted. Submitted content such as comments, stories or forum posts are now fully anonymized, meaning their name, IP and any other identifying information that was stored with the post is now fully anonymized so there is no way to identify the poster. glFusion does not alter the contents of the post.

New Privacy Plugin

To provide additional privacy controls, but still keep it highly configurable, we have released a Privacy Plugin that extends glFusion's privacy controls. The Privacy Plugin provides the following features:

  • Cookie Consent Bar
  • Require Acceptance of Privacy Policy and / or Terms of Use prior to registering
  • Ability to download all user information on the site in machine readable format (XML)

Privacy is Also Your Responsibility

glFusion offers several technical controls to help keep a user's data private. There are still things that you need to do as a site administrator. It is important to have a comprehensive and clear Privacy Policy. glFusion provides a good starting point, but it is up to you to customize the provided Privacy Policy to your site.

Database Support

MySQL v8.0 reached General Availability in April 2018. We have validated that glFusion v1.7.4 works fine with MySQL v8.0. There were a few SQL tweaks implemented to ensure proper compatibility. MySQL v8 contains a significant number of bug fixes and several key performance improvements. Note There are still some issues with PHP to MySQL v8 compatibility - older versions of PHP not well supported. Sites running UTF8MB4 character sets may also see connection issues with PHP v7.0 and PHP v7.1.

We have also back-ported a feature from the glFusion Next General development code to provide PDO support for connecting / interacting with databases. This under-the-hood update provides improved performance for database access.

Database Administration

Based on community feedback, we have adjusted the Database Backup utility to be more efficient. Previously, the SQL backup files consisted of a single INSERT statement for every row in a database. On large sites, this would result in very slow imports when restoring a database. We now insert multiple rows with a single INSERT command, in many cases, reducing the restore time by as much as 80%.

Remote Login Improvements

Remote Logins, using services such as Facebook, Twitter, etc. have always been treated differently than a local login. With glFusion v1.7.4 we've added consistency to how logins work, regardless of the type. When a user logs in for the first time with a remote login, they will be redirected to a local glFusion registration screen after authenticating with the remote service. This allows glFusion to now perform spam checks and allows the user to validate / tweak the automatically generated username, update their email and any other information needed. This also allows full integration with plugins like the Custom Profile plugin so you can collect the same information you request for local logins from folks using remote logins. Once they have completed the registration screen, remote logins will simply log the user in.

Patch Level 1 Updates

  • Do not send notification email for new user when created by admin
  • Fixed error in email duplicate check on new registrations
  • Fixed error in Links plugin when deleting a user
  • MySQL PDO Driver updates / fixes
  • Updated PHP Archive class

Full glFusion v1.7.4 ChangeLog of Bug Fixes / Enhancements

  • Delete account now removes or anonymizes all of the users info from the glFusion database tables
  • Truncate the media item title to prevent overflow in the Media Gallery random image block
  • Modified the CSS for FileMgmt download rating to left justify the rating stars
  • Fixed issue where remote login users could not delete their account
  • Fixed password rule text to better describe the length requirement
  • Fixed issue on installation / upgrade screen where the enter key would select the Back button
  • Updated the default download on a new install to a glFusion Overview PDF
  • Fixed issue where site admin could not save a user record if the name did not meet length requirement
  • Anonymize IP addresses prior to storing in database
  • Oauth new user creation to now follow same workflow as local user creation
  • Increase homepage table var (users table) to 255 bytes in size
  • Spam check when creating oauth user
  • Comment signatures are now dynamic (backported for glFusion NG code base)
  • DB backup now writes several values per insert, improves efficiency of restores / imports
  • Fixed issue where watermark admin would not redirect properly after deleting watermark
  • Fixed issue where watermarking did not work with GraphicsMagick
  • Added Cross-Frame Scripting Protection
  • MySQL v8.0 support
  • Fixed issue where Forum story migration did not properly check if destination forum was selected
  • Fixed error in linkify code on older versions of PHP
  • Do not display the UTF8MB4 upgrade option if DB does not support UTF8MB4 collation
  • Fixed MySQL error in Forum plugin for older MySQL versions
  • MySQL driver updates - new support for PDO driver (backported from glFusion v1.8 development)
  • Fixed issue where CSS compression did not work with non UTF8 encoding
  • Fixed bug where a plugin's block may not always be removed when the plugin is deleted
  • Fixed type in upload class where maxImageHeight was not used properly
  • Updated external libaries - oauth, getid3, htmlpurifier, phpmailer, simplepie, phpxmlrpc
  • Fixed approval email for Oauth users who were queued and approved.
  • Updated CKEditor v4.9.2
  • Updated Subscription API to allow plugins to send subject
  • Fixed issue where default topic settings (permission, owner) were not used for new topics
  • Fixed issue where Remember Me setting could not be changed without changing the password too
  • Fixed issue where SpamX plugin would not install (new installations) on older MySQL versions
  • Honor open links in new window setting for user profile homepage links
  • Fixed redirect after login
  • Fixed issue editing Static Page titles / labels with quotes
  • Removed dependency on Media Gallery plugin from the core image processing library

glFusion v1.7.3

  • Fixed Forum ranks save error on duplicate number of posts
  • Fixed creating a new topic automatically assigned it as the alternate topic to all stories without an alternate topic
  • Headlines auto tag - updated headlines.thtml to clean up the HTML
  • Forum: Badges can now be any color
  • Forum: Badge group can now be configured to inherit or not inherit other group memberships
  • Indonesian Translation update by fahmipulo
  • Minor code optimizations

glFusion v1.7.2

Security Updates

glFusion takes the security of both our code and functionality very seriously. Security is more than just a slogan to us, it is a core component of our development methodology. Recently, glFusion was audited by a federal agency that uses glFusion to run several internal sites. The audit identified some deficiencies in the enforcement of security controls, such as multi-factor authentication and password complexity rules. As a result of this audit, we have implemented the following features:

Two Factor Authentication

Two Factor Authentication, also known as 2FA, is an extra layer of security that is known as “multi factor authentication” that requires not only a password and user name but also a six-digit code supplied from your phone or an external application. If enabled, users will have the option to enroll their account into Two Factor Authentication for additional security.

Password Complexity Rules

You can now enforce password complexity rules to ensure your users are using safer passwords. You can set the following requirements:

  • Minimum password length
  • Require at least one lower and / or upper case characters
  • Require at least one number
  • Require at least one special character

Both Two Factor Authentication and Password Complexity features are optional and can be disabled if you choose.

Spam-X Updates

The Spam-X plugin provides several modules to scan submitted content and new user registrations to determine if they are spam or bots. Spam-X has been given a face lift with this release, now providing site admins a nice dashboard showing each module and the spam types they have blocked.

More importantly, we've added two new modules to Spam-X:

  • Akismet - Akismet is a spam filtering service that filters spam from comments, trackbacks, and contact form messages. The filter works by combining information about spam captured on all participating sites into dynamic spam rules that block future spam. Akismet is offered by Automattic, the company behind
  • Formcheck - Formcheck does an analysis of the submitted form to determine if it is a bot submitting the content. Formcheck is always the first spam filter called since it does not rely on 3rd party services like Akismet or Stop Forum Spam. Our initial tests have found that Formcheck will stop a high percentage of automatic bot submissions, including registrations and forum submissions.

When a post or registration is determined to be spam by the Spam-X module, if enabled, the IP address of the spammer will be added to the temporary ban list. This prevents them from continuing to try and register or post on your site and will reduce site load.

By utilizing all modules in the Spam-X plugin we are able to identify and block a very high percentage of BOT and spam traffic.

We highly recommend you enable the Akismet module, along with the Stop Forum Spam module, and also enable the Project Honey Pot support in the Bad Behavior2 plugin. Enabling all of these will greatly reduce (maybe even eliminate) BOT and spam submissions without putting up any barriers between you and your legitimate users.

FYI - We have enabled all the Spam-X modules, Project Honey Pot support in BB2, and disabled CAPTCHA on the glFusion DOT org website. So far, the results have been awesome. All BOTs and spam have been stopped dead in their tracks!


CAPTCHAs provide a method to distinguish humans from BOTs. The downside to CAPTCHAs is that they become a barrier between your site and your users. The glFusion team has tried to make CAPTCHAs both more effective and less of a hassle to your users. With this release, we've extended the CAPTCHA plugin to allow the CAPTCHA widget to display on the Login form and the Forgot Password form, as these two forms are generally targets of BOTs.

But, we're finding CAPTCHAs are proving to be less and less effective against BOTs that try to register on your site or post to your forums. Even more sophisticated services like Google's reCAPTCHA are now being bypassed by many BOTs.

We are finding the best way to protect your site from BOTs and spam is to utilize a multi-layered defense. See the Spam-X updates below for more information on our defense in depth approach to handling BOTs and spammers.

Privacy Notes

We understand that the privacy of our users is just as important to us as it is to those who use glFusion to run their websites. Often there is a privacy concern when utilizing external services such as Google's reCAPTCHA, Stop Forum Spam, Project Honey Pot or Akismet to help reduce bot and spam traffic. For this reason, glFusion always makes available protection methods that do not rely on external services, but we feel these services offer valuable protection and do recommend their use. We have reviewed the privacy policies for each of the services listed above and are very comfortable using them. We recommend you review their privacy policies as well and make your own determination:

If you utilize any of these external services through glFusion, remember to update your privacy policy on your web site.

Forum Plugin Enhancements

Lee Garner has invested a significant amount of effort into the Forum plugin during this release cycle. Lee has implemented some really nice features and enhancements…

Forum Badge Management

A much improved forum badge management system. You can now manage the forum badges interactively in the Forum Administration area. Badges can be graphic images, or CSS based text. You can now display multiple badges for a user by setting up different badge groups.

Forum Rank Management

A new Rank management system available in the Forum Administration area. Previously, you were limited to 6 rank 'ranges'. Now you can have unlimited ranges and customize the rank text.

Forum Likes Feature

Likes allow a registered user to Like another registered user's post. Likes only apply to registered (logged-in-users) as there is no method to track likes to and from anonymous users.

All Likes for a post will be displayed in the footer of the post. A user's Likes Received will be display below their avatar in the forum profile area of the post.

Likes received and given can also be displayed on a user's glFusion Profile Page.

Forum Layout Tweaks

Lee has also implemented several small tweaks to the topic view screen in the Forum. He has cleaned up the user profile space, making it much more compact and better organized. The moderator functions have been moved to the bottom of the post.

Behind the scenes, Lee has implemented some pretty significant code improvements that provide improved performance and much better maintainability going forward.

CKEditor Plugin - (WYSIWYG Editor) Enhancements

glFusion has always leveraged the awesome Open Source editor CKEditor. One feature that has always been missing from glFusion was a good method to customize CKEditor and have your customizations survive (not be overwritten) during an upgrade. We've partially solved this issue by now supporting a custom_config.js configuration which will never be overwritten. This allows you to easily modify the CKEditor configuration to suit your needs. Longer term, we are working on a online configuration system to make this much easier.

Bug Fixes / Feature Refinements

Through community feedback, we have identified and resolved several minor bugs in the code. See the full ChangeLog below for a list of all fixes, updates and minor feature improvements.


  • Added support for “Open External Links in new Window” config setting in the RSS ticker widget
  • Forum: Fixed issue where signature preview would not work consistently
  • Forum: Admin message management did not page properly - lost selections on pagination
  • Expanded PLG_itemDeleted() API to include $children parameter - a comma separated list of all child items to delete
  • Polls: Comment link did not correctly display when showing poll results in Polls block
  • Open print window in new window when printing static pages
  • Fixed incorrect variable reference in referer ban list
  • Forum: Removed the after action (i.e.; post) screen - now display message and directly go to refresh page
  • Forum: Moderator functions now in dropdown button
  • Forum: New Likes Feature by Lee Garner
  • Configuration option to enable / disable BB2 auto ban logging
  • Standardized the date/time format across all log files
  • Added token timeout protection to comment form
  • Display Alternate Topic (if any) in the story admin list
  • Spam-X stats collection
  • Implemented password complexity rules
  • Reworked My Account account deletion - moved to its own tab with improved confirmation
  • Forum: New badge manager by Lee Garner
  • Forum: New ranks manager by Lee Garner
  • Implement Two Factor Authentication
  • Set proper cookie attributes on session cookie
  • CAPTCHA Updates to support CAPTCHA for login and lost password screens
  • CAPTCHA - fixed static image refresh
  • New API to support adding JavaScript to footer of page
  • Updated CKEditor to v4.8.0
  • New topic.class.php to streamline backend topic administration (Lee)
  • Several performance tweaks to SQL queries - removed several duplicate calls
  • If topic description is set - display the description below the breadcrumbs
  • New class .tm-topic-desc which can be used to style the topic description display
  • Consistency updates in how meta data was being populated
  • Add topic description (if exists) as the og:description meta data when viewing index page by topic (Lee)
  • Make album name in view media nav bar a link back to the album
  • Do not allow emojis in usernames
  • Improved error checking when retrieving group list for user
  • Added missing comment_indent configuration option
  • If 'Allow User Photo' was set to false, comments display had a broken image
  • Added siteconfig.php $_SYSTEM option to skip automatic upgrade check in Command & Control
  • Auto upgrade check in Command & Control could crash if invalid XML received from glFusion server
  • mailto: links in user administration list were incorrect.
  • New theme style class - .tm-list to allow more control over lists such as What's New or upcoming events

glFusion v1.7.1

glFusion v1.7.1 continues to resolve errors reported by our user community and to fine tune features to ensure a secure and stable CMS.

  • Don't override the label for User Menu in menu builder (Lee)
  • German Language updates from Matrox66
  • Bundled documentation formatting updates
  • PM link was missing from Forum topic view
  • Disable SP preview in Demo Mode (only when execute PHP enabled)
  • Handle missing files gracefully in FileMgmt
  • Delete story on expire did not call proper PLG hook to alert plugins of story removal
  • Filter queued comments from user profile list
  • Fixed redirect error after entering comments for filemgmt
  • Fixed issue where media gallery would include queued comments in the comment count
  • Increased story text size from ~64kb to ~16mb
  • Media Gallery - improved handling of missing thumbnails in pop-up video player
  • Forum - Anonymous user names were not displayed in topic view
  • [url] bbcode has html entities in link text
  • Sort topic lists by topic sortnum (story admin, block admin, etc.)
  • Fixed error when deleting a topic, only the first story in the topic would be deleted and then redirect to story admin screen
  • Fixed incorrect column name on ban removal call
  • Force theme to CMS and set allow_user_themes to false when upgrading from very old glFusion versions (prior to 1.5.0)
  • Slider widget did not use links if no caption given for a slide
  • Fixed error where story title / url were not set in the template prior to calling PLG_templateSetVars() which caused issues with some plugins (specifically SocialShare)

glFusion v1.7.0

Security Updates

glFusion takes the security of our code very seriously. Security is more than just a slogan to us, it is a core component to our development methodology. We regularly perform source code audits, run glFusion through web application security scanners, and run the source code through source code analyzers. Security threats are constantly evolving, so the development team must also stay diligent. As a result of our latest security audit and scan analysis, we have implemented several code improvements to prevent potential XSS (Cross Site Scripting) issues and other potential vulnerabilities.

There are several known vulnerabilities in the ImageMagick image processing library commonly used by PHP applications. glFusion now supports GraphicsMagick, a modern image processing library which provides the same functionality as ImageMagick. It is recommended that all sites using ImageMagick switch to GraphicsMagick. You may need to contact your hosting provider to determine if GraphicsMagick is available.

glFusion has always recommended and alerted that the installation files and directory should be deleted. This was always a manual step. With glFusion v1.7.0, there is now an option to automatically remove all the installation files and directories during the installation or upgrade process.

glFusion no longer uses a default password of password for the Admin account on new installations. The installation process now generates a secure password during the installation process.

It is highly recommended that all glFusion sites upgrade to the latest production release to ensure your site has all the latest security updates.


Story Video

You can associate a video to a story. The video will only be displayed when viewing the full article (default behavior, you can change the template if you wish).

Story - Show On Front page Until

glFusion has always had a feature that allowed you to 'archive' stories after a period of time. When a story is archived, it no longer shows on the front page of your site.

The drawback to the archive feature is that it moves the story to another topic, a special topic that has been designated as an archive topic.

To provide the ability to have stories roll off (no longer display) on the front page, but still remain in their original topic, we've implemented the On Front Page Until attribute. Now you can specify that a story should display on the front page until a specific date, at which time it will stop displaying on the front page but will still remain and display when viewing the topic it belongs to.

Topic Descriptions

Topics can now have descriptions. If a topic has a description, it will become the title text for topic links in stories.

Comment System

The internal comment engine has received a lot of attention during this release cycle. Some new capabilities include:

Comment Submission Queue

glFusion can now be configured to queue user submitted comments for moderator review before publishing. You now have the option to queue all comment submissions, or only those from anonymous (not logged in) users. There is also an option to allow trusted members to always bypass the submission queue.

Comment Edit

glFusion has long supported the ability for users to edit their comments after submission. We have enhanced the edit capability to allow site admins and comment moderators to edit a comment (both in the submission queue or published) and choose whether or not the Edited By line appears. Normal user comment edits do not have the option do the the 'silent edit'.

Comment RSS Feed Syndication

In previous versions of glFusion, you could only create an RSS feed for comments associated with Articles. Now you can include all site comments, or create a feed for a specific content type such as Articles, Pages, Downloads, etc.

Anonymous Comments Submissions

For users who are not logged, if you have configured glFusion to allow them to post comments, they must now enter a username. The Username field is also editable by comment moderators or site admins if needed.

New iteminfo: Auto Tag

We've added a new auto tag called iteminfo. This auto tag will return an attribute about a piece of content. For example, you can have it return the title of an article or a staticpage. Or you could return URL, description, date created, author or hits of any content item such as a wiki page, file download, media gallery item, etc. This provides a ton of flexibility to integrate items together.

Ad Block Support

We now offer some new programming interfaces to allow plugins to display Ad Blocks embedded in content. This allows plugins like Banner to easily integrate into glFusion's content without having to modify templates or do any manual setup.

Code Optimizations and Improved PHP v7.x Support

PHP v7.2 is now in Release Candidate. glFusion has been fully tested against the latest PHP v7.2 RC release, where we have mitigated the use of several depreciated PHP functions and implemented several code optimizations to ensure everything keeps working as it should on your site with the latest and greatest PHP releases.

We have also removed all dependencies on the outdated PHP PEAR libraries. All configuration settings related to Pear (Have Pear, Path to Pear, etc.) have been removed as they are no longer needed.

During our routine code audits, we identified and fixed several areas where the code could be optimized to improve performance.

As we continue to focus on improved support for current PHP releases and rely less on older, out dated PHP versions, we continue to modernize the internal glFusion code to take advantage of new and improved capabilities. This this release, we have moved most 3rd party code libraries (i.e.; Gehsi, HTMLPurifier, etc.) to Composer as a method to integrate these packages with glFusion. On the surface, you do not see any difference, but behind the scenes this makes maintaining these 3rd party integrations much easier.

We have also implemented PHP Namespaces where appropriate. This allows Plugins and other integrations to better interact with glFusion.

Generally these under-the-hood updates don't have any impact on how glFusion looks or functions, but it does drive improved performance, improved maintainability and the ability to keep 3rd party integrations up-to-date with the latest fixes and security updates.

An added benefit is that many times these type changes are high risk and require a significant amount of testing to ensure the code changes are done properly. This additional testing is always a good thing!

Bug Fixes

Through community feedback, we have identified and resolved several minor bugs in the code. See the full ChangeLog below for a list of all fixes and updates.


  • FileMgmt - Use file's mime type when downloading
  • New adBlock plugin api to allow plugins to integrate ads into glFusion's content - initial support for:
    • header
    • footer
    • stories
    • forum (both category list and topic lists)
    • media gallery (both index page album list and media item album list)
  • Forum - Lock / Unlock moderation options now included in moderator dropdown
  • Forum - New tm-forum-table-centerblock style to apply rounded corners to forum centerblock
  • Implemented PLG_outputFilter() API for stories and staticpages
  • Media Gallery - Improved styling on sub-album dropdown on index page
  • New [iteminfo:] auto tag
  • CAPTCHA - increase the number pool for the math captcha
  • Updated comment syndication feed to pull all comments instead of just articles
  • Allow non-logged-in users to specify a 'username' when submitting a comment
  • Allow silent edit for comment moderators / admins when editing a copy - prevents the 'Edited by' line from displaying
  • Forum Plugin - Improvements on how anonymous (non-logged-in) info displays in topics
  • New story attribute - on front page until - YYYY.MM.DD
  • New pop-up date / time picker for date / time fields
  • Block header templates - all updated to include block id if present
  • Block title is now optional
  • Calendar Plugin - fixed issue where personal events did not show properly in event block
  • Navigation breadcrumbs in topic / story view
  • BB2 implement improved search features in admin list
  • Plugin administration now only processes the Plugin selected when enabling / disabling
  • FileMgmt Plugin - Thumbnail upload would fail when adding new file
  • Forum Plugin - Wrap breadcrumbs on small devices
  • What's Related links now honor open external links setting
  • Removed Vintage theme from core distribution
  • Visual editor buttons would display on text input for comments
  • Implemented comment moderation queue
  • Add badge to moderation / submission queue icon on C&C to show items in queue
  • Improved forum formatting for lists, code, quotes
  • Reverse proxy (i.e.; CloudFlare) support for BB2
  • Removed all dependencies on PEAR modules
  • Basic support for structure data for articles
  • Improved error handling of embedded PHP in static pages
  • Upgrade check now uses alert classes (green, yellow, red) to highlight upgrade check results
  • Installation - Generate random password on new installs - no longer default password to 'password'
  • Installation / Upgrade - Option to automatically remove installation files
  • Topic deletion now uses standard glFusion APIs to remove a story
  • Topic Deletion now 'promotes' stories with an alternate topic. For example, if you delete a topic, generally all stories with that topic ID are also deleted. If a story that has the primary topic id of the topic being deleted and has an alternate topic, the story will be updated so the alternate topic becomes the primary topic and the story is not deleted.
  • Forum Plugin - Allow GeSHi Code block to be styled through configuration
  • Forum Plugin - Preview did not properly parse code blocks by language
  • Forum Plugin - Updated GeShi code formatting to use syntax highlights
  • Updated Linkify to work properly with later versions of PHP
  • Updated user profile preview screen to match standard user profile display
  • Update CKEditor to v4.7.2
  • Media Gallery: Add Enable HTML in title / description field to global album attribute editor
  • Encrypt smtp passwords in DB
  • Moved most external libs to Composer / auto load
  • Environment check now ignores depreciated PHP settings based on PHP version installed
  • Fixed issue where very large downloads could fail due to out of memory error
  • Update UIKIT library to v2.27.4
  • Several plugin updates to support new capabilities in PLG_getItemInfo()
    • Supports returning permissions on content items
    • Updates to support new Searcher Plugin
  • Updated htmLawed to v1.2.3
  • Update GeSHi Library to v1.0.9.0
  • Additional security protections for external links
  • Properly sort plugin menu in alphabetical order by label
  • FileMgmt - Fixed error where server side compression / caching could cause network failure error
  • General code optimizations
  • Update HTMLPurifier to v4.9.3
  • Updated gravatar link to be ssl / non-ssl agnostic
  • Links Plugin - link auto tag did not honor Open External URL in New Window configuration setting
  • Media Gallery - Removed HTML from hover caption on lightbox theme
  • Fixed search string highlighting in stories, forum and static pages
  • story rendering optimizations
  • Allow topics to have descriptions
  • Story Video support
  • Allow for alternate admin/ directory
  • Updated upgrade file removal to use proper paths if different from defaults
  • Static Pages - Fixed error where comments were not displayed when selecting a comment link from the user profile page
  • Forum - Now use configuration setting for remote IP lookup instead of nettools plugin (if it was available)
  • Themes - Added missing UI icons
  • Polls - Fixed issue where the bar width was not properly formatted if locale used a comma separator for decimals
  • Calendar - Fixed error where calendar submissions did not show in moderation queue
  • CKeditor - Set default font name / size in menu bar
  • Links - Make Validate Now link more prominent
  • StaticPages - Increased max size of page content from ~64kb to ~16MB
  • Bad Behavior - New whitelist / blacklist management via online interface
  • Bad Behavior - Performance improvements
  • Directory listing did not include alternate topics
  • What's New for stories did not display correct timeframe
  • Reorganized caching / template code into two separate files
  • Removed Published Slider in story editor - it did not degrade well on non-supported browsers
  • Forum - Improved formatting on non-digest email notifications
  • Forum - Add copy to clipboard for post permalink
  • Forum - Added tooltip (hover) for bookmark / remove bookmark
  • Media Gallery - new copy to clipboard for media id
  • CKeditor - Add SCAYT (Spell Check As You Type) to menu bar on all entry types
  • CKeditor - auto enable (start) SCAYT (Spell Check As You Type)
  • Added support for GraphicsMagick Image processing library
  • Updated auto tag editor to remove informational text when de-selecting PHP function option
  • Display appropriate error if upgrade checks cannot communicate with website
  • Additional checks to ensure environment check functions are available prior to calling
  • Polls - Fixed issue where vote count was not properly saved when editing existing poll
  • Comment formatting updates
  • Security Updates - Implemented several additional XSS protections identified through our on-going security scans
  • Fixed incorrect help text for Hide Story Date
  • Improved error logging for invalid / missing tokens
  • Add new error message that triggers when local (standard) login is disabled and user passes username / password only
  • Media Gallery: Update swfobject (used for legacy flash player / slideshow) to latest version (v2.3)
  • Media Gallery: Updated flash media items to play using MediaElementJS
  • Media Gallery: Replacing an image set exif flag to false, resulting in no meta data for the new image
  • Improved SQL error reporting
  • Fixed SQL error in calendar moderation view
  • Fixed old references to stmenu
  • Media Gallery: EXIF media date was not converted to user's timezone
  • Media Gallery: EXIF parser would crash on some Canon images due to invalid exif tag

glFusion v1.6.6

glFusion v1.6.6 is focused on bug fixes and stability improvements. The focus on this release cycle is to continue to polish the user interface and improve overall functionality.

Major Changes

Enhanced Installation / Upgrade

Additional environment validations are now performed during the installation or upgrade process to ensure the hosting environment is properly configured to support glFusion.

PHP v5.6 has now moved into security updates only mode, no active development. glFusion now recommends PHP v7.0 or greater as the minimum version of PHP. glFusion still supports running under PHP v5.3 or greater. It is not recommended to run under non-supported versions of PHP.

glFusion and all major plugins have gone through multiple releases where PHP v7 is properly supported.

3rd Party Authentication Selection Option

For sites that use 3rd party authentication modules such as LDAP, there is a new configuration setting to allow the standard, glFusion login to be displayed after the 3rd party modules.

Forum Plugin Enhancements

We have finally removed all the hard coded date / time formats used in the Forum plugin. Now the Forum plugin will use the glFusion date / time formats as configured in the glFusion → Language & Locale → Locale Tab. We also removed 2 date / time format configuration options from the plugin since Forum will now use the glFusion configuration settings for date / time. This should make it much cleaner and a little less confusing when setting up the site wide date / time formats.

Poll Plugin Enhancements

Polls can now have a description associated with them that will display immediately after the Poll Topic. The Poll Topic will now always display, regardless of the number of questions in a poll. Previously, the Poll Topic would not display if there was only 1 poll question.

The Poll Editor has been enhanced to use a tabbed layout to make editing much easier.

You can now view who has voted on a poll. Previous default behavior was to remove Anonymous vote records after a period of time - you can now set the timeout to 0 which will retain all anonymous voting records.

HTML Filtering Improvements

glFusion utilizes multiple tools to help validate and filter user entered HTML. We have two excellent filters available, htmLawed and HTML Purifier. The default is HTMLPurifier, but it requires well formed UTF-8 input. New with glFusion v1.6.6, we now detect the site's character set (i.e.; latin1 or utf-8) and set the HTML filter appropriately. If you have a site that is configured for latin1 encoding, glFusion will now always use htmLawed as the HTML filter.

htmLawed has been updated as well, with full support for HTML5.

Remote Login Enhancements

glFusion has always allowed your users to login using 3rd party OAuth services such as Facebook, Google and Twitter. If the user had a local account, you could merge the remote login account with the local account. We've enhanced the user preferences screen to make it clearer if an account has been merged and display the remote service. We've also added the ability to unlink a merged account. For example, if you had your account linked to your Facebook account and you finally had all you could take of Facebook and deactivated your Facebook account, you can now unlink Facebook from your glFusion local account.

Bug Fixes / Stability Improvements

General / glFusion Core Updates
  • New Plugin APIs to social integrations - allow plugins to override default share buttons
  • New Plugin API to infinite scroll - allow plugins to hook into new item load JS
  • Add Justify Block to the CKeditor toolbar
  • New 'Be the first to comment' message when no comments exist
  • Update OAuth library to v1.163
  • Add prerequisite check to plugin installs (prerequisite checks were only done on uploads)
  • Added sort: and order: options to headlines auto tag
  • Fixed custom language file overwriting LANG_MYACCOUNT which removed plugins from the user preference page
  • Twitter links did not honor open external links in new window setting
  • Improved error handling on user profile (improved error reporting)
  • Added new option to unlink a remote account from a merged local account
  • Fixed issue where remote account merge would display on already merged accounts
  • New visual slider for toggling Yes / No or On / Off settings
  • Improved HTML truncation - no longer orphans some opening HTML tags
  • Updated the video id detection in vimeo ckeditor plugin - resolves issue detecting id in embed code
  • Improved startup environment check to ensure required extensions exist and provide proper feedback if missing
  • Updated online help documents to include missing configuration items
  • Added rel=“nofollow” to What's New block entries
  • Display story summary at the top of the email story form
  • Fixed issue where help text did not display in configuration screen for items that were arrays
  • Ensure links in emailed stories are absolute
  • Allow Bad Behavior 2 functionality to be disabled in fusionrescue
  • Story editor improvements - moved sub-title and Published to primary heading tile.
  • Story editor - improved visibility of Published Toggle
  • Wrap mail story / contact user forms in a panel
  • Removed invalid UTF8 BOM marker from install English utf8 language file
  • Improved consistency on status / warning / error messages
  • Demo Mode updates
  • Cancel button did not cancel on forms with empty required fields
  • Additional environment checks (required PHP extensions) added to Environment Check
  • Additional environment validations (required PHP extensions) performed during install / upgrade
  • Updated German Translations - Matrox66
  • Fixed invalid button classes - modified type=“cancel” to type=“submit” - Matrox66
Auto Tags
  • Headlines auto tag now shows 'Continue Reading' prompt when introtext is truncated and there is no bodytext
Calendar Plugin
  • Removed hard coded date formats from calendar plugin
  • Fixed issue where CAPTCHA reload did not work properly for languages other than english
  • Updated reCAPTCHA library to v1.1.3
  • Improved error messages - no longer use generic 'invalid string' message for all CAPTCHAs. Use appropriate message depending on the type of CAPTCHA being used.
Forum Plugin
  • Significant optimization on the New Post query - builds the list with a single query
  • Added missing forum rankings to the topic view
  • Removed all hard coded date formats - now use glFusion data formats
  • Enforce “Allow IMG bbcode” setting in signatures as well as forum posts
  • Removed all hard coded data / time formats. Now the Forum Plugin will use the standard glFusion date / time formats exclusively.
  • Fixed issue where views / reply counts were not correct on search results
  • Disable text mode checkbox when using WYSIWYG editor
  • WYSIWYG tweaks - added spell check, maximize buttons - increased editor window to match height of non-WYSIWYG window
  • Improved handling of the edit post window and validation checks
  • Fixed incorrect pop-up message for forum attachments - images in lightbox stated click to download instead of view
  • Sort mood dropdown in alphabetical order
  • Rounded corners on topic list headers
  • Moderators were not displayed when configured to display
  • Do not prepend the “RE:” on reply subjects
  • Formatting improvements to Latest Post block
  • Fix on smiley replacement to properly escape text
  • Fixed HTML error in link editor
  • Updated URLs that reference external sites to use http/https agnostic views - resolves non-secure warning on SSL sites.
  • Improved integrations to social share - pass meta data to social engine
  • Updated URLs that reference external sites to use http/https agnostic views - resolves non-secure warning on SSL sites.
  • Fixed issue where Media Gallery search results did not link to the media item if the media item does not have a title
  • Media Gallery - disable add media if no albums exist
  • Media Gallery: media auto tag did not honor hidden album permission (created link)
  • Media Gallery: Do not allow access to hidden albums by non-owners
  • Random block did not link to media item
  • slideshow auto tag did not honor link: option
  • Fixed incorrect URL on Postcards - pointed to old gllabs site which is no longer associated with glFusion
  • Fixed hard coded language tags in media edit template
  • Search did not display thumbnails
  • Improved album page head layout
  • Removed duplicated comment link in Lightbox Media Gallery album theme
  • Improved responsiveness of lightbox and clean Media Gallery themes
  • Cleaned up interface for rebuilding / resizing images and thumbnails in Media Gallery
  • Additional checks in Media Gallery view templates to ensure prompts are not shown without data
Static Pages Plugin
  • Fixed error where hits were not shown if show last updated date was disabled

glFusion v1.6.5

glFusion v1.6.5 is a minor upgrade that adds some polish to a few features and squashes several bugs.

Major Changes

Static Pages Include in Menu Handling

In previous versions of glFusion, when selecting the option to Add to Menu on a static page, this would include the page in the built-in Plugins menu and also include it in the Static Page Menu types in Menu Builder. With glFusion v1.6.5, the default behavior has been changed to only include the static page in the Static Page Menu and not include in the Plugins menu type. There is a new $_SYSTEM configuration option in siteconfig.php to allow the old behavior if desired.

// +--------------------------------------------------------------------------+
// | Static Pages in Plugin Menu                                              |
// |                                                                          |
// | If the Add to Menu option is checked on a static page, that page         |
// | will be included on a menu of type 'StaticPage Menu'. If you also        |
// | want the page to display on the menu type of 'Plugins' (which was the    |
// | default behavior at one time), set this value to true.                   |
// |                                                                          |
// | NOTE: Clear the cache after changing this setting                        |
// +--------------------------------------------------------------------------+
$_SYSTEM['sp_pages_in_plugin_menu'] = false;

Migrated Debug Options from siteconfig.php

There are 3 debug options available in glFusion, Root Debug, Oauth Debug and HTML Filter debug, these were previously controlled by editing the siteconfig.php file. With glFusion v1.6.5, you can now turn these debug options on or off directly from the Online Configuration System (glFusion → Miscellaneous → Debug).

Page not Found (404 Errors) Handling

glFusion has always supported a 'custom' 404 page to be displayed when someone tries to access content that does not exist. New in glFusion v1.6.5 is the ability to use a static page (which is named _404). This allows you to easily modify and personalize how your site displays 404 - Page Not Found errors.

Global Story Move

There is a new option under the Global Story Editor where you can move all stories from one topic to another.

Forum as Main Index Page

The Forum plugin now has the option to take over the main index page of a site. Normally, the Forum Plugin is just another component of a glFusion site. But, you can make the Forum the main index page for glFusion by enabling the Replace Home Page option in the Forum's configuration.

This will replace the main glFusion index page with the Forum index page.

Forum Post Edits

In previous versions, when a user edited (changed what was already posted), there was no indication that the post was changed. In this release, if a user edits their post, the post will show “Last Edited on XX/XX/XX” in the footer of the message to highlight that changes have been made.

Also, the silent edit option (edit the post, but do not update the lastupdated field or note the post has been edited) has been removed for regular users and is now only available to forum moderators (including site admins).

Calendar Plugin

The Calendar plugin received a little attention during this release cycle. We've implemented a much better monthly calendar view which displays much better on smaller devices such as mobile phones. We also did a little rearranging on the calendar event entry screen, moving all the required fields to the top of the form to make entry a little easier.

Other Features

  • Forum plugin now stores last edited date/time and displays in the footer of the topic post
  • Required fields on input screens now have a small red border to denote they are required.
  • Support for auto upgrading plugins with custom directories
  • Integrated codemirror plugin into CKEditor
  • Several code / database optimizations - improving page load times and reducing server load
  • New character counter for text fields - provided by Buddilla
  • Added configuration option to open external links in new window
  • Updated fusionrescue.php to allow setting new debug options
  • Installations now log progress / errors in error.log

Bug Fixes / Stability Improvements

  • Media Gallery - removed depreciated online print option
  • Media Gallery - postcard entry / retrieve screens were not properly styled - styles with uikit framework
  • Media Gallery - removed hard coded language string from summary index page
  • Media Gallery - allow summary index page template to control whether owner name is used when no copyright name is available
  • Media Gallery - do not display language prompts when no corresponding data is available (i.e.; View or Media ID)
  • Always set style sheet load priority to ensure proper load order (thanks Matrox66)
  • Ensure admin lists use 100% of the available width
  • Fixed error handling in database administration functions - handle errors more gracefully
  • Added missing No data found messages to Bad Behaviour admin lists when lists are empty
  • Updated CKEditor to v4.6.2
  • Enhanced validation / error handling for comment entry
  • Polls - Display poll above comment entry form
  • Enhanced security checks when emailing users / stories
  • Left align remarks on poll results
  • Minor table structure updates to remove unused fields, properly align lengths on others
  • Forum - set locale header properly in topic review window
  • Added missing confirmations to cancel / delete actions in static page editor
  • Several layout tweaks in the forum and admin navigation to better support smaller viewports
  • Set error.log as default log to view on initial load of log viewer
  • Fixed error where exclude list did not always save properly
  • Media Gallery - Changed 'default' album theme to use UIKIT responsive layout
  • Media Gallery - Moved old non-responsive layout to new 'legacy' album theme
  • Media Gallery - Fixed error where pagination did not display when using a 1 column index
  • Media Gallery - No longer require MG user prefs to be enabled for link to member album to display
  • Media Gallery - if a replacement image was uploaded with a different extension, the replaced image was not physically deleted
  • Forum - Improved filtering / truncating of subject field
  • Forum - Update post time when silent edit is not checked
  • Fixed issue where no content to moderate message was not displayed properly
  • Improved error trapping and feedback in Global Story Editor
  • Forum - Removed footer on view topic - no need to display topic summary icons
  • Forum - Improved error handling on invalid topics
  • Forum - Fixed error where locked topic option did not appear on post edit
  • Forum - Fixed error moderating forums with question marks in title
  • Update Unite Gallery to v1.7.40
  • Consistent menus in database administration
  • Improved error logging during authentication
  • Additional validation on email addresses prior to sending
  • Update phpmailer to v5.2.22 - SECURITY Critical security update for CVE-2016-10033, CVE-2016-10045, CVE-2017-5223
  • Removed BB2 display stats option - no longer used but if enabled it performed some high load DB queries
  • Moved HTML filter cache directory under private_data
  • Several code / DB optimizations to improve performance
  • Improved filtering of user supplied data during login
  • General code clean up - fixed several references to uninitialized variables
  • Forum blocks did not use utf-8 safe functions
  • Update jQuery Validate to v1.15.1
  • Modified form validation to allow dashes on alphanumeric fields
  • Fixed error where keep unscaled images in stories, which enabled the lightbox view of the image, would cause all links in the story to open in a lightbox - solution provided by Lee Garner
  • Media Gallery - Do not display Static Sort option in album drop down if album has a specified sorting in album properties
  • Media Gallery - fixed error in static sort - descending sorts did not work
  • Tweaked logview display to remove leading space on first log file line
  • Fixed typo in topic listing that prevented correct sort order from displaying
  • Fixed bbcode signature preview to prevent invalid header errors
  • Forum - fixed formatting issue when previewing posts in HTML mode
  • Forum post edit did not properly show the checkbox status for disable bbcode, disable URL parsing and disable smilies
  • Forum post edit did not set sticky checkbox appropriately
  • Modified user story submit info panel - allow it to be closed
  • Fixed E_ALL error in usersettings.php - validate social follow me service is set prior to use

Theme Updates

There is a new @media query in style.css to increase the font on small screen < 768px. This new media query does 2 things:

  • Reduces the margin on small screen (less white space on the right / left of the page, essentially uses the full width of the device)
  • Increases the font on small screen to make text more legible.

There are some new styles in style.css to control the look / feel of the PHP Info block displayed on the Environment Check page. We found that older versions of PHP did not style correctly and were difficult to read (many times showing white text on white background). Forcing the styling resolves this issue. If you have a custom theme, you should copy the #phpinfo styles to your theme's style sheet.

New .required style to add the red border around required fields.

Several admin templates were updated to support the new character count function - please see the Template Updates page for full details on all template changes.

glFusion v1.6.4

glFusion v1.6.4 is a minor upgrade that fixes a few bugs.

Major Changes

  • Fixed a bug in the v1.6.3 installation that did not properly populate the HTML filter whitelist. This resulted in all formatting being removed from stories when saved. This only affects new installations of v1.6.3. Upgraded sites are not affected by this bug. v1.6.4 resolves this issue and correctly populates the whitelist for previous installations if needed.
  • CKEditor was upgraded to v4.6.1
  • Updated Spanish Columbia Translations from John Torro
  • Updated German Translations from Matrox66

Theme Updates

  • footer.thtml was updated to include the {copyright_msg} tag.

Bug Fixes / Improvements

  • Forum hint bubble no longer parses auto tags
  • Improved error checking on smiley replace in forum

glFusion v1.6.3.pl1

Minor patch level release to address the following issues:

  • mgslider auto tag cleanup
  • Forum: processing of auto tags, smilies and automatic URL generation were having collisions - urls being created by auto url parsing were then interpreted by smiley code - potentially creating a mess.
  • Static page editor did not display error messages in proper format (no styling)
  • Static page 'Add to Menu' option was not visible
  • Menu builder did not properly create static page menus

glFusion v1.6.3

glFusion v1.6.3 is a minor upgrade that contains several minor bug fixes.

Major Changes

Theme Updates

If you have created your own theme or have customized one of the standard glFusion themes, please read this section carefully - there are some important steps you need to follow to update your theme or customization!

We've improved how the footer is positioned when the content does not completely fill the view port. This makes the footer 'sticky' to the bottom. This update requires that you update any custom themes, and / or validate that any custom header.thtml and footer.thtml templates are updated appropriately.

We also improved the tool tip styling - see below for important updates to style.css.

UIKIT styling Update

glFusion uses UIKIT as our UI framework. UIKIT includes 3 standard styles, flat, almost-flat, and gradient. glFusion uses the gradient style as the default for the CMS theme.

Prior versions of glFusion allowed you to change the style by editing the theme's functions.php file and changing the $styleType variable. New in glFusion v1.6.3, this setting has moved to the siteconfig.php file located in the website's main directory (public_html).

See Customizing A Theme for more information.

Template Updates

IMPORTANT - The content area must be wrapped in the <div class="tm-content"></div> to allow for properly calculating where to place the footer. If you have a custom header.thtml or footer.thtml, please ensure you update them appropriately. You can look at the CMS theme's templates to see how to make the updates if needed.

JavaScript Updates


There is a new JavaScript file that needs to be in each theme. The new file is header.js which is located in the public_html/layout/THEMENAME/js/ directory. header.js contains the JavaScript used to position the footer at the bottom of the page.

If you have created a custom theme - please ensure you copy the header.js file from the layout/cms/js/ directory to your theme's js/ directory.


We have updated profile_editor.js, located in the layout/THEMENAME/js/ directory to call the pf() function defined in header.js - this repositions the footer to the bottom of the page as users tab through various parts of the profile editor.

If you have created a custom theme - please ensure you copy the profile_editor.js file from the layout/cms/js/ directory to your theme's js/ directory.


We have updated footer.js to better support the footer positioning.

If you have created a custom theme - please ensure you copy the footer.js file from the layout/cms/js/ directory to your theme's js/ directory.

style.css Update

A new style has been added that now sets the tooltip title color and font.

  .tool-title {

The tm-updating style has been updated as well:

  .tm-updating {
      background-image: url('../../images/throbber.gif');
      background-repeat: no-repeat;

What's Related / Story Options

The old story options, that would appear at the bottom of a story has been removed. The print, mail, and subscribe options now display to the right of the title, the same as the index view of stories.

Non-Logged-in User Group

There is a new automatic user group available - Non-Logged-in Users. Any anonymous (not logged-in) user browsing the site is automatically a member of this group.

UTF8 MB4 Support

glFusion has always defaulted to using the UTF-8 character set and collation for it's databases. With glFusion v1.6.3, we now fully support UTF8 MB4 - which allows for all characters. If your database and glFusion site are already configured for UTF-8 encoding, upgrading to UTF8MB4 is very straight forward. If your site and / or database is not currently configured for UTF-8, you cannot upgrade to UTF8MB4 directly.

UTF8MB4 supports all language characters and all unicode characters, such as emojis from iPhone and other mobile devices.

If you site is currently using UTF-8 encoding, see the Guide to Upgrading to UTF-8 MB4.

It is very important that you update all your plugins to the latest version prior to upgrading to UTF8MB4. Due to additional storage requirements of UTF8MB4, several plugins needed to be updated to handle their table indexes to ensure compliance and support for UTF8MB4 requirements.

New RSS Widget

We've added a new widget to the mix - An RSS news ticker. See the RSS Ticker Widget docs for more information.

New Plugin API - PLG_getWhatsRelated()

A new plugin interface has been added to allow plugins to replace the What's Related section in the story view. A new Tag Plugin will be released that takes advantage of this interface and provides a much more robust what's related content.


  • Updated German translations provided by matrox66 - Thank you!!
  • Media Gallery [media] and [album] auto tags now produce responsive images
  • Twitter OAuth login now returns email (provided the Twitter user has validated their email)
  • Removed 'story options' section from full article view - mail, subscribe and print options now display in the title area like they do in the index story view (summary view)
  • Improved sticky footer - calculation for footer position improved See theme notes above
  • Much improved UTF8MB4 support - including an upgrade utility to convert existing UTF-8 MySQL tables to UTF8MB4
  • Created master core configuration data file - reference it as a single source for maintenance during upgrades
  • Updated fusionrescue to allow resetting login methods field
  • Improved the visual cues when backing up large tables
  • Ability to ban / block IP ranges with Bad Behavior2 plugin
  • Added Database information to Environment check screen
  • Added RSS Ticker widget
  • Updated Unite Gallery (used by Media Gallery plugin) to v1.7.37
  • Updated Media Element (HTML5 responsive video playback) to v2.23.4
  • Updated CKEditor to v4.6.0
  • Update UIKIT to v2.27.2

Bug Fixes

  • Fixed hard coded language text in Story Editor and Bad Behavior plugin
  • Automatic URL parsing (used in forum posts) now add rel=nofollow attribute to url
  • Fixed minor errors in lib-admin where programmed no-data text did not always display properly
  • Fixed issue in Bad Behavior plugin where log ids were not properly set for logged messages
  • Fixed issue where plugin updates would upload but not upgrade automatically
  • Updated tooltip JS to properly parse titles
  • Styled the tool-tip title
  • Forum Plugin - improved WYSIWYG editor integration - better support for site styles
  • Moderation System - enabled check all capability for submission lists
  • Media Gallery: Alternate URL support did not function properly on auto tags
  • Media Gallery: Info icon would not open modal on mobile devices
  • Media Gallery: jhead support was broken
  • Plugin upload did not properly validate plugin.xml file was located - assumed to be in first directory found
  • Media Gallery: EXIF/IPTC admin screen - check all / uncheck all did not function properly
  • Updated fusionrescue to allow resetting login methods field
  • Installation validates database charset
  • Improved the visual cues when backing up large tables
  • Fixed typo in Forum posteditor.thtml template which prevented the admin options from showing
  • RSS feeds did not use attribution author when available
  • Story view count was not displaying when configured to do so
  • Fixed error with adding new keyed configuration items in the online configuration manager
  • Fixed incorrect path in environment check for lck files
  • Fixed issue where system messages with double quotes would not properly display
  • Moved off-canvas menu template out of custom/ directory to menu/ directory
  • Links auto tag did not honor link / category permissions
  • Media Gallery: Add 'height' parameter to mgslider autotag
  • Media Gallery: Make slideshow link a button

For a full list of template and style.css changes for this release, please see the Template Changes matrix.

glFusion v1.6.2

glFusion v1.6.2 is a minor upgrade that contains several minor bug fixes.

Major Changes

Non-Logged-in User Group

There is a new automatic user group available - Non-Logged-in Users. Any anonymous (not logged-in) user browsing the site is automatically a member of this group.

Auto Tag Permission Editor

glFusion has the ability to control where an auto tag can be used. In previous versions, you had to edit each auto tag's permission to turn on / off content areas where it was allowed. This approach was cumbersome at best. With glFusion v1.6.2, we have a new Auto Tag Permission editor where you select the content area (for example, forum - posts), and then select the auto tags you wish to allow in that content space.

Improved Plugin Uploads

glFusion now supports uploading plugins directly from GitHub (or any repository) archives. Prior versions of glFusion enforced a very strict set of rules on how directories were names, etc., which would cause plugin uploads to fail unless they were rebuilt using the strict rules. Now you can pull the latest version of a plugin directly from GitHub and upload it to your glFusion powered site.

Password Reset in fusionrecue

You can now reset passwords in the fusionrescue utility.


  • Updated Exifer library bundled with Media Gallery
  • Updated getID3 library to latest upstream release
  • Modified Admin menu layout to hide instruction block by default - new ? icon to toggle view
  • Improved DB admin completion notifications
  • Improved error handling on plugin uploads
  • Improved auto tag handling in search results
  • Added check / warning if PHP version past end-of-life for environment check and upgrade check pages
  • New auto tag permission editor
  • New [url:] auto tag
  • Added a warning in environment check and upgrade checker if site is running an older, no longer supported PHP version
  • Removed filecheck feature
  • Improved handling of auto tags in search results
  • Enhanced the obsolete file removal screen - show a modal confirmation if admin chooses to skip file removal
  • Enhanced user about field to allow auto tags
  • Plugin upload has been extended to now detect and allow uploads of plugin distributions directly from Git repositories
  • Implemented Non-Logged-in User group support - allows groups to now include non-logged-in users
  • Added Driven by glFusion CMS to footer below site copyright (footer.thtml)
  • fusionrescue can now reset passwords

Bug Fixes

  • Fixed several E_ALL PHP warnings dealing with plugin installation / upgrades
  • Fixed issue where temporary plugin directories were not removed if admin cancelled plugin upload
  • Corrected several areas where the wrong instance cache name was used when clearing the cache
  • Plugin uploads now handle errors much better
  • Updated MediaElement to v2.23.1
  • Fixed issue where stories loaded via infinite scroll did not display responsive content correctly
  • Removed dependency on PEAR Archive library - it was not PHP 7 compatible
  • Added missing #comments component to URLs in story templates
  • Fixed incorrect column header in global story attribute editor
  • Media Gallery - did not honor the album configured sort order
  • Media Gallery - long titles would push the admin menu down off navbar
  • Forum - fixed issue where quotes in forum post subject where replaced with &quote;
  • Media Gallery - Fixed issue in album edit - unable to set group ownership due to wrong template var name being used
  • Fixed issue with message handling (i.e.; … saved successfully) interaction with plugins
  • Media Gallery - MP3 playblack - fallback to flash player would fail
  • Polls Plugin - Update to v2.2.1
    • Fixed issue where poll voter data could be overwritten
    • Fixed issue where poll voter data was being purged incorrectly (uncommitted - in test)
    • Fixed issue where deleting a poll did not delete the corresponding voter data
    • Fixed layout so poll URL does not push beyond the container (issue shows up when display in poll block)
  • headlines auto tag - panel template was missing a closing </div>
  • Story instance - dynamic auto tags would get cached and no longer be dynamic
  • Fixed issue in version check where it did not properly detect pl versions

For a full list of template and style.css changes for this release, please see the Template Changes matrix.

glFusion v1.6.1

glFusion v1.6.1 is a minor upgrade that contains several minor bug fixes and a few overall functionality enhancements.

Major Changes

Menuing System

In prior versions of glFusion, the off-canvas (or mobile) menu required that you have the menu toggle in the header.thtml file, so it was always a 2 step process to implement an off-canvas menu.

With glFusion v1.6.1, the off-canvas menu template now includes the menu toggle, which makes it completely self contained. This is beneficial if you wanted to implement an off-canvas menu using an auto tag.

Database Administration

glFusion v1.6.1 implements a new database backup engine, which replaces the old system that relied on calling MySQL utilities directly. The database backup engine, provided by Lee Garner, allowed us to implement an ajax driven backup method that is now interactive, showing a nice progress bar as it backs up your database. This also solves some issues where the page would timeout trying to backup a large database.

We have also improved some of the other database administration features implemented with glFusion v1.6.0. Specifically, you can now convert your database tables to / from MyISAM or InnoDB formats through the glFusion administrative interface. These functions have also been made interactive to show progress as the conversion moves forward. The system is now smarter and will only show conversion options that are available. For example, if you database tables are already in MyISAM format, the option to convert to MyISAM will not be shown.

Improved Security Token Handling

glFusion uses security tokens to help ensure stories, staticpages, and forum posts cannot be exploited by spammers or bots. The downside to this security measure, is that tokens have a defined lifespan and if you spend too much time creating a post, the token expires. You are prompted to re-authenticate. Depending on how long the token has been expired, there was always a possibility that the post could be lost.

With glFusion v1.6.1 we have implemented two new features to help resolve this problem and provide a much better user experience.

Automatic Token Refresh As you are entering data into your posts (story, staticpage, or forum post), the security tokens will automatically refresh in the background, ensuring they do not expire as long as you are editing.

Activity Timer If you are idle for too long while entering a post (off researching in another window, etc.), glFusion will now alert you after 15 minutes of inactivity that your session is close to expiring. Once you close the alert, the security tokens will automatically refresh.

Template Changes

There have been several templates that have been tweaked to improve the overall style. There are a few key template changes needed to support the new functionality above - if you have customized any of these template, please be sure to update your custom template with the new code.

header.thtmlRemoved the off-canvas menu toggle. Move the {{!autotag:navigation_mobile}} tag inside the <nav></nav> structure
storyeditor.thtmlImplemented the token refresh and activity timer
editor.thtmlStaticpage editor - implemented the token refresh and activity timer
ckeditor_story.thtmlImplemented the token refresh and activity timer
ckeditor_sp.thtmlImplemented the token refresh and activity timer
posteditor.thtmlForum post editor - implemented token refresh and activity timer


  • Database Administration Enhancements
    • Database Backup improvements - no longer relies on calling external programs. Nice visual progress bar showing status of backup.
    • Enhanced detection of current storage engine, only show conversions for items that are allowed
    • Ajax driven conversions, optimizations, and backup. Provides status bar show progress of action.
  • Updated UIKIT to v2.27.1 - UIKIT is the standard user interface framework leveraged by glFusion.
  • Support for Twitter Cards meta data for articles
  • Outbound email style improvements - much better support for desktops to mobile devices. Emails add a little polish to the user interaction.
  • Improved informational messages display - for UIKIT based themes it now uses a notify modal that will automatically close - timing and location can be configured in the Advanced Configuration settings available in the siteconfig.php file
  • Polls Plugin Updates
    • Record the user id of voters to prevent users from voting multiple times
    • Add option to allow only logged in users to vote on a poll (anonymous users are show the poll with a message that Login is required to Vote).
  • Stories can now have external attribution - useful for sites that aggregate content from other sites - allows you to give credit to the original author and site
  • Admins can now use SVG icons for topic icons
  • Block titles can now include a limited set of HTML - allowing for including UIKIT icons in the block title
  • Menu items can now include a limited set of HTML - allowing for including UIKIT icons in the menu labels
  • Added storyimage: parameter to headlines auto tag - 0 = pull stories without a story image, 1 = pull stories with a story image, 2 = pull everything, don't care about whether story_image is there or not
  • Improved theme's function.php handling, you can now have a custom/functions.php that is also included after the theme's main function.php
  • Added ability to use negative {!if } statements in templates - for example {!if !story_image} - this equates to if the story_image variable is NOT set, do the following…
  • Search feature for online configuration
  • Removed all PEAR HTTP2 dependencies
    • Converted final HTTP2 in SFS module to use http.class.php
    • Converted pingback / trackback libs to use http.class.php
  • Set alpha preserve in GD libs for all image work one area already had the alpha preserve option - now included in all areas where an new image is created.
  • Media Gallery Improvements
    • Implemented HTML5 playback for MP3 files
    • Implemented AJAX driven thumbnail resize and display image resize
    • Improved random image block - larger thumbnail with less white space
    • Improved grid layout for gallery and album page
  • General User Interface Improvements
    • Modified article title line spacing to better support wrapping
    • Set font weight to 700 for article title
    • Modified the scroll to top widget to use a slightly smaller square
  • Environment check now checks for additional PHP extensions that are required by glFusion
  • Allow Token TTL (Time to Live) to be configured in siteconfig.php
  • Implemented timer for forum, story and static page editors that will refresh security tokens during long editing sessions and alert when inactive for 15 minutes.
  • Improved Off Canvas menu implementation (Thanks to Rocky for inspiration). The menu navigation toggle is now part of the off canvas menu template making it properly self-contained.

Bug Fixes

  • Last comments in user profile page did not include all comments
  • FileMgmt plugin did not allow for downloads of files with spaces in the name
  • LinkedIn Authentication would fail due to permissions issue with Oauth request
  • Articles with quotes in the title would break the Disqus comment integration
  • Fixed issue where reCAPTCHA theme setting was not honored
  • Spam-X Link Counter did not always skip internal links
  • Better error handling when story submission fails
  • CMS theme HTML 5 validation tweaks
  • Fixed issue with new activation form in CMS theme - extra closing div was removed
  • Media Gallery: Fixed issue where the original filename was not always properly captured on upload
  • Media Gallery: Fixed error where the download option did not work properly if the site was configured to discard original images
  • Fixed error where the What's New block would always display regardless of the Hide What's New when empty setting
  • Media Gallery - Comment / Comment count was shown twice for archive media types
  • Fixed issue where the interactive ajax component for the polls_vote auto tag did not work in forum posts
  • Fixed issue where the static pages plugin would not return the correct URL for 3rd party comment integration
  • Fixed issue where topic icon support was not complete in the CMS theme
  • Remote auth user's with merged accounts could not change their password
  • StaticPage Editor and Story editor would add <i> when switching between visual and HTML
  • SFS Misc module has an invalid break statement
  • Media Gallery configuration - Enable Member Album setting not available in CMS theme Issue: #134
  • Fixed error in FB Oauth Login where it would not retrieve user's email for API v2.4 and above.
  • Fixed error where topic id was not used as filter in global story attribute editor Issue: #130
  • Trackback button missing on the trackback admin page
  • Several PHP 7 updates to support ping, pingback and trackback
  • sectest did not properly detect non-standard directory names
  • Scroll to top of page widget did not always show on initial page load
  • Media Gallery - fixed several layout issues where media items did not properly center
  • Media Gallery - improved summary index page (media-fi.thtml) - removed hard coded strings - set copyright / artist variables properly
  • Fixed incorrect detection of the Google+ username for some instances where Google+ URL does not have a plus sign (+)
  • Media Gallery - fixed typo in view_image, view_audio, and view_video.thtml templates - the language tag for download was incorrect.

For a full list of template and style.css changes for this release, please see the Template Changes matrix.

glFusion v1.6.0

glFusion v1.6.0 is a major upgrade that continues to build upon the foundation from the v1.5.x releases. This release continues to fine tune glFusion with several bug fixes. There are several new features and significant updates to existing features as well.

Major Changes

The following updated items could impact your site if you have done any customizations in these areas.

PHP v7.0x Support

glFusion fully supports PHP v7.0.x. This will also be the last release that will support older, end-of-life versions of PHP. Future glFusion releases will require at a minimum, PHP v5.5x (possibly v5.6x) or above. The graphic below illustrates the current support for older versions of PHP. The green represents active support and the orange represents security fix support. As you can see, PHP v5.3 and 5.4 are no longer supported and PHP V5.5 is nearing end-of-life for security fixes.

Social Integrations

New in glFusion v1.6.0, is an integrated, lightweight social share feature. glFusion includes several pre-defined social sharing services, such as Facebook, Twitter and several others. You can enable which services you want to support and then social sharing icons will automatically appear for items that support sharing, such as stories, media gallery items, etc.

This is the initial implementation, in future releases, based on feedback from the community, we will be enhancing this system to include additional services and the ability for user defined services.

Follow Me Integration

glFusion now has the ability for each site user to define their username for several popular social media sites. The sites the user has enabled, will now have Follow Me icons on their glFusion profile page.

Site Administration Tweaks

When performing site administration tasks, such as managing users, stories, or pages, the interface will now remember your list settings such as sort order and filters. For example, if you have sorted the User List by ID in reverse order (showing newest users first), then edit a user, when you save and return to the list, glFusion will remember the sort order, page, etc.

Menuing System

With glFusion v1.5.0, we moved to the UIKIT framework for the look and feel. UIKIT supports dropdown menus, but it is limited to only 1 level, it does not support multi-level menus. With the release of glFusion v1.6.0, we have replaced the native UIKIT menu system with SmartMenus. SmartMenus provides many capabilities and works well with unlimited levels of menus.

Better Login Redirection

Since glFusion provides a login button in the header menu, a user can be anywhere on your site when they choose to login. glFusion will now remember where they were (what page they were viewing) and return them to that page after successfully logging into the system.

Database Administration Features

glFusion has always allowed you to backup your database, now with glFusion v1.6.0 you can perform some routine database administration tasks, including backups, optimizing the tables and converting your system to use InnoDB tables, which on larger more active sites can provide a performance boost.

Infinite Scroll

When viewing a list of stories, for example, on the home page, you now have the ability to let glFusion automatically fetch another group of stories when the user scrolls to the end of the page.

Improved Slider / Rotator

With glFusion v1.6.0, we have migrated the slider capability to the Nivo-Slider jQuery Addon. Nivo-slider has been around for a while and is one of the most popular implementations around. Nivo-slider provides lots of flexibility, along with a very small footprint, and fully support responsive layouts used by glFusion.

We have implemented this new slider widget to be backwards compatible. For more details on implementing the slider widget, please see the Slider Documentation.

More Flexible Widgets

Widgets provide a very quick and simple way to build some cool visual tools for your site. New in glFusion v1.6.0 is the ability for you to specify a custom template to use when building the widget. This gives you the ability to make simple modifications to the bundled template to change a feature of the slider or other widgets.

Story System Improvements

When editing a story, you now have a set of 'quick buttons' available that are always visible. These buttons provide quick access to the Save, Preview, Delete, and Cancel tasks.

We've also added a new administrative feature where you can now globally (or by topic), set specific attributes on stories. For example, you can enable or disable comments on all stories or all stories in a topic.

Stories can now have an attached story image. The story image adds a lot of new capabilities. For example, when sharing a story via social media, this image will be used by the social media site. You can have the story image display on the index page, but not when viewing the full story. Or you can have the image display as part of the story. The story image is really beneficial when using the new headlines (see below) auto tag.

Stories can also have a sub-title. Sub titles can provide some additional capabilities when using the headlines auto tag, such as displaying on the story image, etc.

When viewing stories, if the author has provided information in their About Me section of their profile, a new About Author box will show at the end of the article. If the author has also provided their social follow me information, their follow me icons will be included.

3rd Party Comment Support

Ability to fully integrate Disqus and Facebook Comments into glFusion.

Installation & Upgrade Features

Rewritten to conform to new styles.

Interactive Voting with Poll's auto tag

Now, when a poll is embedded in a story or static page using the poll_vote auto tag, the user can vote 'interactively' so they never have to leave the story.

Static Page Preview

We have implemented the ability to preview pages in the Static Page editor. This works exactly like the story preview feature.

Enhanced Video Playback Capabilities in Media Gallery

Implemented Media Element video playback. HTML5 audio and video players in pure HTML and CSS with custom Flash and Silverlight players that mimic the HTML5 MediaElement API for older browsers. Fully responsive and provides a rich video playback capability across a wide range of devices and browsers.

Template Changes

We have touched almost all of the template files to tweak the overall look and feel. But there are some key updates that you will need to replicate if you have any customized template files. Please review the Template Changes matrix to determine if you need to update any custom templates.


System Wide Updates

  • glFusion fully supports PHP v7
  • New integrated social sharing feature
  • New integrated social follow me feature
  • Improved admin lists, such as user list, to remember current sort order and filters
  • Improved redirection after login (remember where user was and send them back there)
  • Improved menu system - better styling and full support for multi-tiered menus
  • Improved layout on mobile devices in several areas
  • Enhanced database administration capabilities - backup, optimize, and convert to InnoDB
  • Automatically load more stories when viewing on the home page or when viewing list of stories in top. As user scrolls to the end of the page, glFusion will automatically fetch another group of stories.

Widget Updates

  • Implemented Nivo-Slider for the slider widget
  • Widgets have been rewritten to support templates (and the ability to specify custom template)
  • Added a new UIKIT based slider

Story Updates

  • Story Administration
    • New 'sticky' buttons for Save, Preview, Delete and Cancel - always visible
    • Stories can now have sub-titles
    • Stories can now have an attached 'story image' - this image (if set) will be used when sharing a story. The story image also provides the ability to show an image when viewing the story list, but not display when viewing the story content.
  • New headlines auto tag which brings a tremendous amount of flexibility and capabilities to how story lists are displayed
  • New global attribute editor - allows you to globally (or per topic) set specific story attributes such as comment enabled, etc.
  • About author block at the end of each story - if the author has provided input to the 'About Me' section of their user profile, this block will be displayed
  • New CUSTOM_whatsRelated() support - the ability to hook into and replace the current What's Related list for a story

Comment Updates

  • General improvements to the overall styling of the comment section
  • Ability to use 3rd party engines (i.e.; Disqus and Facebook comments). This will completely replace the internal comment engine.

Menu System Updates

  • Implemented SmartMenus JS System
  • Improved overall styling - SmartMenus automatically sets menu dropdown width and automatically wraps items as needed
  • Full support for unlimited levels
  • Enable target window for external URLs in the menu editor

Installation & Upgrade

  • Re-themed the installation/upgrade system to follow the new UIKIT look / feel
  • Improved error reporting - much better error reporting to help diagnose any install issues
  • New success page with alerts to provide key information that site admins need to know when upgrading
  • Automatically update siteconfig.php with any new features / options
  • Automatically remove obsolete files from the glFusion directories

Polls Plugin Updates

  • poll_vote autotag supports Ajax voting to allow users to vote without being redirected from the story or whatever they are viewing with the auto tag

Media Gallery Plugin Updates

  • Enhanced Video Playback Capabilities in Media Gallery
  • Implemented UniteGallery - a general purpose responsive gallery jquery plugin
  • newimages auto tag - display latest images in a cool flex grid that auto sizes images to fit the current viewport
  • Ability to set 'Use HTML' option per album (instead of global)
  • Ability to prevent media gallery auto tags from using height / width parameters - allows to scale to available space and supports responsive views much better

CKEditor Plugin Updates

  • New image manager- FileMan
  • Vimeo embed plugin

FileMgmt Plugin Updates

  • Fixed bug that caused download file size to be bloated when downloading over SSL

Static Pages Plugin Updates

  • Added preview option to editor

CAPTCHA Plugin Updates

  • Removed Are You a Human CAPTCHA option (service has shutdown)

glFusion v1.5.1

glFusion v1.5.1 is a minor upgrade to our major v1.5.0 release. This release continues to fine tune glFusion with several minor bug fixes. The only major feature in v1.5.1 is the increase of story and static page IDs from 40 characters to 128 characters.

Major Changes

Story, Static Pages, Links, and Polls IDs

We have expanded the length of the IDs from 40 characters to 128 characters. This should allow plenty of space for descriptive IDs to help improve URLs for stories and static pages.


  • Removed custom.css included in Vintage theme
  • Fixed typo in menu editor template (CMS) that prevented saving menu settings
  • Expand story id, link id, staticpage id, and poll id to 128 characters
  • Removed text shadow from off-canvas menu items
  • Updated story id input to limit sid to 40 characters
  • Fixed layout issue on search screen that breaks layout on small devices
  • Added chronometer.js (gl_moochronometer.js replacement) to vintage theme
  • Fixed error in CMS theme that prevented Link titles from being entered
  • Update youtube autotag to allow responsive videos when using UIKIT themes
  • Fixed uninitialized variable error in youtube auto tag
  • Fixed template issue with story meta data showing leading | in when author line is not displayed
  • Removed text shadow on tab labels
  • Fixed spelling error in CKEditor plugin
  • Fixed polls plugin would error when submitting vote
  • Fixed bug where stories could not be saved in draft mode
  • Minimum username setting was being applied to existing users, preventing users with short username from logging in
  • Added floatleft / floatright styles to CMS theme to support proper wrapping on [imageX] tags in stories
  • Fixed error where both username and email were required on the forgot password screen. Now only requires one or the other

glFusion v1.5.0

glFusion v1.5.0 is a major upgrade release which includes several core changes you need to be prepared for during the upgrade. Major changes include:

  • jQuery is now the standard JavaScript library. We have migrated all Mootools functions over to jQuery. This includes the widget functions such as the slider.
  • Bad Behavior2 plugin has been more tightly integrated into the core glFusion code. The BB2 configuration is now handled in the glFusion online configuration. This means you will need to re-enter your configuration options (if you had any) into the online configuration. Bad Behavior has also been enhanced to allow site admins to ban IPs. When upgrading to glFusion v1.5+, you should disable or remove the BAN plugin if installed.
  • A new responsive theme has been added to glFusion. The theme is built using the UIKIT Framework.

Major Changes

PHP and MySQL Minimum Required Versions

The minimum required PHP version is now PHP v5.3.3 or greater - Please validate you have PHP v5.3.3 or greater available on your server before upgrading.

The minimum required MySQL version is now MySQL v5.0.1 or greater - Please validate you have MySQL v5.0.1 or greater available on your server before upgrading.

JavaScript Library - Move to jQuery

jQuery is now the standard JavaScript library for glFusion. This means any existing widgets you have in place, such as the image slider or the tab slider will need to be updated to work with jQuery.

To ease the transition - we have kept the Nouveau theme in place, and it continues to use the older MooTools JavaScript library, so existing sites can easily migrate over to the new jQuery widgets as time allows.

glFusion ships with 3 themes - Nouveau - which supports MooTools widgets, 'Vintage' which maintains the same look and feel of Nouveau, but is jQuery based and finally 'CMS' which is a UIKIT based responsive theme, and the primary theme for glFusion going forward.

See the Widget Library documentation for details on how to implement the new widgets.

Bad Behavior2 Plugin

The Bad Behavior2 (BB2) plugin has been more tightly integrated into the glFusion core code. The advantages of this is that it allows BB2 to filter traffic very early in the page building process, which greatly reduces site load if the request is ultimately blocked.

The BB2 configuration options are now available through the glFusion online configuration administration screens. If you have entered any configurations in the bad-behavior-glfusion.php file, you will need to re-enter this information into the online configuration.

BB2 has a new feature where IP addresses can be banned. This supports manual bans, where you enter the IP address to block and also automatic banning (which is a temporary ban) certain activities can cause an IP to be temporarily banned.

Automatic banning has been integrated with CAPTCHA, where you can enable glFusion to automatically ban an IP if it fails the CAPTCHA challenge 5 times within an hour. This is a great way to prevent automated Bots from continuing to use up your system resources as they try to register new accounts.

Automatic banning has also been integrated into the glFusion Cross Site Request Forgery Protection. If a client attempts to post to a form and the referring URL does not have a proper CSRF (Cross Site Request Forgery) token in the system, the IP is automatically banned (temporary ban) for 24 hours.

Automatic banning is disabled by default. You can enable it by turning on the feature in Command & Control → Configuration → Spam / Bot Protection.

The BB2 Log Entry screen now has the ability to filter the view based the reason the IP was blocked. This is a great way to quickly see how many requests were blocked for a specific reason.

Alternate Topics

Each story can now have a second, alternate topic assigned. We've run into many cases where it would be convenient to have a story appear in more than one topic.


  • Several security enhancements throughout the code
  • Static Pages: Fixed blank page format to no longer include header / footer.
  • Spanish Colombia translations provided by John Toro
  • Static Pages: add where:home or nohome to autotag
  • Add alternate topic support
  • Media Gallery: Fixed error where pop-up video would not play
  • Fixed issue where 3rd party authentication fails if username is too short.
  • Truncate Forum signature at 600px to ensure a signature cannot push out the layout.
  • Media Gallery: Added support for square thumbnails
  • CKEditor - Updated to v4.5.1
  • FileManager (CKEditor) - Updated to v2.2.0
  • Forum Plugin: Fixed issue where forum name was passed via URL (not needed)
  • Updated reCAPTCHA to support Google's latest API (v2)
  • Modified Bad Behavior Plugin to be more efficient - uses less system resources.
  • Modified Bad Behavior Plugin to support banning IPs both permanently and temporary
  • Modified CAPTCHA to support automatic banning (for 24 hours) when 4 failed attempts.
  • Fixed error where Static Pages comments did not show up in search.
  • Fixed issue where editing a comment on a plugin would cause a 404 error on save.
  • Fixed a search error that would trigger on certain search words.
  • Only show allowed HTML tags when postmode is HTML
  • Implemented plugin version dependency check - Lee
  • Fixed issue with What's new block duplicating data
  • Disable exist check on auto tag upload
  • Implement og:image tag for stories
  • Implemented the ability to merge remote to local users from the user preference screen.
  • Implemented PLG_moveUser() to support account merging
  • Allow remote authenticated users to be moderated (queued)
  • Rewrote all processes using PEAR HTTP Request2 to use the new http class
  • Update 3rd party libraries to latest releases:
    • geshi Library
    • getID3
    • htmLawed
    • HTMLPurifier
    • http class
    • oauth class
  • Static Pages - fixed autotags so they do not override the page title
  • Implemented HTML filter debug option
  • Fixed user submitted story form to show allowed items at the bottom of the form
  • Bumped MySQL requirement to 5.0.1 as the minimum
  • Bumped PHP requirement to v5.3 as the minimum
  • New 'default' theme - based on Nouveau but uses jQuery as JS engine
  • Revamped how scripts are loaded…
  • Implemented new jQuery widgets
  • Fixed error in youtube autotag where it would log parse errors
  • Migrate all Mootools functionality into the Nouveau theme
  • Reworked how embedded story images are handled
  • Cleaned up allowed html / allowed auto tag display on story and comment entry
  • Comment edit now takes you directly to the comment entry area
  • HTML filter now allows you to specific both element and attributes
  • Privacy policy and Terms of use now implemented as static pages
  • Support for PHP v5.3+ unlimited post size

glFusion v1.4.3

glFusion v1.4.3 is primarily a bug fix release, which resolves some minor issues identified with the previous release of glFusion.

Major Changes

The CAPTCHA plugin has received several updates in this release:

  • Removed PICATCHA support - the PICATCHA service has decided to shut down, as a result they are not allowing any new sign-ups.
  • Implemented the Are You A Human PlayThru™ CAPTCHA alternative. PlayThru allows the user to complete a simple, interactive game to validate they are not a bot.
  • Implemented a simple math equation CAPTCHA - users solve a simple math problem to complete sign-up or form submissions.
  • Implemented a Honey Pot field to help identify bots.

If you were using PICATCHA, the upgrade will automatically disable that option and enable the simple math equation option.

Please go into the CAPTCHA configuration to adjust the settings to meet your needs after you upgrade to glFusion v1.4.3.

Functional Changes

Caching algorithms have been significantly reworked to provide much better support for high traffic systems. This should prevent any concurrency issues where two ore more processes are attempting to write to the same cache file simultaneously.

Configuration Changes


The CAPTCHA plugin configuration options were updated to support the following:

  • Removal of PICATCHA option
  • Addition of the Are You a Human option
  • Addition of the Math Equation CAPTCHA option

Template Changes

The following templates were modified with glFusion v1.4.3:

CAPTCHA Templates updated to support new Honey Pot field

  • private/plugins/captcha/templates/captcha.thtml
  • private/plugins/captcha/templates/captcha_calendar.thtml
  • private/plugins/captcha/templates/captcha_comment.thtml
  • private/plugins/captcha/templates/captcha_contact.thtml
  • private/plugins/captcha/templates/captcha_emailstory.thtml
  • private/plugins/captcha/templates/captcha_forum.thtml
  • private/plugins/captcha/templates/captcha_links.thtml
  • private/plugins/captcha/templates/captcha_mediagallery.thtml
  • private/plugins/captcha/templates/captcha_registration.thtml
  • private/plugins/captcha/templates/captcha_story.thtml
  • private/plugins/captcha/templates/captcha_token.thtml

CKEditor Templates updated to utilize the language locale attribute

  • private/plugins/ckeditor/templates/ckeditor.thtml
  • private/plugins/ckeditor/templates/ckeditor_block.thtml
  • private/plugins/ckeditor/templates/ckeditor_comment.thtml
  • private/plugins/ckeditor/templates/ckeditor_contact.thtml
  • private/plugins/ckeditor/templates/ckeditor_email.thtml
  • private/plugins/ckeditor/templates/ckeditor_sp.thtml
  • private/plugins/ckeditor/templates/ckeditor_story.thtml
  • private/plugins/ckeditor/templates/ckeditor_submitstory.thtml

Forum bug fix - ensure the ajax_deletefile.js is always properly loaded

  • private/plugins/forum/templates/posteditor.thtml

Fixed HTML error causing emails in HTML format to send in Text format

  • public_html/layout/nouveau/admin/mail/mailform.thtml


  • Updated CKEditor to v4.4.5.1
  • Forum - Fixed error where forum ranking did not always display properly.
  • SpamX - Add Allow TOR IP configuration option
  • CAPTCHA Plugin - Removed PICATCHA since the service is no longer supporting new signups.
  • CAPTCHA Plugin - Added Are You Human game support
  • CAPTCHA Plugin - Added mathmatical captcha
  • Media Gallery - Prevent moving images to root album
  • Added new configuration parameter to set minimum username length
  • Links Plugin - update root category in database when changed via online configuration
  • Locale data now maintained in the language files
  • Implemented option to disable instance caching
  • Added og:image meta data to articles
  • Fixed error that prevented batch user uploads.
  • Fixed error in Batch User Admin where short term user option did not work
  • Forum - Fixed issue where a required JS files was not loaded when wysiwyg editor was selected
  • Static Pages - Do not override the page title when static page content is provided via auto tag
  • Media Gallery - implemented a fix where data was being written to an un-initialized object causing an error on PHP v5.4+ systems.
  • Cleaned up the style sheet caching logic and implemented improvements to prevent corrupt cache files.
  • Implemented file locking when creating the style cache file to ensure multiple instances do not cause a file write error

glFusion v1.4.2

glFusion v1.4.2 is primarily a bug fix release, which resolves some minor issues identified with the previous release of glFusion.

Major Changes

HTML Filtering has been improved - you can now define, with more granularity, what elements and attributes to allow. Please see the Configuration Changes below.

Functional Changes

The Bad Behavior 2 Plugin has been enhanced to detect and stop additional threats. Specifically, any call to users.php?do=register are now blocked. These are spam bot attempts to register spam accounts on your site. These types spam bot registrations are not targeted for glFusion sites (glFusion doesn't use ?do=register to create new accounts). Bad Behavior also detects and blocks any URL with /RK=0/RS=… in the URL.

Configuration Changes

HTML Filtering

HTML Filtering now allows you to specify which elements and their attributes.

You should set the Default HTML For Stories to:

div[class], h1, h2, h3, pre, br, p[style], b[style], s, strong[style], i[style], em[style], u[style], strike, a[style|href|title|target], ol[style|class], ul[style|class], li[style|class], hr[style], blockquote[style], img[style|alt|title|width|height|src|align], table[style|width|bgcolor|align|cellspacing|cellpadding|border], tr[style], td[style], th[style], tbody, thead, caption, col, colgroup, span[style|class], sup, sub

Template Changes

No template changes were implemented in glFusion v1.4.2.


  • Updated CKEditor to v4.4.2
  • Ensure CKEditor's Media Gallery browser window has scrollbars and is resizable
  • Improved GD2 image resizing to preserve transparency
  • Fixed issue where Media Gallery would timeout on album admin screens
  • Fixed error in youtube autotag where it would log parse errors
  • Reworked how embedded story images are handled
  • Comment edit now takes you directly to the comment entry area
  • Support for PHP v5.3+ unlimited post size
  • Media Gallery - fixed bug in batch album delete
  • Forum - fixed bug in HTML postmode detection
  • Utilize dynamic tooltip style throughout the code
  • Forum reorganized forum entry page - moved subject above editing toolbar
  • Media Gallery - fixed HTML5 upload issue
  • Bad Behavior 2 Plugin enhancements to stop additional threats

glFusion v1.4.1

General Overview

glFusion v1.4.1 is primarily a bug fix release, which resolves some minor issues identified with the previous release of glFusion. There are some minor feature enhancements which are detailed below.

  • Several stability improvements
  • Fixed row styling on admin lists
  • Ratings did not register when 'clicked'
  • CKEditor FileManager could not locate images/library/ directory
  • StaticPages: Last update date was incorrect
  • Added WYSIWYG editor support for blocks
  • Fixed error when submitting a new article when auto close comments was enabled.
  • CKEditor now support direct integration with Smiley plugin
  • Installation / upgrade enhancements to better support PHP v5.5+
  • Update OAuth library to latest release

Major Changes

No major changes are included with glFusion v1.4.1.

Functional Changes

Improved SSL Support

If you are running your site under SSL, there have been several improvements to ensure that all cookies are properly using the secure cookie feature. When installing under SSL, glFusion auto-detects this and sets the proper config settings.

CKEditor - WYSIWYG Editor

CKEdtor now includes the latest version of the Filemanager plugin. Filemanager has received several updates, including the following:

  • Online configuration settings - now you can control the various aspects of the Filemanager via glFusion's online configuration system.
  • Ability to edit specific files on the host - by default this feature is disabled. You can enable it in the CKeditor section of the online configuration. Note: Online editing is restricted to only Root users.
  • Per User Image Library - Each user (by default) will have their own directory to store their uploaded images for stories.

Remote Login Enhancement

We have added Github to the remote login set. User's can now login with their Github credentials.

Configuration Changes

Three (3) new configuration options were added with glFusion v1.4.1:

Option Description
Enable Github Remote Login If enabled, user's can use their Github account to log into your site.
Github Client ID Required if Enable Github Remote Login is enabled.
Github Client Secret Required if Enable Github Remote Login is enabled.

Template Changes

Template Location Description
ckeditor_block.thtml private/plugins/ckeditor/templates/ new template to support WYSIWYG editor when editing blocks.
ckeditor_sp.thtml private/plugins/ckeditor/templates/ Added Youtube plugin to editor menu.
boards_delete.thtml private/plugins/forum/templates/admin/ Fixed an invalid form action reference.
boards_edtcategory.thtml private/plugins/forum/templates/admin/ Fixed an invalid form action reference.
boards_edtforum.thtml private/plugins/forum/templates/admin/ Fixed an invalid form action reference.
ckeditor_forum.thtml private/plugins/forum/templates/ Support Smiley integration of the Smiley Plugin.
property.thtml private/plugins/mediagallery/templates/ Fixed an invalid form action reference.
blockeditor.thtml public_html/layout/nouveau/admin/block/ Added support for WYSIWYG editor.
item_row.thtml public_html/layout/nouveau/lists/table/ Fixed a styling issue.
menu_horizontal_cascading.thtml public_html/layout/nouveau/menu/ Modified to allow parent menu items to have a link
menu_vertical_cascading.thtml public_html/layout/nouveau/menu/ Modified to allow parent menu items to have a link

Special Considerations when Upgrading

glFusion v1.4.1 enhanced how the Bad Behaviour Plugin handles SSL cookies. As a result, the bad-behavior-glfusion.php file will be overwritten when you load glFusion v1.4.1. If you have made any modifications to this file (for example, set the httpbl_key), please make a backup before upgrading.

glFusion v1.4.0

Major Changes

With glFusion v1.4.0, we are making a shift to HTML input as the standard input type. For comments, contacting users, mailing stories, HTML is now the default. You can select text mode input, but you no longer have the ability to toggle between input methods at the time you are entering text. To better support this change, we have replaced the old FCKeditor with a more modern WYSIWYG editor, CKEditor. We also offer TinyMCE as a plugin if you prefer that WYSIWYG editor. This has also driven significant updates to how HTML input is filtered. We've fixed a security issue in the filtering and also expanded the ability for you to define what HTML elements you will allow.

The Media Gallery SWFUpload feature has always been problematic. It worked, but not always very well. SWFUpload has been removed and replaced with an HTML 5 drag and drop uploader.

Menu Builder has seen some more updates. The code has been completely rewritten to be much more efficient. HTML used to build the menus is now template driven, which gives you unlimited flexibility in creating menus.

Functional Changes

Menu Builder Updates

Menu Builder has gone through another rewrite. The code is now much more efficient. Previous versions of Menu Builder, the HTML that controls the menu look and feel was hard coded. It has been rewritten to use templates, which now gives you much more flexibility to customize how the menus work.

Styling is still done through the menu classes in the style.css file.

For more details on Menu Builder's updates - see the Menu Builder Update Notes page.

What You See is What You Get (WYSIWYG) Editor

In previous releases, you had the ability to toggle between plain text and HTML entry, with the option to also use the advanced editor. This approach adds a significant complexity to the glFusion code, but it also puts some limitations in place as well. Toggling between text and HTML can have devastating effects on formatting.

You now choose whether you want text or HTML entry via a configuration setting. If you select HTML, then HTML will be the mode you use.

The out-dated FCKEditor has been removed from the code base. WYSIWYG editors are now provided as glFusion plugins. glFusion ships with the CKEditor WYSIWYG editor bundled. You can also download and install the TinyMCE editor if you prefer.

Both CKEditor and TinyMCE have been integrated very tightly with glFusion to ensure what you see in the editor is what you actually get when you view the page through glFusion.

HTML Filtering

With the move to more HTML based inputs, it is very important that we have a secure method to filter user entered content. The previous HTML filtering solution was good, but there was a significant security hole that needed to be plugged. We've also implemented the ability for you to fine tune what HTML elements will be allowed depending on the operation being performed. For example, you may allow more HTML tags in a story, but limit what HTML can be used in a comment. The HTML will be parsed by the HTML filter to ensure only the HTML elements you are allowed are saved. The content is also filtered for any malicious content and it will be removed.

There are new configuration options where you can specify which HTML tags you will allow in stories, comments, etc. Please review the default settings in Command & ControlConfigurationMiscellaneousHTML Filtering.

Configuration Changes

The following new configuration option changes:

Removed Configuration Settings:

Configuration Item Description
menu_elements removed legacy menu elements
mailstory_postmode no longer set postmode of the mailstory function
comment_editor No longer select type of editor - Now select whether you have the WYSIWYG editor or a standard text box in the WYSIWYG editor configuration screen.
advanced_editor Now select whether you have the WYSIWYG editor or standard text box in the WYSIWYG editor configuration screen.

Added the following configuration settings:

Configuration Item Description
mailuser_postmode Post mode (HTML or Text) to use when mailing a user or story
htmlfilter_default HTML that will be allowed if no other HTML defined
htmlfilter_story HTML allowed in story editor (applied to both admins and normal users)
htmlfilter_comment HTML allowed in comment editor
htmlfilter_root HTML that only root users can use

Forum Plugin

Configuration Item Description
allowed_html allowed HTML in a forum post - if HTML is enabled.

Template Changes

Removed the following templates:

  • profiles/contactauthorform_advanced.thtml
  • profiles/contactuserform_advanced.thtml

Modified the following templates:

Template Location Description
languagetask.thtml public_html/admin/install/templates Removed GL migration
contactauthorform.thtml public_html/layout/nouveau/profiles One template to handle both WYSIWYG and plain text
editor.thtml private/plugins/staticpages/templates/admin Support for WYSIWYG
posteditor.thtml private/plugins/forum/templates Support for WYSIWYG
ckeditor_forum.thtml private/plugins/forum/templates Support for CKEditor
ckeditor_story.thtml private/plugins/ckeditor/templates Support for CKEditor in story editor
commentform.thtml public_html/layout/nouveau/comment WYSIWYG support
submitstory.thtml public_html/layout/nouveau/submit User submitted story WYSIWYG support
contactuserform.thtml public_html/layout/nouveau/profiles WYSIWYG support
storyeditor.thtml public_html/layout/nouveau/admin/story Admin user entry WYSIWYG support
mailform.thtml public_html/layout/nouveau/admin/mail WYSIWYG support
blockeditor.thtml public_html/layout/nouveau/admin/block WYSIWYG support
tinymce_forum.thtml private/plugins/forum/templates TinyMCE editor support for Forum Plugin
ckeditor_submitstory.thtml private/plugins/ckeditor/templates user submitted story
ckeditor_email.thtml private/plugins/ckeditor/templates mail user / article
ckeditor_sp.thtml private/plugins/ckeditor/templates static pages
ckeditor_comment.thtml private/plugins/ckeditor/templates CKEditor template for comments
ckeditor_contact.thtml private/plugins/ckeditor/templates CKEditor template for contact user
ckeditor.thtml private/plugins/ckeditor/templates General CKEditor template
htmlheader.thtml public_html/layout/nouveau Changed st_ variables to use new menu builder vars
upload.thtml private/plugins/mediagallery/templates Removed SWF Upload
html5upload.thtml private/plugins/mediagallery/templates HTML 5 upload
menu_vertical_simple.thtml public_html/layout/nouveau/menu Menu Builder template for simple vertical menus
menu_vertical_cascading.thtml public_html/layout/nouveau/menu Menu Builder template for vertical cascading menus
menu_horizontal_cascading.thtml public_html/layout/nouveau/menu Menu Builder template for horizontal cascading menus
menu_horizontal_simple.thtml public_html/layout/nouveau/menu Menu Builder template for simple horizontal menus
header.thtml public_html/layout/nouveau Uses new Menu Builder menu variables (replaced st_ template variables
footer.thtml public_html/layout/nouveau Uses new Menu Builder menu variables (replaced st_ template variables
editmenu.thtml public_html/layout/nouveau/admin/menu Menu editor

glFusion v1.3.2

The CAPTCHA plugin now supports a picture based selection system called Picatcha.


  • Updated features for the CAPTCHA plugin to provide enhanced BOT blocking
  • Stop Forum Spam user/email check for existing site users - allows you to identify BOTs that may have registered previously on your site.
  • OAuth (Facebook, Twitter, Google, etc.) login stability improvements
  • Media Gallery batch album delete fix
  • Fixed Calendar Upcoming Event block data format issue
  • Session initialization tweak to better detect existing sessions

No functionality changes, configuration changes, or template changes.

glFusion v1.3.1

Major Changes

Security Update: Fixed potential SQL inject in Media Gallery - Identified by Manituna Security


  • Fixed potential SQL inject in Media Gallery - Identified by Manituna Security
  • Improved upload security for FileMgmt plugin
  • Fixed SpamX SFS email check - no longer urlencode email address
  • Added Clear Cache and Menu Builder entries to the Admins Only block function
  • StaticPages Plugin: Added rightblocks only page option
  • Improved session id generation
  • Improved error handling on display error and abort call.
  • Fixed error in Media Gallery submission queue approval
  • Fixed SQL error when FileMgmt integration is enabled in Forum Plugin
  • Fixed email notification error - invalid email address
  • Fixed error when saving in Group editor when chk_showall was set to 1

glFusion v1.3.0

Major Changes

  • glFusion now only supports PHP v5.2.0 or newer
  • glFusion now only supports MySQL v4.1.3 or newer
  • Menu Builder rewritten - Read the details before upgrading - major changes in how menus are styled
  • Theme customization updates
  • New Session Handler
  • New Email Notification system - much better resource utilization on shared hosts
  • Subscriptions
  • Forum Plugin rewrite to be much more resource friendly and scalaby
  • Media Gallery Plugin enhancements to be much faster and resource friendly
  • Bad Behavior Plugin enhancements to provide additional security protections
  • Facebook Login Support
  • Support for Google +1 / Facebook Like
  • Integrated Auto Tag Manager
  • Auto Tag Permissions
  • New date / time system - should provide much better international support
  • Static Page Update - friendlier URLs
  • Major performance tweaks
  • New Version Checker

Functional Changes

PHP and MySQL Versions

glFusion now requires PHP v5.2.0 or newer. If you are running on a host with PHP v4.x, you cannot upgrade to glFusion v1.3.0+ until you upgrade your PHP installation.

glFusion also requires MySQL v4.1.3 or newer. If you are running on a host with an older version of MySQL, you cannot upgrade to glFusion v1.3.0+ until you upgrade your MySQL installation.

Menu Builder is now integrated directly into the glFusion codebase, it is no longer a plugin. There have been several design changes as well on how menus are built and displayed. If you have customized your menus in the past, please read the details on how you will need to update your customizations.

Theme Customization Support

glFusion has always tried to provide an environment where you could customize the look and feel of your site without sacrificing the ability to update the site with new versions of glFusion. We've extended this capability a bit more….

In the past (and still now), you could copy the default style.css file to the custom/ directory and make any changes you wanted. Your custom style.css would be used instead of the default style sheet. This feature provides a lot of flexibility, but it doesn't give you a good way to identify what you changed from the original.

We've implemented a new custom.css file that allows you to put just the style overrides you need for you site. The custom.css file is always the last style sheet loaded, so you can make customization's or modifications to the default styles without having to duplicate the entire style sheet.

Autotag Support

Auto Tags are a great little feature in glFusion that allows you to easily embed content from one part of the site into another part of the site. We've done a lot of work on Auto Tags in glFusion v1.3.0 to expand their usefulness and capabilities.


You can now associate permissions with auto tags. You can define where an auto tag can be used. Usually permissions are associated with users, but in the case of auto tags, it makes more sense to define where an auto tag can be used instead of who can use it. Who can use or view the contents of an auto tag is controlled by the permissions associated with the content.

Auto Tag Manager

We've implemented a new administrative interface to help you manage auto tags. This interface shows you all the auto tags available on your site, a description, and the ability to edit / modify the permissions.

You can also create your own custom auto tags, or implement auto tags that others have created….

Custom Auto Tags

glFusion v1.3.0 provides the ability for you to upload or create your own custom auto tags. These could be as simple as text replacements, or as complicated as implementing new PHP code to retrieve and format data from a database.

Facebook / Google / Twitter Authentication

glFusion v1.3.0 now supports the ability to have user's log into your site using their Facebook, Google, Twitter, or Microsoft login credentials.

Static pages Enhancement

A request we hear very often is how to shorten the static pages URL. With glFusion v1.3.0, we've renamed the static pages plugin to page. We didn't change the directory structure, instead, we simply created a new page.php file in the web root that will now display static pages.

For older releases - see the What's New Archive

glfusion/whatsnew.txt · Last modified: 2018/05/23 15:11 by Mark