glFusion Wiki

Site Tools


Table of Contents

Upgrading from 1.2.1 - Changes in v1.2.2

  • Updated Czech language files from Ivan
  • Fixed hard coded language string (Groups) in admin/user.php
  • Mail to user (admin user edit screen) did not work properly
  • German language update from André
  • FileMgmt - Display max allowed filesize in admin upload screen
  • Updates to better support MySQL 5.5
  • Do not show Awaiting Verification in user edit as an option when user does not enter their own password
  • Fixed bug where user's password was not properly checked to determine if blank when registering a new user

No template or configuration changes in this release.

Upgrading from 1.2.0 - Changes in v1.2.1

XSS Security Fix

The admin configuration screen did not properly filter all input variables, this resulted in the potential for a cross site scripting vulnerability. Although the risk is very low since access to the administration section of a glFusion site requires admin authentication, we have fixed the filtering problem.

General Code Improvements

We continue to perform code reviews and make necessary adjustments to improve the overall security posture of the system. There were several minor tweaks to ensure proper filtering and validation of user supplied data.


  • Updated / new German Language files for glFusion and all bundled plugins. Thanks to André for the translations
  • FileMgmt: Add max file size to information text on upload screen
  • Updated htmLawed to v1.1.9.4
  • Bad Behavior2: Updated to v2.0.39
  • Implement persistent (non-fading) system messaging
    • See: COM_showMessage(), COM_showMessageText(), COM_showMessageFromParameter()
  • All bundled Plugins: Allow custom language string overrides
  • Config setting Allow User Theme and Allow User Language to False on default installs
  • Allow forum plugin to find custom CSS in private/plugins/forum/css/custom
  • Let default content blocks auto-increment on install
  • Implement PLG_templatePath: plugin helper function to find templates
  • Extend ADMIN_simpleList → ADMIN_arrayList, allows sortable columns
  • Rename ADMIN_sortList function to ADMIN_sortArray
  • Plugin Admin - allow sorting of columns in Plugin list
  • Replace/fix sort direction arrows in ADMIN_list and ADMIN_arrayList

Bug Fixes

  • Ensure $REMOTE_ADDR is properly set
  • Media Gallery: Fixed bug where user quota would reset to unlimited
  • Fixed issue where the MooRotator would not auto start in Chrome
  • Forum: Added permission check to forum notification emails
  • Media Gallery: Fixed bug when in Global Album Editor, the Display Image Skin setting was not being saved.
  • Calendar: Copying event from master calendar to personal calendar caused SQL error
  • Media Gallery: Fixed bug where mediagallery.admin members could not access admin page.
  • Fix width of Directory/File Permissions table in envcheck
  • submit.php was not providing new edit=x parameter to plugins
  • Calendar: Add permission check to auto tags
  • FileMgmt: Add permission check to auto tags
  • Staticpages: Add permission check to auto tags
  • Fix block id conflict between Blog Roll and Forum Menu blocks
  • MooSlide widget resize bugfix, implement custom css, autoscroll and mouseover capability, all code courtesy of Rowan
  • Fix filecheck_data - create missing nouveau custom template dirs

Upgrading from 1.1.8 - Changes in v1.2.0

Defense in Depth Security Enhancements

Improved Password Encryption

With this release we have replaced the password encryption algorithm with a much more security method. Previously, glFusion relied on MD5 encryption, which has started to show its age and has been proven to be breakable. Your current users will continue to use the MD5 method until they change their password. Any new users, and users who change their password, will automatically start using the newer encryption method.

Improved Session Handling

In prior versions of glFusion, the method used to allow users to automatically login for an extended period of time (the Remember Me setting in My Account) would expose the MD5 password hash. The cookie used to allow the auto login contained the MD5 hash of the user's password.

There are a couple of problems with this approach. First, if the cookie were to be stolen or hijacked, it is possible someone could crack the MD5 encrypted password. Second, the length of time the cookie is valid (time to live) was controlled by the client, not the server. Basically, glFusion had no way to enforce how long the cookie was valid.

glFusion has always had extra protections to help mitigate the two items above. glFusion would validate the IP address of the user who set the cookie matched the user who was trying to use it. Still, with the weak encryption that MD5 offers, exposing the encrypted password simply is not a good practice.

With glFusion v1.2.0, the 'Remember Me' automatic login process has been completely re-engineered so the user's encrypted password is no longer used. Instead, session tokens are used and their time to live is now controlled in glFusion. These enhancements combined with the existing IP checking provide for a much more secure environment.

There is a new configuration option to control how the cookies are validated against the IP address. Session IP Check. This online configuration setting replaces the $_SYSTEM['skip_ip_check'] option in siteconfig.php.

Administrative Features Require Re-authentication

With glFusion v1.2.0, we now require re-authentication before allowing access to the administrative features of the site. This provides another layer of defense for your site. Although we have several significant protections in place to protect the long term cookie (Remember Me), this additional protection is simply one more layer of protection.

General Code Improvements

We continue to perform code reviews and make necessary adjustments to improve the overall security posture of the system. Once specific area where we focused during this release cycle was the use of the PHP function addslashes. This function is used to protect SQL queries from SQL injection attacks. We have replaced the use of addslashes() with the mysql_real_escape_string() function which provides better protection.


These are all defense in depth enhancements. This means we do not rely on just 1 or 2 protection methods, we have several layers to provide the best protections we can. We honestly don't know what the next vulnerability will be, but our goal is to lessen the effectiveness of any potential breaches. It is one thing to claim to be a secure environment, but without a good defense in depth approach, talk is cheap.

Administrative Enhancements

Look and Feel

Mark Howard has been very busy reworking many of the administrative screens to make them both consistent in look and feel, and to make them much more usable.

User Editor

There is a new user editor in glFusion v1.2.0 that allows the site administrator to edit all attributes about a user, including their preferences for 3rd party plugins.

Global User Preference Editor

The Global User Preference Editor allows the site administrator to change certain user preferences for all users. For example, if you decide that you would prefer the comments show in a nested format, you can change the site default, but that does not override each user's individual preference. You can now reset all users to use the nested format.

Default Groups

You can now assign specific groups to users automatically through the Group Editor user interface. In past versions of glFusion, you had to write a custom PHP function to accomplish this goal. The Private Message plugin uses this feature, where it sets the PM Users group as a default group. This will automatically allow all users to send / receive private messages. As an example, if you had a user who was abusing the privilege (sending too many messages, bothering or harassing other users), you then simply remove them from the PM Users group, and they no longer have access to the PM plugin.

Consistency Improvements

We've reviewed the general functionality of various components of glFusion and tried to bring an improved consistency to how certain tasks are handled.

Login Required

If a function requires the user to login, we now present the login screen with a message stating that access to this area requires you to login, instead of just a message stating login required.

Navigation / Extra Block Display

We have implemented the option for all plugins to determine if the right / left navigation columns should display. In the past, some plugins supported this, others didn't. Now, the majority of the 3rd party plugins support this feature.

Comment Enhancements

Eric and I have reworked the overall style of comments in glFusion v1.2.0. It now defaults to include the comment author's avatar within the comments. Comments made by the article author (the person who wrote the original story) can be styled differently from the others to make them stand out more. We even included a way to specify styling for comments made by certain groups of users (say all Root users, etc.) We have changed the default view mode to nested, which really does a much better job of presenting comments. Finally, we have added a configuration option to allow you to specify which editor (Text, HTML, or WYSIWYG) to use for posting comments.

Improved User Registration

We have added the much requested option to allow users to select their own password at registration time. Now you have the option to allow new users to choose their own password and receive an activation email when they register. With this registration method, once they select the link in the activation email, their account will be activated. We believe this new feature will make for a much better user registration experience. For more details, see the User Registration documentation.

What's New in glFusion v1.1.7

glFusion v1.1.7 continues our commitment to providing a secure and robust content management system. This release release includes a few minor enhancements, security updates, and bug fixes.

For those who are upgrading, please don't forget to run the Upgrade Wizard after you have loaded the files to your server.

Some of the enhancements below required us to make some changes to the template files. Be sure and check out the Template Changes page and update any of your custom templates.

Notable Enhancements for glFusion v1.1.7

Improved Plugin Integration Options

As glFusion continues to mature and we see more plugin development, we are improving the plugin integration APIs and hooks. The integration improvements for glFusion v1.1.7 were driven by the excellent developed by Lee Garner. The Profile Plugin allows you to easily add new fields to the registration and user profile screens. It basically does away with the need to implement a custom registration which has always been a cumbersome process. With Lee's help, we were able to add some additional plugin integration features so you can now install the Profile Plugin and immediately begin using it. No need to edit template files or make any other system changes, his plugin does it all!

Calendar .ics Export

Recently I ran into a need where the users needed to be able to subscribe to a glFusion calendar. So, we've implemented the ability to now share the glFusion calendar using the ICS format. We have added ICS as one of the syndication options to the Content Syndication system. This means you can now share your glFusion based calendar with Outook, Thunderbird, Google Calendar, or any other calendar system that allows .ics imports.

CAPTCHA Improvements

Our CAPTCHA support has been pretty good, but one feature that has always been missing is the ability to have an audio prompt for those who are visually impaired. We have integrated support for the reCAPCHA system into the glFusion CAPTCHA plugin. reCAPCHA is an external service that provides CAPTCHA strings and also supports audio prompts if needed. The cool thing about reCAPTCHA is the words you enter help them digitize books and newspapers. Please visit their site for more details.

New Star Rating Library

We discovered a pretty nasty bug in the Media Gallery rating code where the rating values could become corrupt. While fixing this, we decided to strip this code out of Media Gallery and place it in the core code. Now we have a rating library that can be used by other plugins. We’ve added the ability to now have rating on stories. We updated the FileMgmt rating to use the new star rating system and obviously updated Media Gallery to use the new glFusion core code for rating.

Autotag Support in Templates

You can now use glFusion autotags directly in template files. For example, you could have a rotating banner in your site header by adding the Media Gallery fslideshow autotag directly into the header.thtml template file. The format to use autotags in a template is:

  {!!autotag fslideshow:123431234 !!}

Full ChangeLog

glFusion v1.1.7

  • Autotranslations block now uses image sprite
  • Implemented 4 new template vars for articles to allow plugins additional integration opportunities:
    • plugin_icon_vars
    • plugin_meta_vars
    • plugin_body_vars
    • plugin_footer_vars
  • Add topic id to topic lists to help multi-linqual sites
  • Add title attribute to What's New for:
    • Stories
    • Comments - already supported
    • FileMgmt
    • Links - already supported
    • Media Gallery
  • Moved rating code out of Media Gallery into core. glFusion now provides Rating APIs for other plugins to use.
    • Implemented star rating for stories
    • Implemented star rating in FileMgmt
    • Updated Media Gallery to use new star rating code
  • Fixed bug where help link could be broken in Online Configuration Screen
  • Added ICS (calendar export) to syndication library. You can now share your glFusion calendars.
  • Added autotag logic to template library - this means you can now use auto tags in template files
  • Upgraded Geshi library to latest version - v1.0.8.4
  • Upgrade FCKeditor to 2.6.5
  • Added new hooks / APIs to allow plugins to fully tap into the user profile and registration system - provides direct support for Lee Garner's Custom Profile plugin.
  • Fixed URL rewrite to support IIS 7 FastCGI PHP mode.
  • Fixed error when user does not have edit permissions to story.
  • Fixed special character handling in story editor
  • Fixed backslash removal in story editor

Bad Behavior Plugin

  • Upgrade Bad Behavior2 to v2.0.33


  • Added reCAPTCHA support
  • Force static image open to use binary mode
  • Exposes additional CAPTCHA functions to core/plugins (Mark H.)

FileMgmt Plugin

  • Added file_download autotag (Mark H.)

Forum Plugin

  • Improved handling of the cancel request
  • Add cancel button to create topic
  • Fixed paging issue when going to a specific topic
  • BBcode handler - fixed issue where some posts would show as blank
  • Fixed issue where slashes were removed from mootip pop-up text
  • Fixed error in phpbb3_import
  • Fixed error when creating new user when MySQL in strict mode

Media Gallery Plugin

  • NEW Flash based upload option
  • Retired (removed) the old Java based upload system (JUPLOAD)
  • Added PLG_setTemplateVars() call to the album view
  • Updated SWFObject to v2.2
  • Updated MP3 players to latest releases
  • Fixed MP3 jukebox to auto play full playlist
  • Fixed error when user tries to access an album they do not have permission to view.

Polls Plugin

  • Implemented polls auto tags (ported from Geeklog v1.6.1)

What's New in glFusion v1.1.6

glFusion v1.1.6 continues our commitment to providing a secure and robust content management system. This release release includes a few minor enhancements, security updates, and bug fixes.

This release does make configuration and database modifications, so you must run the Upgrade Wizard after you have loaded the files to your server.

Security Enhancements

glFusion now supports cookies with the HTTPOnly flag. The cookie is accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).

The installation scripts have been reworked to be a bit more secure. We still recommend you either rename or remove the public_html/admin/install/ directory once you have completed the installation or upgrade.

Security of your web site is very important to us. If an vulnerability is found, we try to fix it immediately. The challenge is informing our users of the risk and the fix. We now offer the glFusion Announce Mailing List that you can subscribe to. We will post all known issues and security issues to this list. We also offer a Known Issues / Security Updates RSS feed you can subscribe to as well.

We strongly recommend that you subscribe to one of the items above to ensure you receive prompt notification of any security vulnerabilities and their solution.

Other Enhancements

Full German Translations

Tony Kluever provided full German translations for glFusion and all bundled plugins.

showblock auto tag

glFusion v1.1.6 added a new auto tag that allows you to display blocks inside other content such as static pages. This opens up the ability to develop some interesting and unique page designs.

Search Improvements

Previous versions of glFusion did not support search comments for anything other than stories. Now comments are searched for all plugins.

RSS Feed Improvements

glFusion now includes the author in the RSS v2.0 feeds.

Bad Behavior2 Updated to v2.0.29

Bad Behavior's author has released Bad Behavior v2.0.29, which has now been integrated into glFusion v1.1.6.

Full ChangeLog

glFusion v1.1.6

  • Added min-height property to #gl_wrapper in style.css
  • Added accordion style toggles to configuration screens for “progressive disclosure”
  • New showblock auto tag
  • Added CUSTOM_css() hook
  • Spruced up the search results for comments show type of comment (i.e.; Story > Comment or FileMgmt > Comment)
  • Search using date range did not always work properly across all plugins
  • Ensure topic selection is presistent when viewing admin story list
  • Allow plugin comments to be included in search results
  • Tweaks to contact user / author templates; consistent widths and display
  • Allow custom/functions.php in theme directory
  • Ensure enabling / removing configuration options clears the config cache file
  • Moved documentation into language directories
  • Added PLG_getConfigElementHelp API call
  • Full support for PLG_itemSaved() and PLG_itemDeleted() APIs
  • Add author to RSS 2.0 syndication feeds for articles
  • Do not error when trying to upgrade a disabled bundled plugin
  • Security enhancements to the installation scripts
  • Better support for legacy plugins
  • Ensure template class if available when logging errors
  • Ensure character encoding is properly passed to all htmlentities calls
  • Add custom_registration field to allowed fields in fusionrescue.php
  • Replaced ereg functions for improved PHP 5.3.0 support
  • Accessibility updates
  • Updated German Language files
  • Added the ability to pass additional parsers and code handlers to lib-bbcode.
  • Fixed issue when daily digest is enabled and user changes their password, all topics are marked as no-access
  • Ensure root user is properly set when deleting a user
  • Fixed a crash in html2text when [b]$ combinations existed in the forum post or the story. (Mark).

Bad Behavior2 Plugin

  • Updated to v2.0.29
    • Users authenticating to a Bad Behavior-protected site using a third party OpenID were blocked with a message stating that: “Data may not be posted from offsite forms.”
    • A few specialized web crawlers use an unusual form of the Range: HTTP header in their requests, requesting a range starting with 0. This behavior, while technically permitted by the HTTP specification, is most often seen with malicious crawlers; web browsers and major search engines do not use it. Bad Behavior will now block these requests only when strict mode is enabled.

Calendar Plugin

  • Maintain the owner of events placed in the submission queue

FileMgmt Plugin

  • FileMgmt did not honor the comment setting for each file and always displayed the comment bar.
  • Do not display the upload form for anonymous users if upload public set to false.

Forum Plugin

  • Finally resolved the issue with the Active Forum icon would not always display when there were new posts in a forum. Thanks to LeeG for providing me enough details to resolve this bug.
  • Fixed issue where the index page would incorrectly display Today as the last post date when in fact that wasn't true.
  • Fixed invalid index on rating_assoc table (bumped version to 3.1.5)
  • Fix to allow Smiley plugin to work with WYSIWYG editor
  • Ensure the profile edit functions return the proper value
  • Filter memberslist to ensure only registered users are shown
  • Fixed issue where moderators were unable to edit forum posts.
  • Updated the topic-left.thtml with community moderation variables.
  • Fixed story migration to set postmode to 'html' instead of 'HTML' which caused problems when using the WYSIWYG editor.

Links Plugin

  • If login is required and user is not logged in, display a message that login is required instead of simply redirecting to the index page.
  • Improved error messages displayed when there is a problem submitting a link.
  • Loosened up the URL checking routines

Media Gallery Plugin

  • Increased z-index of lightbox to compensate for z-index fix with Site Tailor menu auto tags
  • RSS feeds were not being referenced in the correct directory
  • When using the destination block on auto tags, the auto tag counter was not properly initialized.
  • Expand auto tags in title when used in Random Image block

Site Tailor Plugin

  • Fixed issue where quotes were not properly filtered when magic_quotes_gpc is enabled in PHP.
  • New element type * Label * allows you to have a non-link label as a menu element
  • Made field order consistent between create element & edit element
  • Properly delete menu config entries when deleting a menu (fix provided by Mark Howard)
  • Fixed z-index issue when multiple menus are on the same page (fix provided by Mark Howard)
  • Fixed a bug with the vmenu auto tag where it did not properly trim whitespaces from the menu name, thus it didn't actually work.
  • Menu builder did not always honor the URL rewrite setting when building links for static pages
  • When using the [hmenu] auto tag, cascading menus did not render properly

Static Pages Plugin

  • 'Last updated' date does not use same format as other dates

Language File Updates

German Translation updates to:

  • Bad Behavior
  • Media Gallery
  • Site Tailor
  • Links
  • Captcha
  • FileMmgt
  • Calendar
  • Forum
  • Spamx
  • Polls

What's New in glFusion v1.1.5

glFusion v1.1.5 continues our commitment to providing a secure and robust content management system. This release release includes several enhancements and bug fixes.

This release does make configuration and database modifications, so you must run the Upgrade Wizard after you have loaded the files to your server.

Security Fixes / Enhancements

We have continued our audit of the source code and added additional protections to prevent XSS (Cross Site Scripting) attacks and made several minor improvements in parameter filtering.

The FCKeditor bundled with glFusion has been updated to the latest release version which includes a few security fixes and enhancements.

Security of your web site is very important to us. If an vulnerability is found, we try to fix it immediately. The challenge is informing our users of the risk and the fix. We now offer the glFusion Announce Mailing List that you can subscribe to. We will post all known issues and security issues to this list. We also offer a Known Issues / Security Updates RSS feed you can subscribe to as well.

We strongly recommend that you subscribe to one of the items above to ensure you receive prompt notification of any security vulnerabilities and their solution.

Improved Search Engine Optimization (SEO) Features

We have made several small improvements throughout the entire glFusion suite to provide improved SEO.

Canonical URLs

Where appropriate, we now include canonical URLs for pages that may have multiple methods of reference. For example, when viewing a story, there may be several valid URLs to reference the story:

Each of these URLs reference the same story. A canonical URL tells the search engines the 'preferred' URL so they will recognize that the multiple references to the page are not duplicate content. For example, the 'preferred' or canonical URL for the story referenced above might be:

This puts you in control of how the search engines evaluate your site. Prior to canonical URLs, the search engines would try to derive (or guess) the preferred URL. Now, you control how your site is evaluated.

See Specify your canonical article for more details. Also, check out Demystifying the "duplicate content penalty" for some good information on the facts of duplicate content on a site.

Page Titles

We have also improved page titles to better reflect the page being viewed. For example, when viewing Forum posts, the topic subject is now the page title. In the FileMgmt plugin, we use the file name description as the page title. In Media Gallery, we use the album title as the page title when viewing an album and the media item title as the page title when viewing a media item. We have tried to include a content specific page title for every item in glFusion.

Comment Engine Improvements

The underlying comment engine in glFusion did not work well with plugins. For example, a user has the ability to choose how many comments they wish to see at one time. glFusion will then add a navigation bar at the end of the comments to allow the user to page through them. This functionality did not work for plugins, only for stories. glFusion v1.1.5 fixes this and now all features of the comment engine work for all glFusion plugins.

Daily Digest Improvements

The daily digest feature allows stories to be emailed to users who choose to receive them. Prior versions of glFusion would only include a text version of the story in the email. New in glFusion v1.1.5 is the ability to send the story in both HTML and TEXT mode. This allows users who receive the email to see the story in the same format they would online. For those users who do not have HTML capable email clients, they will still see the text version of the story as they have in the past.

Support for longer usernames

Previous versions of glFusion only allowed usernames to be a maximum of 16 characters. glFusion v1.1.5 now supports usernames upto 32 characters in length.

Core glFusion Group can now be edited

In previous versions of glFusion, several core groups could not be edited by the site admin. This restriction was the cause of much grief for sites that wanted to enable a feature for all logged-in-users for example. With glFusion v1.1.5, the group membership and features of the core groups can now be modified.

New Profile APIs for Plugin Developers

Previous versions of glFusion did not provide hooks into the user preference (profile) screens. New with glFusion v1.1.5 is a full set of programming interfaces that allow plugin developers to seamlessly add new elements the various user preference screens.

The Forum plugin now adds a Forum Preferences tab to the user preference screen. The Media Gallery plugin has also moved its user preferences to a tab on the glFusion User Preference screens.

Maintenance Mode Online Config Setting

glFusion supports putting a site in “maintenance mode”, which allows an admin to access the full site while non-admins are re-directed to a sitedown page or message. This is useful when performing maintenance or staging a site during development, and you don't want folks to see the work in progress.

Previously you had to toggle a setting in public_html/siteconfig.php to enable maintenance mode, but now you can do it directly from the online configuration screen. If you accidentally logout of your site while it is in maintenance mode, there is an override setting that you can set in public_html/siteconfig.php that will let you log back in to your site.

Forum Plugin Enhancements

The Forum plugin received the most attention during this release cycle adding several new features and user experience improvements.

Community Moderation

Community Moderation is the brain child of Marco Belmonte. Marco sponsored the development of this cool feature. Josh Pendergrass did the development work. Community Moderation allows the Forum users to self-moderate the forums. For more details see the Community Moderation documentation.

Full Post Notification Emails

Eric Kingsley developed a modification to the Forum plugin that allows users to receive the full text of the forum post in the subscription notification emails. Eric was kind enough to share his work with us and it has been included in the Forum code base.


We're finding more and more sites that would prefer to use a true WYSIWYG editor instead of the standard BBcode editor included with the Forum plugin. We have added the ability to now use the bundled glFusion advanced editor (FCKeditor) as the default editor for forum posts.

BBCode Signatures

Another feature found in many other bulletin board and forum systems is the ability for users to create a customized signature that supports images and various text formatting (such as bold, italics, etc.). We have added the ability for users to create their own customized Forum signature will full support for the BBcode attributes currently available in the Forum plugin. See the BBCode Signature documentation for more details.

Import from phpBB3 Forums

For those folks who are migrating from phpBB3 to glFusion, we now have the ability to import both users and all existing forum posts into the glFusion system.

Media Gallery Plugin Enhancements

Remote Image Support

Thanks to Jon Deliz, Media Gallery now supports including remote hosted JPG and GIF images. Jon even added the ability to create the local thumbnail, but this does require that your hosting provider includes CURL support.

Edit Media Owner

A missing feature for some time, Media Gallery now supports the ability to change the media owner. Site Admins can now edit the owner of any media item.

Tag Plugin Hooks

Media Gallery now supports the Tag Plugin, which allows you to have a tag cloud on your site.

Full ChangeLog for glFusion v1.1.5

glFusion Core

  • Moved maintenance_mode to the online configuration (Mark)
  • Added default sitedown.html page (Eric)
  • Fixed typo in install script example path and clarified help text (Eric)
  • Comments did not properly retain the post mode setting (Mark)
  • Fixed issue with URL rewrite that appears on some hosting services where the parameter array is not properly recognized (Mark)
  • Reworked daily digest code to support both HTML and text messages. It is now template driven (Mark)
  • Rename signature (in user profile) to Tag Line (Mark)
  • Email did not honor the priority flag (Mark)
  • Ability to use remote IP instead of referring URL for security tokens (Mark)
  • Fixed censor mode select (Mark)
  • Add option for user to select search result format (Mark)
  • Add block name to the admin list of blocks (Mark)
  • Updated htmLawed to v1.1.8.1 (Mark)
  • Implemented new profile APIs (Mark)
  • New configuration option to hide the 'Content' tab in the Account Settings (Mark)
  • Fixed incorrect field type for SMTP host (Mark)
  • Updated FCKeditor to v2.6.4.1 (Mark)
  • Search dates were not properly validated prior to use (Mark)
  • Fixed several E_ALL errors (Mark)
  • Multi-page comment support was broken for plugins (Mark)
  • Support usernames upto 32 characters in length (Mark)
  • Installation - Now support migrating Geeklog v1.4.1+ sites, including 1.6.0 (Mark)
  • Improved SEO support throughout the system (Mark)
  • Core groups can now be edited. (Mark)
  • Plugin auto installer did not display correct installed version number (Mark)
  • Display default glFusion topic icon if no icon is specified (Mark)
  • Allow user edit for remote users (Mark)

glFusion v1.1.4pl4

  • Fixed bug where you could not use the image insert in the advanced editor in the mail user form (Mark)
  • Fixed another XML issue with the web services routines (Mark)
  • Added width:100% in submitstory_advanced.thtml template to ensure the WYSIWYG editor uses the full width of the page (Mark)
  • Removed the maxlength for the admin password prompt (Mark)
  • Ensure extra whitespace is properly removed in search strings (Mark)
  • Leap year fix in calendar.class.php (Mark)
  • Uploads fails to upload files when 1 file in the bunch errors (Mark)
  • Webservices did not properly escape all HTML entities (Mark)

glFusion v1.1.4pl3

  • Fix install issue on servers with \\path\to\glfusion directory notation (Mark)
  • Trim spaces from username and email when creating a new user (Mark)
  • When custom registration is enabled, the user cannot select a login link to display the login screen (Mark)
  • Added cache_templates field to fusionrescue.php (Mark)
  • Added [story_introtext:##storyid##] Auto tag (Mark)
  • Adding groups to user in user edit could fail under certain conditions (Mark)
  • New PLG_getwhatsnewcomment() API to allow plugins to list new comments in the What's New block (Mark)
  • Installation - ensure siteconfig.php was successfully created (Mark)

glFusion v1.1.4.pl2

  • Small change to config.class.php to allow for easier multi-site implementations (Mark)
  • Fix to allow direct calling of style/js cache files to help reduce server load on sites that must reload the PHP processor each time (Mark)
  • Added path_rdf to fusionrecue.php set of fields to edit (Mark)

glFusion v1.1.4.pl1

  • Fixed permission issue where story.admins and topic.admins were not given the proper permissions on stories and topics. (Mark)
  • Fixed issue trying to retrieve user photo when anonymous user (Mark)

Bad Behaviour2 Plugin

  • Updated code base to v2.0.28 (Mark)

Calendar Plugin

  • Improved data validation to ensure values are properly set before attempting to use them. (Mark)
  • Fixed potential XSS issue when invalid data is presented during add / edit event (Mark)
  • Fixed issue where calendar submissions were not placed on the proper calendar (Mark)
  • Improved searching of personal calendars (Mark)

FileMgmt Plugin

  • Improved page titles (Mark)
  • Implemented multi-page comment support (Mark)
  • Apply file permissions for admin uploads too (Mark)
  • Fixed issue where new files did not always show up in the What's New list (Mark)

Forum Plugin

  • Added Permlink feature to icon_minipost.gif in forum posts (Eric)
  • Implemented WYSIWYG editor (Mark)
  • Fixed bug where deleting a category did not delete all the forum posts associated with the forums in that category (Mark)
  • Moved BBcode signature to the About You profile panel (Mark)
  • Streamlined the BBcode editor bar (Mark)
  • Implemented Eric Kingsley's forum notification mod - option to include full post in notification email (Mark)
  • Implemented a hook for Eric Kingsley's Medals plugin (Mark)
  • Query optimization on topic list page - reduced server load and overall performance improvement (Mark)
  • Implemented BBcode signature support (Mark)
  • Moved user preferences to user profile (Mark)
  • Implemented Community Moderation System (Mark)
  • Added forum.html feature (auto assigned to Forum Admin group) - allows owners to use HTML in forum posts. (Mark)
  • Added phpBB3 migration utility (Mark)
  • Improved page titles (Mark)
  • Added support for new glFusion PM plugin (Mark)
  • Clear the centerblock cache after importing story (Mark)
  • Fixed a potential XSS issue when invalid data is entered during link add / edit (Mark)
  • Fixed issue where children categories would become orphaned if the parent category changed category id (Mark)
  • Added support for auto tags in the link descriptions (Mark)
  • Improved SQL security (Mark)
  • Implemented the PLG_itemSaved() API (Mark)
  • Fixed issue where the default album theme was not being used on new albums (Mark)
  • Fixed issue where the parent album's group ownership was not always properly inherited by new child albums (Mark)
  • Added {search_album} template variable to the search output, allowing the album an item resides to be included in the search results display (Mark)
  • Renamed the 'Graphics Package' tab in the MG admin screen to 'Host Environment' to better reflect the real meaning of the tab (Mark)
  • Added new command line interface for batch imports into Media Gallery (Mark)
  • Added new option to allow media owner to edit media item (Mark)
  • Added new feature to allow mediagallery.admin to edit media owner (Mark)
  • Moved user preferences to user profile (Mark)
  • Fixed comment handling - multi-page comments did not work and user could not select comment order. (Mark)
  • Fixed issue where the media item date/time did not use local time when editing (Mark)
  • Fix issue processing large FLV files (Mark)
  • Modify album create to use the parent's group if no user specified group available (Mark)
  • Media Gallery does not always honor 'parent' album permissions when going directly to a sub-album. (Mark)
  • Coppermine import now pulls the user who uploaded the image from the Coppermine database and imports into Media Gallery (Mark)
  • Fixed issue where the image rotate option was not available in the media edit screen (Mark)
  • Fixed permission issue where non-members could view the full image using the popup.php script. (Mark)
  • Added ability for random image block to go directly to an image in the album view. (Mark)
  • Removed check for rss/ directory after configuration save (Mark)


  • Fixed comment handling - multi-page comments did not work and user could not select comment order. (Mark)
  • Fixed division by zero errors (Mark)
  • Special characters are not preserved in the remarks field (Mark)
  • Fixed issues where comments were not properly deleted, did not change when the polls id changed, and did not show up in the what's new block. (Mark)


  • Implemented PLG_itemSaved() API (Mark)
  • Fixed comment handling - allow multi-page comments (Mark)
  • Fixed issues where comments were not properly deleted, did not change when the static page id changed, and did not show up in the what's new block. (Mark)

What's New in glFusion v1.1.4

glFusion v1.1.4 is primarily a security and bug fix release, with a few minor feature enhancements thrown in.

This release does make configuration modifications, so you must run the Installation / Upgrade routine after you have loaded the files to your server.

Security Fixes / Enhancements

We have audited the glFusion code base and identified a few areas where coding best practices were not always followed. As a result, we have improved the data checks and validations on many SQL calls.

We’ve also consolidated some of the writable directories so we can reduce the overall number of directories that glFusion needs to have write permissions. Specifically, we have eliminated the Media Gallery rss/ directory and moved the Media Gallery RSS files to the glFusion backend/ directory. We’ve also moved the cached style.css and javascript.js files from the public_html/ directory into the layout_cache/ directory, so there is no requirement for glFusion to write to the public_html/ directory.

In glFusion v1.1.3 we implemented a new security feature that checks to ensure the IP address used to set the long term cookie is the same as the user who is trying to auto login with the long term cookie. This fix removes the ability for someone to steal a users password hash and login (masquerade) as that user. We found this ‘fix’ can cause issues to users who are behind multiple proxy servers where the IP address can change very often. In glFusion v1.1.4 we’ve added the ability to disable this security check.

We added some additional protections to Media Gallery so users cannot upload malicious files if the album is configured to allow any file type.

Security of your web site is very important to us. If an vulnerability is found, we try to fix it immediately. The challenge is informing our users of the risk and the fix. We now offer the glFusion Announce Mailing List that you can subscribe to. We will post all known issues and security issues to this list. We also offer a Known Issues / Security Updates RSS feed you can subscribe to as well.

Custom Language Overrides

You now have the ability to override any of the language file texts with your own custom language file. Custom language files would go in the private/language/custom/ directory. The files should only contain the actual language text you want to override, not the entire language file. For example, if I want to override the text:

    "This email was sent to you by %s at %s because they thought you might be interested in this article from {$_CONF['site_url']}.  This is not SPAM and the email addresses involved in this transaction were not saved to a list or stored for later use."

It is located in the language file stored in the $LANG08[23] variable, so my override file would be:

$LANG08[23]='This is my override text';

During the next upgrade you won't have to worry about your customizations being overwritten!

User Stats

We've added a new PHP block, phpblock_lastlogin() which will display that last 5 users to log into the site.

We've also added a list of the last 10 users logged in to the stats page.

Improved CSS and JavaScript Handling (again!)

At one time, glFusion used css.php and js.php PHP scripts to send the stylesheet and javascript to the browser. This was great for performance in sending the data to the browser, but it added a lot of load to the web server. In the previous release of glFusion, we moved to using a cache file, this provided the benefit of the speed to the browser with lower load on the server. While this worked well, it did require that the public_html/ directory had to be writable, which we believe is not the best security practice.

In glFusion v1.1.4, we've found a good compromise on speed, load, and security. We've implemented an improved css.php and js.php that does not place any additional load on the server, maintains the speed of sending the data to the browser in a single HTTP call and does not require the public_html/ be writable.

You will need to update your htmlheader.thtml file if you have a custom version on your site!

When you log into a glFusion site, a long term cookie is set in the browser that contains an encrypted version of your password. This allows you to automatically login to the site hours later. In v1.1.3 we added a security control to validate the IP address of the user to the IP address that originally created the long term cookie. This works great in most cases and removes the ability to someone to masquerade as another user. Unfortunately, if you have users who surf the web while behind a set of proxy servers, their IP address may change with each page load. We’ve now included the ability to turn off this check if it is causing problems for your users.

To turn off the IP check, edit your siteconfig.php file and add (or modify if there already) the following line:

$_SYSTEM['skip_ip_check'] = 1;  // 0 = Check IP  1 = Do not check IP

Object Editing

We've added the ability to change the owner on static pages and files in the FileMgmt plugin.

Other Enhancements / Bug Fixes

  • Remove spaces from block arrays to ensure no trailing spaces are converted to commas (Fix provided by James) (Mark)
  • Allow anonymous users to email admin using contact form regarless of login requirement (Mark)
  • User profile page did not properly honor showonline status and accept email from user status (Mark)
  • Integrated last 10 logged in users into stats
  • Integrated User Activity (phpblock_lastlogin) block (Mark)
  • Trim trailing spaces from username during login authentication (Mark)
  • Only allow non-Root mail.admin users to email users in groups the mail.admin user belongs to (Mark)
  • Search did not display proper results when search string contained % (Mark)
  • Added ability to enable / disable plugins in fusionrescue.php (Mark)
  • Added permission check for MG tmp directory during install / upgrade (Mark)
  • Added CUSTOM_js() hook to allow addition of other JS files (Mark)
  • Advanced path settings in the installation screen are not updated if base path changes (Mark)
  • Group editor did not properly save additional groups or features (Mark)
  • Set height of logview window to facilitate easier horizontal scrolling (Eric)
  • Moved css and js cache files to layout_cache/ directory (Mark)
  • Added $_SYSTEM['skip_ip_check'] to disable the long term cookie IP check (Mark)
  • Handle disabled set_time_limit() function better in plugin upload routines (Mark)
  • Fine tuned SQL calls to help prevent injection / other issues (Mark)
  • Force IE8 to use IE7 compatibility mode to resolve text entry issues with the forum plugin (Mark)
  • Properly filter the topics array prior to using in SQL in usersettings.php (Mark)
  • Add CRLF between each JavaScript file (Mark)
  • Language overrides - the ability to override language file entries using a custom language file (Mark)
  • Additional security tweaks (Mark)
  • Use of adveditor in block editor does not permit use of image insert or file upload connector (Mark)
  • Implemented 'passwd' configuration type, this allows passwords in the configuration screen to be properly masked (Mark)
  • Story submission does not clear the Site Tailor menu cache which results in the topic story count being wrong (Mark) (story.class.php)
  • Installation did not properly detect missing siteconfig.php.dist file (Mark)
  • Advanced search using date range did not return stories or comments in that date range (Mark)

FileMgmt Plugin

  • Do not allow user to select the current category as it's own parent (Mark)
  • Call stripslashes() on file description prior to emailing admins of new upload (Mark)
  • Ability to change the owner (submitter) of a file (Mark)

Forum Plugin

  • Root users could not post to read only forums (Mark)
  • Set width for text formatted code blocks in forum when using a fixed width layout (Eric)
  • Fixed issue where duplicate forum names (different categories) did not show in the forum selection list for moderation functions. (Mark)

Media Gallery Plugin

  • New config setting: $_MG_CONF['use_large_stars'] - if set to 1, the larger stars will be used in the album view instead of the smaller stars. (Mark)
  • Added option to phpblock_mg_randommedia to link to album instead of media. Modify the block function to phpblock_mg_randommedia(album) (Mark)
  • Added option to statically sort an album by rating (Mark)
  • FTP import did not properly add trailing backslash if missing (Mark)
  • Moved RSS feed files to the glFusion backend/ directory (Mark)
  • Email moderators option did not appear in album edit / create (Mark)
  • Under some circumstances creating an album would fail with an SQL error (Mark)
  • Fixed issue where 'slideshow' auto tag did not honor the media_order field (Mark).
  • FTP batch import would crash with SQL error (Mark)
  • Added [alink] auto tag to allow text links to albums (Mark)
  • Slideshow autotag does not honor caption option in config. (Mark)
  • Improved error handling when a user tries to access a media item they do not have permission to view (Mark)
  • Random image block did not change (Mark)

Site Tailor Plugin

  • Copy menu does not work (Mark)

StaticPages Plugin

  • Handle session timeouts more gracefully (Mark)
  • Added option to edit the author and owner (Mark)
  • Unable to upload images via the advanced editor when cloning a story (Mark)

What's New in glFusion v1.1.3

glFusion v1.1.3 is primarily a security and bug fix release, with a few minor feature enhancements thrown in.

This release does make database modifications, so you must run the Installation / Upgrade routine after you have loaded the files to your server.

Security Fixes / Enhancements

There are three security updates included with this release to address the following issues:

SQL Injection Issue which could allow an attacker to compromise (gain access) to any user's password hash. This was a very serious vulnerability which could allow your admin user account to become compromised.

User Masquerading which would allow anyone to log in as any user if they knew the password hash of the user. By setting the appropriate cookie on their own browser, you could bypass the user name / password screen and log in directly. Combined with the SQL Injection issue above, this would allow an attacker to easily log in as any user.

Cross Site Scripting (XSS) Issue which could allow an attacker to use a glFusion site in cross site scripting attacks.

All of these issues have been fixed in glFusion v1.1.3 and some additional checks have been included to help prevent future issues like these.

Security of your web site is very important to us. If an vulnerability is found, we try to fix it immediately. The challenge is informing our users of the risk and the fix. We now offer the glFusion Announce Mailing List that you can subscribe to. We will post all known issues and security issues to this list. We also offer a Known Issues / Security Updates RSS feed you can subscribe to as well.

Ability to turn on / off template caching

Caching of the template files generally provides a significant performance boost, but we have found in some environments it can actually have a negative impact on performance. Specifically, on sites where the disk access is slower, caching of the templates will slow down the site and add to the server load. A good is example is Windows based servers that use network shares to store the web directories.

You now have the ability to control whether or not the templates are cached. In the Online Configuration system, under Themes, is the new option Enable Template Caching. We recommend you do your own tests, disable caching and see how it affects the performance of your site.

Template Comments

glFusion uses several small template files to assemble each web page. It can be difficult to understand which template to modify to affect a change to the look and feel of your site. While not a new feature, glFusion has always supported having comments in the template files that are stripped before sending to the browser. These comments are surrounded by {# …comment here #}. The new feature in v1.1.3 is the ability to convert these internal template comments into HTML comments. This means any {# #} will be translated into <!– –> so you can see them when viewing the source of your rendered web page.

We have also added a special template variable called templatelocation which is replaced the physical location and name of the current template file. We have added the following comment to every .thtml template (in private/plugins as well as public_html/):

  {# begin {templatelocation} #}
  {# end {templatelocation} #}

If you enable Template Comments, when you view the source of your page, you'll see something like this for each template used to build the page:

<!--  begin /usr/home/www/private/plugins/polls/templates/pollanswer.thtml  -->
  <li><input type="radio" name="aid[0]" value="6" />&nbsp;Other</li>
<!--  end /usr/home/www/private/plugins/polls/templates/pollanswer.thtml  -->

You can now easily see what template is being used, the content it produces, and where it ends.

It is not recommended to enable this feature on production sites (or leave enabled for a long period of time) since it does expose physical paths on your server.

Hide Story Date / Time

glFusion has always had the ability to show or hide most of the Story Information information like author, views, mail story, etc. The ability to hide or show the story date / time was never included. We've solved this oversight by adding the option to show or hide the story date / time.

Improved CSS and JavaScript Output

glFusion v1.1.1 added a new feature to consolidate all CSS and JavaScript output into a single reference point for the browser. This significantly improved the page load times. Now that this feature has been well exercised, we've also discovered it can add some extra CPU load to the server. We've redesigned how the CSS and JavaScript is spooled so we now have the best of both worlds, improved page load times and no additional server load.

If you have a custom htmlheader.thtml file, you must update it to be compatible with this change. See the Template Changes section for details.

User Profile Screen Improvements

We moved the Current Password field to the top of the entry form. Since a user must enter their current password to change their existing password, it makes sense to have it listed before the new password fields.

We've also added a Password Strength meter to give feedback to the user on how secure their password really is.

Other Enhancements / Bug Fixes

  • What's New block did not honor the URL rewrite setting for stories (Mark)
  • Increased size of Forum category title text (Eric)
  • Not all StaticPage options are cloned (mark)
  • The theme API themename_themeJS() has been renamed to theme_themeJS() and no longer relies (or uses) the themename. (mark)
  • Removed PDF option references and consistency fixes in story templates (Eric)
  • Fixed issue where 1 or 111 would show up in templates (Mark)
  • Updated getID3() to latest production release (Mark)
  • Static page bullets not working in IE and proper nesting of typography icons (Eric)
  • Search box text is hard coded in header.thtml (Eric)
  • Forum code block max width breaks fixed width layouts (Eric)
  • After mailing users, screen refreshes to admin/moderation.php not admin/index.php (Eric)
  • Language & Layout inconsistencies (Eric)
  • Improved error detection when sending emails (Mark)
  • Tweaked plugin upload to not crash when hitting certain permission errors (Mark)
  • “Edit a Comment' is hard coded in the source (mark)
  • Sending trackbacks to WordPress sites fail (mark)
  • Uploading large plugins could error with max_execution_time exceeded (mark)
  • The template library does not properly handle double dashes (–) in the item id when creating the instance cache HTML comment (mark)
  • Hide “Comments (0)” indication when there are 0 comments (Eric)
  • Default text size for textarea (Eric)
  • Menu graphic <li> background does not display in IE6 (Eric)
  • “No boxes” should read “No Blocks” in Account Settings (Eric)
  • Clean up loginform.thtml (Eric)
  • Copy icon broken in site tailor (Eric)
  • Default topic was not selected on new stories (mark)
  • htmlLawed has been upgraded to v1.1.7.2 (mark)
  • Deleting a plugins files (without uninstalling the plugin) causes glFusion to crash (mark)
  • Postcards do not display properly in mail client (mark)
  • CUSTOM_templateSetVars() does not work for story templates (mark)
  • Icon for additional profile API broken (mark)
  • Added default mooDrawer and mooMorph example widgets (Eric)

Calendar Plugin

  • Implemented getheadercss() - allows admin to have custom style.css (Mark)
  • Cannot edit minutes field in Event Start Date after 1.1.2 upgrade (mark)


  • If using the 'general' option to enable CAPTCHA in a static page, there is no template variable to pass (mark)

FileMgmt Plugin

  • If uploads are not moderated, the extension mapping rename is not performed. (mark)

Forum Plugin

  • Added ability to have custom style.css in theme/plugins/forum/ (Mark)
  • Removed duplicate configuration data from config.php (Mark)

Media Gallery Plugin

  • Added $_MG_CONF['play_mp4_flv'] option to play MP4 video in Flash Video Player (Mark)
  • Added ability to have custom style.css in theme/plugins/mediagallery/ (Mark)
  • Fixed gallery_remote issue where parent/child relationship was not properly set (Mark)
  • Fixed some cosmetic issues with Coppermine import (Mark)
  • Search results do not honor the gallery view thumbnail size. (mark)

Polls Plugin

  • Added ability to have custom style.css in theme/plugins/polls/ (Mark)

Site Tailor

  • Canceling edit of menu item returns to menu listing instead of element list (mark)
  • When trying to edit a menu's elements, it crashes with editTree() error. (mark)

What's New in glFusion v1.1.2

Even though this release is called an incremental release, there are several new features to improve the overall site administration experience.

Enhanced Installer / Upgrade System

We have completely rewritten the installation and upgrade routines to be much more user friendly and provide better feedback if there are environment issues or problems are encountered.

You also have the ability to select which plugins are installed and whether you want to have the sample content loaded.

Plugin Installation

We have completely redesigned how you install plugins. What was once a very cumbersome process is now handled with just a few mouse clicks. You no longer need to FTP the plugin, instead you will use an integrated upload system.

On the Plugin Administration screen, you’ll see a new area where you can select a plugin to upload. Once it is uploaded, glFusion will validate that it has the proper permissions to copy all the files, create any needed configuration files and install the plugin. You can also upgrade existing plugins as well. We’ve made some changes to the plugins themselves to support this new auto installer. The following plugins have been updated to work with the latest version of glFusion:

  • DokuWiki
  • Data Proxy
  • Site Map
  • Tags
  • evList
  • GUS
  • Forum
  • Media Gallery
  • FileMgmt
  • Bad Behavior2
  • Calendar
  • Links
  • Polls
  • Static Pages
  • Spamx

The installer will also help you install old style plugins by copying the necessary files to the proper location, but you will still have to select the Install link for the plugin administration screen. Not only does this make installing plugins almost painless, it will give us the ability to easily distribute upgrades to the bundled plugins without having to wait for a full glFusion release.

System Maintenance Configuration / Enhancements

We have enhanced the handling of system maintenance configuration options:

  • site_enabled
  • rootdebug
  • no_sql_fail

and also added 2 new options:

  • maintenance_mode
  • no_cache_config

All of these are now set in the siteconfig.php using $_SYSTEM[] variables instead of $_CONF[], which means they will not be cached.


If this option is set to false, all visitors to your site will be presented with a Site not available message. You can control the contents of this message in the online configuration setting called Site Disabled Message or URL. You enter the text to display, or the full URL to a HTML page to display.

The default setting for this option is true.


This option places your site into a special maintenance mode. Only users who are a member of the Root group will have access to the site. All other visitors will be greeted with the Site not available message. Maintenance mode uses the same site disabled message as the site_enabled option.

You must log into your site as a root user prior to changing this setting. Once maintenance mode is enabled, no users (including regular administrators) will be able to login.

This mode is useful if you have some maintenance work to do like installing a new plugin, reorganizing content, etc. If you are making system changes, such as restoring a database or other maintenance which would interrupt the operation of your site, you should use the site_enabled option instead.

The default setting for this option is false.


This option will disable caching of the site configuration data. Generally you should use the caching feature as it provides a significant performance improvement. But, when you move a site or accidentally enter incorrect data via the online configuration system, having the option to disable the cache can come in handy.

The default value for this setting is false.


This option will enable additional debugging information in the event the site experiences the An unexpected error has occurred message.

This option should not be enabled on production sites since it will display configuration options and other details that could expose confidential data such as database logins, etc.

The default value for this setting is false.


This option will cause glFusion to ignore any SQL related errors. This option can be enabled when you receive the ‘An SQL error has occurred’ message. This will temporarily disable the crash and allow you to debug or resolve the issue.

The default value for this setting is false.

Auto Detection and Repair of Crashed Sessions Table

A long standing problem with glFusion has been the session database table. If your database server crashes, many times it would leave the sessions table in a ‘crashed’ state which prevents your site from loading. We have added some additional functionality to detect when the sessions table is marked as crashed and we attempt to automatically repair it.

FCKeditor Upgrade

We have upgraded the advanced editor, FCKeditor, to the latest production release of 2.6.4. This new version introduces the WebSpellChecker integration, a zero-installation solution for spell checking provided by You will now have a wonderful spell checker running out of the box, requiring no server side installations and configurations.

Several bug fixes and new features have been added, especially to the table support, including the ability to define header rows and columns in tables.

Per User Directories for FCKeditor Uploads

One of the drawbacks to using the advanced editor in a shared environment is that during the image upload process there is only one library of files that is shared by all users, including the site administrators. We’ve implemented an experimental feature that will now give each user their own library space, so they will only see their own images. Site administrators (users with the story.edit permission) will still see all libraries.

To enable this feature, set $_CONF_FCK['editor_images_by_user'] = true; in the siteconfig.php file.

The default value for this setting is false.

User Creation

If you manually create a new user, you now have the option to send the user their login credentials via email at the time you create the user.

Password Generation

We have modified the routine to generate random passwords so it no longer uses characters that are easily mistaken. For example 1, I, and l are often difficult for user to distinguish.

Clone Story Feature

A new option is available from the Story List view that allows you to clone an existing story.

Improved Handling of Disabled /Non-Installed Plugins

If you have a plugin's files loaded, but have not installed or have disabled the plugin, glFusion will now force a HTTP 404 (Page not found) error instead of dying with a SQL error. You can easily override how the access is handled by defining your own CUSTOM_404() function in lib-custom.php. See lib-custom.php.dist for a sample implementation.

Improved IE8 Support

We found a few areas that didn't work well in IE8 RC1, specifically the advanced editor due to a bug in IE8. We've made some changes to how the JavaScript is handled with improves IE8 RC1 interactions.

Improved Index Page Load Times

We've optimized the SQL that generates the main page resulting in much quicker load times. This is very apparent when you have several thousand articles. In one of our test sites we loaded 35,000 articles into the system. The query optimizations cut the index page load time by 40%.

Aesthetic Improvements

We’ve enlarged the text entry box for all email functions when you are using the plain text format.

Bad Behavior2

Upgraded Bad Behavior2 to the latest released version 2.0.26.

Calendar Plugin Enhancements

We have rewritten the submission system for both the Calendar plugin and the Links plugin. The problem with the previous version was if there were any errors on submit (incorrect CAPTCHA or missing fields), all entered data was lost. This is no longer the case.

Calendar Submission Restriction

We've added the ability to turn off calendar submissions for non admin users. To enable this feature, set Only allow Admins to Submit to true from the Calendar's Online Configuration screen.

FileMgmt Plugin Enhancements

Support Remotely Hosted Files

You now have the ability to specify a remote URL to a file, instead of a local file, for download.

Support for Storing Files Outside the Web Root

You now have the ability to store the files outside of the webroot area.

Email Filemgmt Admins When a New File is Submitted

An email notification will be sent to the filemgmt Admin group when a new file is uploaded to the submission queue.

Forum Plugin Enhancements

Ability to Move a Forum Between Categories

You can now easily move a forum to another category.

Added New Posts Tab

We've added a New Posts tab to the forum view that tracks the forums / posts you've subscribed to and when you login it will display unread posts since you're last visit.

Bug Fixes

  • W3 validation fix for forum centerblock provided by Ironmax (Eric)
  • Several fixes dealing with busy / quiet forum icons (Mark)
  • Fixed security issue where a user could edit another user's post if they knew the correct URL (Mark)
  • Fixed a security vulnerability in the popular topic listing. The list did not properly filter posts by permission allowing posts that a user did not have read access to be listed. Reported by Eric Kingsley (Mark)
  • Implemented ability to manage bookmarks from the bookmark screen (Mark)
  • Fixed bug in Site Member Report that displayed the wrong number of total users (Mark)
  • Fixed absolute include of lib-users (Mark)
  • Added missing allow memberlist configuration to config.php (Mark)
  • Fixed issue with usernames containing special characters (Mark)

Load in New Window Option

We have added a new option to allow links to open in a new window.

Improved Submission Process for Calendar / Links

We have rewritten the submission system for both the Calendar plugin and the Links plugin. The problem with the previous version was if there were any errors on submit (incorrect CAPTCHA or missing fields), all entered data was lost. This is no longer the case.

If you have enabled Media Gallery's Member Album functionality, you can now have a link to a user's member album placed in the My Account block.

To enable this feature, set $_MG_CONF['link_to_member_album'] = 1; in the Media Gallery config.php file (private/plugins/mediagallery directory).

Gallery Remote has been enhanced to work with F-SPOT gallery. This allows F-SPOT users to directly export media from F-SPOT to Media Gallery.

Bug Fixes

  • Added a check to ensure the trailing backslash is placed on the temp directory path (Mark)
  • Fixed issue where enrolling in Member Albums would cause SQL error (Mark)
  • Fixed bug with generating unique slideshow ids (Mark)
  • Improved error trapping for permission issues on upload (Mark)
  • Updated MG import for stories to use new story class (Mark)
  • Removed references to non-existent usage.html (Mark)
  • Turn off version checking in config.php (Mark)
  • Updated the EXIF library to latest release (Mark)
  • Add support for newlines in postcard email. (Mark)
  • Fixed a missing global variable which caused batch image rotate to fail (Mark)
  • Added check to rating code to validate if login is required and if user is logged in (Mark)
  • Fixed bug where the global edit of 'enable_postcards' failed. (bug #0000294) (Mark)
  • Fixed bug where email did not properly send for uploads and postcards (Mark)

Site Tailor Plugin Enhancements

We have added 2 auto tags to Site Tailor: vmenu and hmenu. This will allow you to easily include menus in static pages.

[vmenu:menuname] – This will insert a vertical-cascading menu
[hmenu:menuname] – This will insert a horizontal-cascading menu

No Logo Option

You now have the ability to specify that no logo be displayed. This can be useful when you are using a header background image that already contains a graphic image.

Other Changes

  • Implemented clone menu and multi-language support (Mark)
  • Fixed issue where color was not properly used (Eric)
  • Improved instance cache operations when editing a menu element (Mark)
  • Improved handling of missing plugins when associated with a menu item (Mark)
  • Fixed 'Display After' not showing proper entries when editing a second level menu (Mark)
  • Fixed issue where a blank URL would always have http:// added to the beginning of the string (Mark)

Static Pages Plugin Enhancements

Ability to delete Static Pages from Admin List

New option to remove static pages

Aesthetic Improvements

We’ve enlarged the size of the Static Pages edit window when using the advanced editor.

glFusion Core Bug Fixes

  • Fix issue with creating icons and block help links properly with SSL sites (Mark)
  • Added ability for path to speck.gif to be set on install (Eric)
  • Fixed broken reference to images/speck.gif in gl_moorotator-block.js (Eric)
  • Fixed stripslashes error where fullname was not properly stripped on user edit (Mark)
  • Fixed SQL error when admin saves user, loginname was not properly escaped and would cause SQL error if it contained an apostrophe (Mark)
  • Made Google style search results title larger for improved readability (Eric)
  • W3 validation fix for forum centerblock provided by Ironmax (Eric)
  • Updated Docs icon in Command & Control (Eric)
  • Flipped orientation of cart icon in public_html/layout/nouveau/images/ (Eric)
  • Removed nowrap from FileMgmt categories and sub-categories for better layout (Eric)
  • Implemented $_SYSTEM['swedish_date_hack'] to resolve PHP's strftime() deficiencies with UTF-8 Swedish characters. (Mark)
  • Added ability to change topic and story owners (Mark)
  • Fixed user profile display bugs - now properly honor show online, record last login, and show fullname configuration settings (Mark)
  • Implemented improved handling of user profile page when user photos are disabled (Mark & Eric)
  • Remove cached story (old version) if SID changes (Mark)
  • Fixed crash on Windows platform when time is calculated as negative (Mark)
  • Added PLG_profileIconDisplay() to allow plugins to display an icon under the profile image (Mark & Eric)
  • Fixed ImageMagick error when rotating images, patch by LeeG (Mark)
  • Added option to force the site email as the From: email address (Mark)
  • Added RFI checks to all SQL and language files (Mark)
  • Added clear float after mooslider in lib-widgets (Mark)
  • Clear array prior to use in lib-plugins to prevent previous plugin menu entries from showing (Mark)
  • Fixed bug where Keep Unscaled Image setting was ignored (Mark)
  • Account Settings interface naming consistency fixes (Eric)
  • Removed unused gltips.thtml template file (Eric)
  • Log error message when token check fails (Mark)
  • Cleaned up Configuration screen setting labels, made more uniform (Eric)
  • Added missing addchild.png image for Links plugin Category admin screen (Eric)
  • Added Bulgarian install language (Mark)
  • Added styled error message (Eric)
  • Fixed AM/PM going onto second line randomly in forum lastx view (Eric)
  • Fixed bug where searching for _just_ a date range would fail (Mark)
  • Replaced ini_set() calls for include path to set_include_path() (Mark)
  • Removed height property from .profile-image to maintain original aspect ratio of picture (issue 333) (Eric)
  • Updated htmLawed to v1.1.6 (Mark)
  • Fixed issue where user groups did not save from user edit screen (Mark)
  • Prevent mailer from crashing if unable to connect to SMTP server (Mark)
  • Fixed issue where HTML emails were being sent in plain text format (Mark)
  • Fixed a couple of bugs when mailing a story:
    - HTML mode was not honored
    - Selecting plain text did not work
  • Reworked forgotten password handling (Mark)
  • Validate arrays prior to using them - prevent permission crashes (Mark)
  • Fixed missing global declaration in image watermarking (Mark)
  • Do not use config cache if not writable (Mark)
  • Added new COM_isWritable() (Mark)
  • Refreshed PEAR libraries with latest versions (Mark)
  • Resolved a search issue if query was empty but topic was not (mark)
  • Comments always show username, regarless of show_fullname configuration setting - Port from Geeklog (Mark)
  • Do not filter non-HTML email messages (Mark)
  • Fixed bug where [imageX] did not allow more than 1 image per story (Mark)
  • Change mailer text to glFusion CMS (Mark)
  • Removed extra : (colon) from template (already in language file) (Mark)
  • Fixed error in emailglfusionstories that would include banned and non-active users - Patch by cchiapusio (Mark)
  • Replace preg_replace with more efficient str_replace (Mark)
  • Incorrect function used when extracting links (Mark)
  • Remove EXIF processing from getID3() library for JPG files, not needed and fails miserably when corrupt meta data exists. (Mark)
  • Properly encode spaces in XML (Mark)
  • Allow standard mime types when uploading batch users (Mark)
  • Implemented fix JS for IE8 and vertical cascading menus (Mark)
  • Fixed logic processing in template class (Mark)
  • Handle UTF-8 encoded configuration settings better (Mark)
  • Check username length (Mark)
  • Pass error message when speedlimit error (Mark)
  • XHTML Fix in lib-plugins.php (Mark)
  • Fixed spelling error (no code changes) (Mark)
  • Added nofollow attribute to comment reply (Mark)
  • Added nofollow attribute to email links (Mark)
  • Moved wiki processing to its own functions (Mark - port from Geeklog)
  • Admin index did not display informational messages (Mark)
  • Implement COM_showMessageText() (Mark - port from Geeklog)
    - Implement COM_showMessageFromParameter()
  • Fixed bug in COM_getYearFormOptions()
  • Add lang direction to article template (Mark)
  • Searches with & (or other special chars) would fail on stories and comments and several plugins (Mark)
  • Fixed wrong use of COM_isAnonUser in COM_getPermSQL (port from Geeklog)
  • Fixed STORY_getItemInfo - need to check the draft flag and for a publish date
  • Admin lists allowed non-sortable columns to be sortable (port from Geeklog)
  • URL Rewriting can fail on certain web servers. Now check to ensure the arguments are properly calculated. (Mark)
  • Enhanced fusionrescue.php to allow session table repair (Mark)
  • Fixed issue where links to the help documents do not appear for plugins in the online configuration. (bug #0000292) (Mark)
  • Fixed issue when saving a story from the submission queue could crash under certain circumstances. (bug #0000295)
  • Fixed bug where the URL query string could be duplicated when determining the current URL (bug #000293) (Mark)
  • Improved error handling in the image processing routines (bug #0000296) (Mark)

What's New in glFusion v1.1.1

glFusion Core Modifications

  • Fixed bug where contacting a user would try to redirect to profile page when profileloginrequired = true (Mark)
  • Added rdf_file to the fusionrescue.php fields (Mark)
  • Fixed IE6 bug with the block menus (Eric)
  • Fixed issue with openbase_dir restrictions when processing mime types (Mark)
  • Added new multi-byte function: MBYTE_is_utf8() returns true if a valid utf-8 string (Mark)
  • Configuration now checks to see if plugin help file exists before placing the help icon next to the configuration option (Mark)
  • Cleaned up login form (Eric)
  • Update MooTicker RSS feeds (Eric)
  • Added feature to plugin_autouninstall to purge configuration data if it exists (Mark)
  • Several folks reported issues including the Date/TimeZone.php file from the included pear modules in the usersettings.php. Now use full path if have_pear is set to false (Mark)
  • Ensure a mime type is set when uploading files (Mark)
  • Fixed a bug when highlighting a query and the text contains regex type items.
  • Reworked the search algorithms
  • Fixed bug where username did not show in the search Author: field, instead the current username repeated over and over (Mark)
  • Fixed bug where no more than 5 images could be uploaded to a story (Mark)
  • Moved the configuration cache file into the data/layout_cache/ directory. (Mark)
  • Searching - Fixed improper use of stripslashes() on the results (Mark)
  • Fixed an issue where the bbcode parser could exhaust system resources. (Mark)
  • Moderation fails with a 2 - Missing argument 1 for draftlist() error (Mark)
  • Added missing security token to trackback editor (Mark)
  • If login is required for search and disable_new_registrations is true, non-logged-in users who performed a search were presented with a link to the 'New User' page. Removed the New User link if registration is disabled. (Mark)
  • Fixed a problem that only appears if the configuration setting for Languages is set, but Language Files is not (Mark)
  • Removed reference to required_bg.gif in style.css (Mark)
  • glFusion did not honor the show_right_blocks setting (Mark)
  • Removed reference to missing graphic on gllform. class. (Mark)
  • Fixed broken API COM_sanitizeUrl(). We removed the allowed_protocol configuration option but neglected to update this function. (Mark)
  • Enhanced error check when reading EXIF data from JPG images, ensure that corrupted images do not cause the application to fail. (Mark)

Calendar Plugin

  • Fixed an issue where the day of the week name would not properly display on UTF-8 sites (Mark)

FileMgmt Plugin

  • Fixed a bug where non-approved uploads would show in RSS feed (Mark)
  • Auto tags did not work properly if URL rewrite enabled (Mark)
  • Filesize was set to 0 bytes when approving user submitted files (Mark)

Forum Plugin

  • Fixed bug where it would not return you to the post you just edited, instead it would take you to the first post. (Mark)
  • Added a feature to turn on / off the FileMgmt integration with the Forum plugin for storing uploaded files. (Mark)
  • Fixed issue where notification email is off my one reply id (Mark)

Static Pages Plugin

  • Fixed improper use of a bunch of stripslashes() calls. (Mark)
  • Media Gallery: If both width and height were passed to a video auto tag, neither the width or height were properly set. Also, fixed a variable name that was mistyped (Mark)
  • img auto tag with alignment will not always work with IE. (Mark)
  • Fixed issue with header parsing in the gps.php module (Mark)
  • Fixed an issue when importing from Gallery v1.x, the import would fail on empty Gallery albums. (Mark)
  • Fixed error in watermarking code that caused application to fail. (Mark)

Bad Behavior2 Plugin

  • Upgraded to v2.0.25 (Mark)

What's New in glFusion v1.1.0

Improved Search Engine / Results Page

Implemented a new search system, compliments of the Geeklog participation in the Google Summer of Code project. Sami Mazen Barakat is the student who developed the new search functionality. He was mentored by Randy Kolenko. What they developed is in our opinion one of the best enhancements for Geeklog and it is reflected in glFusion. Search results are now presented in an integrated format with short descriptions of the search results. There are several new configuration options to allow you to customize how search will work on your site.

Improved Comment System

Another Geeklog Google Summer of Code project was to enhance the comment system. The goal was to allow comments to be edited and also moderated. glFusion has implemented the features that allow a user to edit their comments (admin configurable) and to also set an automatic comment close date on articles. glFusion has not implemented the moderation feature at this time. Jared Wenerd is the GSOC student who developed these enhancements. He was mentored by Michael Jervis on the Geeklog team. This is another excellent enhancement that brings tremendous value to Geeklog and glFusion.

Consolidated CSS and JavaScript

glFusion uses several CSS and JavaScript files to accomplish some of its great Web 2.0 features. To allow you to customize parts of your site, we have separated out the CSS into several files. As a result, page load times were a little longer since there were so many requests from the browser to the server to get each of the individual files. We've solved this problem by consolidating all the CSS into a single call statement. We've done the same thing for all the JavaScript files as well. Now, only two statements are required to load all the CSS and JS. We've leveraged the caching technology used in glFusion to make building and serving of the files much faster. As a result, we're seeing about a 20% reduction in page rendering / load times!


If you are using what we call a 'legacy' theme, that is one that is based off the stock professional theme included in Geeklog, you will need to make a few minor modifications to your header.thtml template. See Legacy Theme Support for more details.

Multiple Menus with Site Tailor

We've enhanced Site Tailor so you can now create multiple menus. You'll notice the new Navigation menu here in the left navigation bar. The footer menu is also administered via Site Tailor. You can now create and customize multiple block menus and even get creative and place a horizontal navigation menu in a static page. glFusion now has a full featured integrated menuing system!

Forum Enhancements

glFusion v1.0 included the Forum plugin by Blaine Lang, with the ability to set bookmarks. New with glFusion v1.1.0 is the ability to easily sort your bookmarks. Check out the new Bookmark tab in the Forum navigation bar to sort your bookmarks by Forum, Topic, Title, Views, and Date.

We've also added a Latest Posts tab. This will display the last n (where the site admin sets the value for n) number of posts. What we've noticed in usage of the system, is that we've fallen victim to relying on the Forum centerblock on the homepage to see new forum posts. Since it only lists 10 items by default, we found we were missing some posts on days with lots of activity. Now, we can easily see the last say 50 posts to make sure we don't miss anything!

Administrative Enhancements

We've made a few tweaks to the Administrative interface as well. We've separated the Command and Control screen from the Submission screen. We've also added a new Log Viewer so you can easily monitor your common glFusion logs. Finally we've also added a configuration option to hide the Admins Only block except when you are on an administrative screen.

Online Configuration

With our ongoing effort to bring better integration and synergy to all the various parts and pieces of glFusion, we've moved the configuration options for CAPTCHA, Forum, and FileMgmt into the core glFusion online configuration system. This means no more config files to edit!

We've also implemented a caching technology for reading the configuration data with each page load. This new caching feature also improves page load times by a few milliseconds.

Media Processing APIs

We've moved all the media handling (resizing of images, thumbnail creations, etc.) out of Media Gallery and into the core glFusion code base. This means that all plugins can leverage the same media management code. So for example, attachments in the Forum are processed using the same code that images in Media Gallery are processed by. This gives you a single spot to configure your graphics drivers and provides a mature and consistent interface for all plugins to use!

Mail System Enhancements

We've modified the internal email handling routines to include improved HTML email support and secure SMTP (TLS or SSL). This makes it possible to use email providers like Gmail to send your outgoing emails through.

Security Enhancements

We have moved several files out of the public_html area into the private/ area to help improve site security. There is no reason to have library or include files sitting in the open web accessible directory. For those users upgrading from earlier versions of glFusion, we've included a utility called filecheck.php to assist with cleaning out the old files.

Default Widgets

Previously, the Nouveau theme included support for creating a variety of widgets that added functionality to your site. We've now moved those widgets out from under the Nouveau umbrella where they can be leveraged by other themes (some style files will need to be copied out of the public_html/layout/nouveau/ directory and into your layout).

We have also set up many default widgets to make it easy to customize and deploy. See the Widget Documentation for more info.

Profile Page Re-Design

The profile page has been re-designed to be more friendly to social networking features and to additional input coming from plugins, etc. The size of the default avatar has increased, so your users might want to re-upload an image if their current one appears overly stretched.

Detailed Change List for glFusion v1.1.0


  • Add IP to the log entry for failed logins (Mark)
  • Modified translation widget to keep Google from caching results (Mark)
  • Fixed issue where 'Read the full article' prompt did not display the URL in Thunderbird (Mark)
  • Forum: Fixed issue in Latest Post tab, did not use the latest reply date for the date column (Mark)
  • Forum: Changed 'Date' column title to 'Latest Post' in Latest Post Tab (Mark)
  • Modified index maintenance (cleanup) to no longer produce fatal errors if the index does not exist (Mark)
  • Cache JS by theme (Mark)
  • Fixed conflict with lib-portalparts.php (Mark)
  • MediaGallery: Fixed issue where children albums with more open permissions were showing in the What's New block causing an error when selected (Mark)
  • Fixed error with forgot password screen displaying new user registration regardless of Disable New User Registration setting (Mark)
  • Fixed crash when no stories exist and auto close comments enable (Mark)
  • Fixed PHP5 only call in configuration (Mark)
  • Fixed XHTML compliance issue with Last X posts in Forum (Mark)
  • Fixed mime detection problem in upload.class.php (Mark)
  • Fixed issue with forum notification not displaying the remove link (Mark)


  • Fixed issue where unset / set config options did not clear cache (Mark)
  • Added additional Media and Number list styles to default typography (Eric)
  • Added default configured widgets to new install (Eric)
  • FileMgmt: decode the sort options to prevent SQL error (Mark)
  • Resolve missing date field in polls table on upgrade (Mark)
  • Migration from Geeklog failed due to incorrect return code (Mark)
  • Properly initialize default photo configuration option (Mark)
  • Several small XHTML fixes (Mark)
  • Fixed comments auto close (it would close immediately) (Mark)
  • Site Tailor: Properly initiate fValidator class on create menu (Mark)
  • Removed unused gllabsform.css (Mark)
  • Added filecheck.php to assist with source file cleanup (Mark)
  • Site Tailor: Clear CTL after menu reset (Mark)
  • Force MyISAM table types (Mark)
  • Site Tailor: Updated menu builder prompts to better reflect item being edited (Mark)
  • Updated / added online help documentation (Mark)
  • Added ISO country code translation (Mark)
  • Site Tailor: Make header, navigation, footer menu permanent (Mark)
  • FileMgmt: Fixed invalid &nbsp (missing semi-colon) (Mark)
  • Added #top to default footer menu (Mark)
  • Added Auto Translations widget block for automatic site translation (Eric & Mark)
  • Added private/system/lib-widgets.php as a place for widget javascripts and other functionality (Eric, Joe, & Mark)
  • Added digg link support and $_CONF['digg_enabled'] (Eric & Joe)
  • Created USES_ family of functions for included libraries not loaded by lib-common.php (Joe)
  • Moved COM_featuredCheck() to STORY_featuredCheck() (Joe)
  • Added local cache to (and reformatted code in) COM_getDisplayName() (Joe)
  • Added COM_showLoginRequiredMsg() (Joe)
  • Added blank index.html pages for directory security in various places in the public_html/ path (Eric)
  • Added new icons to match those defined in style.css (Eric)
  • Added additional gl_moosimplebox mootools javascript widget, with accompanying css and images, to allow creation of styled popup content boxes (Eric)
  • Send story did not send proper variable to PLG_itemPreSave() - Fix by Dirk Haun Geeklog team (Mark)
  • Fixed 'cookiedomain' being reported as changed in the Configuration - Fix by Dirk Haun Geeklog team (Mark)
  • Link plugin - Prevent overwriting existing links when changing the link ID - Fix by Dirk Haun Geeklog team (Mark)
  • Redesigned Profile page display - removed PGP display to a popup box, and added hard break at end to prevent plugin items from overlapping main profile page (Eric & Mark)
  • Forum plugin - added new configuration option to set display order on the topic reply previous posts iframe (Mark)
  • Removed theme name from css.php, now use proper configuration vars (Mark)
  • BB2: Stop generating stats every time templateSetVars is called (Joe)
  • Fixed issue with search truncating description text (Mark)
  • Improved error handling when CTL cannot write to cache directory (Mark)
  • Created (and converted all security profile hashes to) CACHE_security_hash() (Joe)
  • CTL: Save some cycles in {!if var} processing, some debug traces, code cleanup (Joe)
  • Upgraded Bad Behavior to v2.0.24 (Mark)
  • Attempting to change your password when your email address is 'invalid' causes password change but failed to make changes message. (M.Jervis Geeklog Team) (Mark)
  • FileMgmt did not honor the logged in required to view for menu, search, and stats. (Mark)
  • Forum did not honor the logged in required to view for the new post block, searching, and stats. (Mark)
  • Clear CTL when stories are auto deleted or archived (Mark)
  • Do not display profile page for anonymous users (Mark)
  • Modified block editor to allow use of advanced editor (Mark)
  • Added HTML filtering allow embed tag to configuration (Mark)
  • Added css_compress configuration option to configuration (Mark)
  • Added default sort order to configuration (Mark)
  • Fixed missing </li> on parent menu without children nodes (Mark)
  • Fixed issue where What's New and old cached stories were not updated when the story was set to auto archive or delete. (Mark)
  • Fixed Forum notification email to actually point to the last reply where appropriate (Mark)
  • Bugfix of template root hook for directories below layout/nouveau/ (Joe)
  • Implemented new mailer - added support for secure SMTP (Mark)
  • Fixed searching for non-installed plugins when open_basedir restrictions are in effect (GL bug #0000741)
  • Story cache does not cache date format (Joe)
  • Fixed broken image references in Site Tailor Install (Eric)
  • Changed hard-coded “N/A” from Admins Only menu with a language file generated neutral ”-“ (Eric)
  • Implemented js.php / css.php to consolidate all CSS and JS (Mark)
  • Forum to always use HTML filter for html posts (Mark)
  • New option for static pages - include / exclude from search (Mark)
  • Several RFI security improvements throughout (Mark)
  • Updated Site Tailor to v2.0.0 - Ability to create multiple menus (Mark)
  • Search engine enhancements (Mark)
  • Comment handling enhancements (Mark)
  • Auto detect block tempaltes for left and right (Mark)
  • Approve draft from moderation queue fails due to CSRF hardening. (Mark)
  • BB2 Update - eliminated redundant hits to vars table (Joe)
  • Added $_CONF['hide_adminmenu'] (Joe)
  • Added ability for plugins to control moderation queue by returning a string from plugin_itemlist_ No other moderation functions will be called if a string is returned. (Joe)
  • Separated Command and Control from Submissions page in admin (Joe)
  • Removed non-english language files from install tarball (will be separate download) (Eric)
  • Updated look of site footer to support a Site Tailor footer menu (Eric)
  • Moved the Nouveau javascript widget files so they can be used by any theme (Eric)
  • Added /custom directories to all the private/plugin/templates/ .thtml files (Eric)
  • Implemented the advanced editor for Contact User and Email Story (Mark)
  • FileMgmt: Fixed a bug that caused the broken file reporting to not work (Mark)
  • Added logview feature to moderation screen (Mark)
  • Added jhead / jpegtrans configuration options (Mark)
  • Added timezone select list in configuration (Mark)
  • Updated Bad Behavior2 to v2.0.23 (Mark)
  • Updated look of default poll vote results. (Eric)
  • Updated .sql on default install and preliminary .sql prep for mssql support. (Eric)
  • Moved and updated Terms of Use and Privacy Policy so they can be theme independent. (Eric)
  • Removed orphan images from tarball. (Eric)
  • Implemented feature to auto close / edit comments for articles (Mark)
  • Microsummaries support for topics fixed. (Mark)
  • Fixed hard coded table name in lib-security (Mark).
  • Handle HTML properly for config item in configuration (Mark).
  • Polls Plugin - Now if multiple questions make button read 'Start Poll' instead of vote (Mark)
  • Implemented PHPMailer into core (Mark)
  • Moved PHPMailer to lib/ from Media Gallery (Mark)
  • Moved stringparser_bbcode.* to lib/ from Forum plugin (Mark)
  • Moved getID3 to lib/ from Media Gallery (Mark)
  • New lib-image.php - image processing APIs from Media Gallery (Mark)
  • Updated upload.class.php to use new image APIs (Mark)
  • FileMgmt Updates (Mark)
    • Replacement upload allows same file to be re-uploaded
    • Filesize is automatically recalulated when new file is uploaded
    • Thumbnail image is not auto-sized (640×480 max)
  • Forum Updates (Mark)
    • Improved the upload handling of images
    • Improved permission checking, validate user has proper permissions before displaying new / reply links.
  • Media Gallery Updates (Mark)
    • Moved image processing APIs to core
  • Updated topic image to better match default header. (Eric)
  • Removed the Professional theme. (Eric)
  • Fixed error in RSS topic icon (needed to be sprintf). (Mark)
  • Made the namespace URLs constants for web services - no changes in functionality. (Mark)
  • Tweaked online documentation style to no longer indent each header level. (Mark)
  • Updated help documents to reference (Mark)
  • Forum Plugin - Added bookmarks tab and last x tab. (Mark)
  • Site Tailor - Fix problem that adds http:// to empty URL string. Now check to ensure there is something there first. (Mark)
  • Media Gallery Plugin - Fixed issue where saving the configuration would cause an error due to openbase_dir restrictions. (Mark)
  • Calendar Plugin - Fixed date comparison (“End date is before start date”) (Mark)
  • Changed syndication type to 'article' from 'glfusion' (Mark)
  • Added commentfeeds plugin to defaults (Mark)
  • New pop-up help window in configuration (Mark)
  • Moved Forum configuration to online configuration. (Mark)
  • Moved FileMgmt configuration to online configuration. (Mark)
  • Moved CAPTCHA configuration to online configuration. (Mark)
  • Added clear cache for Forum centerblock on moderation functions. (Mark)
  • Fixed missing Configuration entry in Site Tailor menu (Admin Menu generation) (Mark)
  • Made ie6Warning javascript more neutral so it can be used by other themes (Eric)
  • Added MooTools sameheight javascript to extend bg of 3 column dynamic div layouts (Eric)
  • Consolidated all MooTools libraries - now part of core. Moved to public_html/javascript/ directory. (Mark)
  • New theme API themename_headerVars(&$template). Allows a theme to set header variables. (Mark)
  • New install / upgrade system - allows migration from Geeklog (Mark)
  • Added new GVERSION define (Mark)
  • Fix for date formatting in RSS fields (Mark)
  • Renamed the syndication feed type “glfusion” to “article” (Mark)
  • New option “All Frontpage Stories” for article feeds: skip stories that have the “Show only in topic” option set (Mark)
  • Better support for plugin messages (Mark)
  • Webservices tweaks to improve support for more clients. (Mark)
  • Ensure name and email are properly populated on comment listings. (Mark)
  • Moved CAPTCHA, Forum, and FileMgmt configuration to the core configuration system. (Mark)
  • Updated default header logo (Mark)
  • Implemented glFusion CSS layout driven header / footer functions. (Mark)
  • Bumped version number to 1.1.0svn (Mark)

What’s New in glFusion v1.0.1

glFusion v1.0.1 contains several bug fixes and a few new enhancements. Below is a detailed list of changes between glFusion v1.0.0 and v1.0.1.

Instance Caching for Stories

glFusion v1.0.1 implements Instance Caching for stories. What this does is that once a story is displayed, a cached copy is stored. This means that each time the story is displayed in the future, glFusion does not have to rebuild the contents, it will simply use the cached version. This should provide another nice performance improvement and also decrease the load on your server.

Online Configuration Improvements

The online configuration system has seen a few improvements based on lessons learned and feedback from the community. You can now disable a feature if you accidentally enable it, for example, the multi-language support. URLs and paths are now checked to ensure they have the necessary trailing backslash (or don't have it in some cases) and that no stray spaces are picked up during the edit.

Advanced Editor Improvements

The Advanced Editor has been upgraded to FCKEditor v2.6.2 which brings some FireFox3 and Opera 9.50 fixes.

We have added a new plugin to the Advanced Editor to allow you to easily insert embedded videos in your story.

We have also added a new toolbar that is used for user contributed stories. This new toolbar gives the user a little more control over the look of their story. We did not include the ability to upload images in this toolbar.

General Layout Improvements

The style sheet has been tweaked a little to better support dynamic sizing (changing the zoom or font size on the local browser). We've also improved the Comment Bar to make better use of the space.

You will also see some nice new transparent icons in the Command & Control screen. These updated icons make things look just a little better and they work well with themes that have a dark background.

Security Fixes

We updated the HTML filter to the latest production version (htmLawed v1.1) and also added some additional filtering to the Forum and Media Gallery search inputs.

We also fixed a bug that allowed a user with the story.edit permission to post stories to topics they did not have permission to write to. Now the user will only be presented with a list of available topics where they have both read and write permissions.

Detailed Change List for glFusion v1.0.1

  • Improved configuration data validation - now validates URLs do not have a trailing slash and that directories do.
  • New template variable for front page - {page_title_and_site_name}
  • Added IE6 warning javascript - If enabled, you can display a warning to users that they really should upgrade their browser.
  • New Command n Control icons
  • Fixed slider height issue and added border in menu colorpicker
  • Adjusted layout of comments for better readability
  • Fixed menu alignment
  • New advanced editor toolbar. Modified user submitted story editor menu to have more advanced features, but it is missing the image / mediagallery insert.
  • New user create / delete hooks CUSTOM_createUserHook($uid) and CUSTOM_deleteUserHook($uid)
  • Made all Command n Control icons have a transparent background
  • Fix IE6 gl_navigation column differences in fixed vs. fluid gl_container layouts
  • Added new VideoEmbed plugin for FCKeditor - This allows you to easily insert YouTube (or other video hosting services) embed code into stories and static pages.
  • Changed 'domready' events to 'load' events to solve IE domready bug.
  • Fixed language file errors - missing comma caused error (German and Hebrew language files).
  • Terminate a user's session if banned
  • Fixed xhtml validation bug in Nouveau theme
  • Fixed issue with IE7 displaying drop down menu with new em measurements
  • Implemented the ability to subscribe to a topic in the story display
  • Made the default advanced editor style more closely match the Nouveau theme
  • Added the missing gl_moochronometer css
  • Hide the database password when the database backup failed and we're logging the mysqldump command
  • E_ALL fix + CUSTOM_loginErrorHandler isn't supposed to return anything
  • Hebrew language file update
  • Fixed issue where global array was not properly defined for plugins
  • Allow to unset Configuration options again after they have been “restored”, i.e. enabled
  • Adopted hack to allow multilingual blocks
  • Fixed a bug that would cause the header to not load properly when changing the theme.
  • Updated layout and spacing of comments to be more visually pleasing
  • Fixed a HTML validation bug where the closing paragraph tag wasn't created.
  • Allow overriding of rootdebug or other core config variables in siteconfig.php for emergency debugging.
  • Fixed a security issue that allowed users to view future stories and draft stories if they knew the story id.
  • PHP 5.0 compatibility for story submissions
  • Updated htmLawed to v1.1
  • Users with story.edit permission could post stories to topics they did not have write permissions to. Now only present a list of topics the user has permission to write. Also added additional check in story.class.php to validate the user has the necessary topic permissions when editing / saving a story.
  • Switched menu units from px to em to scale properly
  • Added missing default moospring images
  • Fix for story instance caching, now use permission hash in instance name.
  • Fixed broken images: openid_login.icon.png and right_arrow.png
  • Fixed output already sent errors when using the custom glFusion / Nouveau functions.php (speed limit on login attempts).
  • OpenID logins succeed for first timers even when $_CONF['disable_new_user_registration'] is true. No longer allow user to login if they do not have an existing record in the user table.
  • Allow remote users to use the webservices
  • Updated hebrew-utf_8.php
  • Fixed an error when saving a user submitted story directly to the story table (instead of the submission table). Invalid date for expire date.
  • Fixed a layout issue with the typography styles (class=“arrow”…). The margin-left was set to -2em which prevented the bullets from showing. Changed to 2em which seems to clear it up.
  • Updated PLG_uninstall to supress errors for table drop.
  • COM_displayErrorandAbort() sends an HTTP header which conflicts with the header sent in COM_siteHeader(). Example, user used trackback URL for a calendar event instead of proper URL, gives Output already started error. Removed the additional header() calls.
  • New comments were not clearing the instance cache for the story or the what's new block. Also deleted comments did not update instance cache
  • Search results return duplicate entries for stories when URL rewrite enabled.
  • Implemented instance caching on stories.
  • Unable to delete some plugins because $_DB_table_prefix and $_TABLES is not defined in plugins.php
  • Changed SEC_createToken so that it will only return one token per page (effectively making it a singleton). This fixes the problem of not being able to delete comments when you also have trackbacks for the same article
  • Approving a story submission by saving it from the Admin's story editor left a duplicate in the submission queue, unless you changed the story ID at the same time
  • Removed extra <br> between introtext and body text when viewing the full story
  • Installation would fail when MySQL in strict mode when trying to insert the default story into the database (expire field was '').

Calendar plugin

  • Fix a language inconsistency which caused the inability to delete calendar events in the day and week views.
  • Calendar search did not honor the author field.
  • Calendar block now includes events from the current day (in progress or all day events).

FileMgmt plugin

  • Fixed style issue where admin confirmation screen would set whole site to bold.
  • Reworked the configuration files to solve some integrated installation issues.

Forum plugin

  • Fixed a potential security issues with XSS on search field.
  • Fixed issue where the 'View all New Posts' link was not being displayed.

Links plugin

  • Fixed error where the category name was passed in the URL instead of the category id.
  • Fixed SQL error when trying to change a category id to an already existing id
  • Fixed new category silently overwriting an existing category if they had the same id

Media Gallery plugin

  • Improved the filtering on search items
  • Fixed issue where the absolute path to images was passed to DigiBug instead of using the URL.
  • Fixed an issue where hidden albums would prevent other sub-albums from displaying.

Polls plugin

  • Updated hebrew language file

Site Tailor plugin

  • Added Reset To Defaults button on menu configuration editor
  • Added Display After field when editing a menu item
  • Fixed error where the menu hover image was used regardless of the Graphics / Color setting.
  • Fixed error where static pages would reset when edited.
  • Fixed a E_ALL error - removed references to individual perm_ options

Staticpages plugin

  • Removed unused 'config_data' entry from the plugin uninstall function
  • Fixed E_ALL errors


  • Updated to v2.6.2 Production Release (FF3 Fixes)


  • Added missing config.html documentation file
  • Updated main documentation index page
  • Updated the online help documents

glFusion v1.0.0 New Feature List

HTML Strict / XHTML v1.0 Compliance

Thanks to the Geeklog Japanese crew, glFusion has been enhanced to provide a much cleaner, and valid, (x)HTML output.

glFusion will continue to release new themes which take advantage of the XHTML capabilities.

Story Editor / Submission Updates

The internal code that handled story authoring has been completely rewritten and is now much cleaner and functional. Most notably is that what you type is actually what you’ll get.

Automated Installation Process

No longer will you need to edit multiple files before installing glFusion. The new installation routine will gather all the necessary information and write it to the proper configuration files. This new install routine greatly simplifies the glFusion installation process.

Online Configuration Editor

Almost all configuration options can now be changed via an online configuration editor. While the new configuration editor is still a bit rough around the edges, it is a great improvement from hand editing the config.php file.

Web Services API

The Web services API provides an interface for client software to talk directly to glFusion and perform certain operations. Typical usage would be to use a desktop client to publish and edit stories without having to visit the website.

Web Services requires PHP5. If you site runs under PHP4, web services will not be available.

User Story Submission now has both an Intro and Body Section

Added ability to have Body Text in user submitted stories. Previous versions of Geeklog only allowed user submitted stories a single entry field, so the site administrator would have to break the stories into the Intro and Body parts.

Comments can now be closed

Existing comments will still be displayed but no new comments can be posted.

Caching Template Library

glFusion includes the new Caching Template Library. The benefits of the Caching Template Library are that it adds the following new features above the old template library. These features benefit both the site administrator and the plugin developer.

  • Compiles templates to PHP code for enhanced page load speeds
  • Adds logic processing to the templates
  • Ability to specify multiple locations to search for templates

Instance Caching

Instance caching refers to the ability to cache high load functions such as the What's New block. For example, each time the main glFusion index page is loaded, the What's New block is built, requiring several MySQL queries to determine what is new. Instance caching allows us to store a pre-built copy of the What's New block in HTML format. This means that you do not have to go to the database to asks for what is new each time the page is loaded.

This provides a significant speed increase for your site and a significant load decrease for your server.

HTML Filtering

glFusion has replaced the no longer maintained KSES HTML filtering system with a more up-to-date and supported filtering engine. With glFusion, you no longer have to define all the allowed HTML tags, instead, you can simply specify safe mode which will automatically remove JavaScript, XSS exploits, and other non-desirable items from your user contributed HTML. glFusion's filtering engine also attempts to fix invalid HTML markup to help maintain valid HTML in user submitted stories and comments.

KSES recently had some vulnerabilities discovered, since the project is no longer maintained, there was almost a 2 month lag in providing updates. This is one of the main drivers why glFusion no longer uses the old, unsupported KSES filter.

Other changes

For a full list of changes, please see the history file in the distribution.

Other glFusion Additions – What makes glFusion

glFusion developed several enhancements to Geeklog and also integrated several plugins to the core distribution.

glFusion Added Plugins

  • CAPTCHA – A Security / SPAM prevention tool
  • Bad Behavior2 – A Security tool that helps block several automated bot attacks
  • Forum – A collaboration plugin that allows for online communities
  • FileMgmt – A file management plugin
  • Media Gallery – A multi-media management system
  • Site Tailor – A collection of tools to manage a site's look and feel, currently includes a menu editor, menu color configuration, and logo management.

General Enhancements

  • Improved distribution organization
  • Nouveau theme is the default theme
  • Improved FCKeditor integration
  • Forum and FileMgmt upgraded to be XHTML compliant
  • Calendar and Links plugins integrated with CAPTCHA plugin
  • Enhanced upgrade process that will read some of the core values from the existing config.php file
  • Improved distribution method that does not include the configuration files as .php files, instead they are packaged as .dist files. This ensures your existing settings are preserved during a site upgrade.

Template Compatibility

Geeklog v1.5.0 has made several internal changes that will break all existing themes designed for Geeklog v1.4.1 or earlier. glFusion adds some additional requirements as well, requiring a few new template files.

For more information on the template modifications, see the Template Changes in glFusion section.

glfusion/whatsnew/archive.txt · Last modified: 2016/12/14 06:11 (external edit)

Page Tools