Search    Register    Log In   

By on Dec 26, 2015 at 4:06 AM

Today's releases of all 4 supported WSN series include a security update for a potential SQL injection in the RSS feed. The vulnerability may allow access to information the attacker shouldn't be able to see. As far as I can see it doesn't allow data alterations or user privledge escalation or anything like that, but updating is strongly advised.

As you may know, the 8.0 series has been scheduled to be discountinued at the end of the year. I've decided to extend that so 8.0 continues to get security fixes until at least Febuary 15th 2016. I'll provide access to 9.0 to everyone by January 15th to ensure that even those who don't pay upgrade fees have a chance to update their sites before security updates on their old version cease. I'll send an email to those accounts when I update their access.

By on Dec 20, 2015 at 9:21 PM (Edited Dec 20, 2015 at 9:22 PM)

A couple of notable changes in today's 9.2.28 Beta 2 release.

I've added more microdata markup for the reviews w/comments page so that google recognizes each individual review someone writes of a listing on your site. This improves the chances of google showing the review in their results with a link to your site.

At Admin -> Members -> Settings there's now an option to select a password reset method. When password encoding is set to none, the original password is emailed to the member, but that's bad practice. When passwords are safely encoded it's impossible to email the original password to the forgetful member. The normal method has been to autogenerate a new password to send to the person. But this could be bad if someone maliciously resets your password. You could enable security questions to help prevent that, but now there's another way. Select the "send link" password reset method and instead of emailing you a new password it'll email you a link you can click to go to a page which will allow you to set a new password.

By on Dec 10, 2015 at 1:44 PM

One of today's changes for the upcoming WSN 9.2.37 is a set of new template variables that provide easier ways to reference files attached to an image in a specific order (the sort order set on upload/edit). There's now {LINKTHUMBIMAGEX[number]}, {LINKTHUMBURLX[number]}, and the associated boolean {LINKHASFILEX[number]}. You can pair these with the preexisting {LINKCAPTION[number]} and {LINKHASCAPTION[number]}. If you want to show the third image on a listing, and include the caption only if it's present, here's all you have to do now:

To change the thumbnail size away from the default, add width and height parameters... 500 width by 400 height for example:
{LINKTHUMBIMAGEX[3 <,> 500 <,> 400]}

This can be very useful if you want to position large thumbnails in different places on the details page, with information around them.

By on Nov 21, 2015 at 1:52 AM

WSN has had an "add from web search" option for a while which can be very useful for filling up a directory with websites appropriate to a category. For a business directory, however, it would make things a lot easier if WSN could determine the address and phone number of the business which each search result references.

With the cooperation and forethought of the website owner, the geo.position and icbm meta tags can help. These meta tags allow a web page to specify its' latitude and longitude. As of today's 9.2.31 Beta 2 release, WSN now detects this and also does a reverse geocode to get the address.

Unfortunately, very few websites are currently using geodata in their meta tags. To get a few more addresses, I've used some regular expression page parsing to look for a couple of common USA address formats in pages. Also added USA phone number detection. Detection remains very spotty due to the infinite variety of ways that web pages represent addresses, but it's a start.

By on Nov 17, 2015 at 11:26 PM

Thanks to clipboard.js, I've just added cross-platform copy-to-clipboard functionality to WSN's template editor. This replaces an archaic javascript which had only been able to select the contents without copying in most browsers. Are there any other places where cut/copy to clipboard functionality would be useful?

Another change today was a formatting change to the RSS Feed template to achieve full Atom feed support by default. WSN's rssfeed.php now outputs a feed which is valid both as RSS 2.0 and Atom.

9.2.30 also brings some fixes. These includes a fix to processing template conditionals in non-mime email headers and footers (notably the default email footer with the unsubscribe link now only shows to members, as it should). Also fixed watermarking for images and added an easier AJAXy remove watermark option.

By on Nov 08, 2015 at 6:34 PM (Edited Nov 08, 2015 at 6:34 PM)

Did a lot of work on RSS feeds today. A comments url is now included in listing feeds whenever the comments switch is on and the combine details and comments switch is off. Article and topic feeds from WSN Knowledge Base and WSN Forum now include content:encoded fields to syndicate the complete article text or topic message. Any listing that has a physical address now includes the georss point field with the coordinates. On the other end, I fixed a WSN Knowledge Base bug which was affecting display of article text from feed submissions.

In the process of this work, I stumbled across the website fulltextrssfeed.com. That site will take RSS feed which only contain introductory stubs about articles and will pull in the complete article text to create a much more useful feed. Of course, you can't just do that with any feed without running into copyright issues -- but it can make the process of syndicating content between your own websites a whole lot easier.

I've demoed these changes in the WSN Knowledge Base user demo by submitting this blog as a feed: http://demo.wsnforum.com/wsnkb/blog-feed/

Let me know if you have any creative ideas for making the feed-posting system even more powerful.

By on Nov 04, 2015 at 4:54 AM (Edited Nov 04, 2015 at 4:56 AM)

For many years, WSN has been using an open source flash script called OSFLV for embedding uploaded videos. This required activating the "convert videos to flv" switch and ensuring that ffmpeg was installed on your web server, which wasn't always possible in shared hosting environments and could be a pain on unmanaged dedicated servers. Also, more importantly, it meant your mobile users couldn't watch the videos because mobile devices don't usually support Flash.

Recently I found that OSFLV was no longer working correctly -- the osplayer.swf player wasn't showing up. I looked for documentation and discovered that the OSFLV script is no longer developed and the online materials for it have been taken down. Since it's dangerous to continue relying on a component that's abandoned (it could develop security holes), I set out to find a replacement video player component.

In the end, I settled on Flow Player. It has good documentation, is easy to integrate, and has the popularity and longevity to indicate that it'll stick around for years to come. It's integrated now in WSN 9.2.27.

A bonus from this change is that Flow Player isn't limited to flv videos -- any type of video can now be played. Under the hood, this uses the HTML 5 <video> tag. The upshot is that you no longer need ffmpeg (or youtube) in order to show uploaded videos with a listing. You also no longer need flash, which means if you upload a .mov, .mp4, .m4v or .avi file it can play on an ipad, iphone or other mobile devices that don't have Flash.

FFmpeg is still useful for autogenerating thumbnail images from videos, so the autoconversion switch will remain.

By on Oct 23, 2015 at 2:36 AM

Sorry for the downtime on some parts of the websites this week. After selling my most server-intensive site I've been downsizing from a dedicated server to shared hosting, and the process has proved more complicated than anticipated. Everything except the demos is back up now, and I'll get to the demos shortly.

In the process I found and fixed a moving-related bug with integrated sites. The uploadpath value in the database doesn't change automatically when the config.php version of that value changes, and this results in integrated scripts failing to find the themes. Run upgrade.php to fix that.

Just as a tip for anyone else moving a website, make sure you don't copy the cache directory -- those thousands of small files take forever and aren't necessary.

By on Sep 14, 2015 at 4:23 PM

Most of my clients make most of their revenue from displaying advertising. With that in mind, I've been working on a new script called WSN AdUnblocker to help increase advertising revenues.

If like many of us you use an ad blocker to browse the web, you may have noticed some sites detect that and ask you to whitelist them to allow their ads to be displayed. If you're like me, you'll give that a try and leave them whitelisted as long as their ads aren't so aggressive that they make the site hard to use.

There's no completely generic way to detect and deal with ad blocking, because every web script works a bit different. Fortunately I've been able to simplify it to the point where it's very easy for anyone using WSN's advertising system.

For any other script it'll need a way to add jquery and jquery ui if not already present, then a way to add a line to the jquery document ready function and add a div around the ad, and then a specification of what pages to expect an ad on. This is likely too complicated to expect the average webmaster to work out on their own, but it's something I can
do as an affordable service.

So far I've got options to customize the language and to choose how often to re-prompt (either every page load if you don't want to allow freeloading or every X days if you want to be gentle with an occasional prod).

By on Sep 04, 2015 at 2:18 PM

The last few days have seen several releases relating to MIME HTML emails. Here's what happened.

The first discovery was that sites which had been sending MIME messages okay before started spitting out error and not sending the mail when their web servers updated to PHP 5.5.26 or later. I investigated and found that PHP version included a change to PHP's mail function restricting what can be sent in the headers field, in an attempt to stop malicious header injections. Unforunately it stopped the MIME code of WSN and many other scripts. I rewrote all the MIME code to use simpler headers and transfered much of it to the message field.

That patch worked for me, but actually created a problem on a PHP 5.4 server which was unable to parse message field headers that used windows-style line breaks. I converted to the PHP_EOL constant and that made all PHP versions work at the same time, finally.

If you have any website which is sending MIME emails by default, please be aware that it either already has or soon will stop sending emails (when you reach PHP 5.5.26) until you update to the latest release of one of the active WSN series: 8.0, 9.0, 9.1 or 9.2.
<< July 2019 >>

Recent Comments