Today's releases of all 4 supported WSN series include a security update for a potential SQL injection in the RSS feed. The vulnerability may allow access to information the attacker shouldn't be able to see. As far as I can see it doesn't allow data alterations or user privledge escalation or anything like that, but updating is strongly advised. As you may know, the 8.0 series has been scheduled to be discountinued at the end of the year. I've decided to extend that so 8.0 continues to get security fixes until at least Febuary 15th 2016.
A couple of notable changes in today's 9.2.28 Beta 2 release. I've added more microdata markup for the reviews w/comments page so that google recognizes each individual review someone writes of a listing on your site. This improves the chances of google showing the review in their results with a link to your site. At Admin -> Members -> Settings there's now an option to select a password reset method. When password encoding is set to none, the original password is emailed to the member, but that's bad practice.
One of today's changes for the upcoming WSN 9.2.37 is a set of new template variables that provide easier ways to reference files attached to an image in a specific order (the sort order set on upload/edit). There's now {LINKTHUMBIMAGEX[number]}, {LINKTHUMBURLX[number]}, and the associated boolean {LINKHASFILEX[number]}. You can pair these with the preexisting {LINKCAPTION[number]} and {LINKHASCAPTION[number]}. If you want to show the third image on a listing, and include the caption only if it's present, here's all you have to do now: {LINKTHUMBIMAGEX[3]} Caption:
WSN has had an 'add from web search' option for a while which can be very useful for filling up a directory with websites appropriate to a category. For a business directory, however, it would make things a lot easier if WSN could determine the address and phone number of the business which each search result references. With the cooperation and forethought of the website owner, the geo.position and icbm meta tags can help. These meta tags allow a web page to specify its' latitude and longitude.
Thanks to clipboard.js, I've just added cross-platform copy-to-clipboard functionality to WSN's template editor. This replaces an archaic javascript which had only been able to select the contents without copying in most browsers. Are there any other places where cut/copy to clipboard functionality would be useful? Another change today was a formatting change to the RSS Feed template to achieve full Atom feed support by default. WSN's rssfeed.php now outputs a feed which is valid both as RSS 2.0 and Atom. 9.2.30 also brings some fixes.
Did a lot of work on RSS feeds today. A comments url is now included in listing feeds whenever the comments switch is on and the combine details and comments switch is off. Article and topic feeds from WSN Knowledge Base and WSN Forum now include content:encoded fields to syndicate the complete article text or topic message. Any listing that has a physical address now includes the georss point field with the coordinates. On the other end, I fixed a WSN Knowledge Base bug which was affecting display of article text from feed submissions.
For many years, WSN has been using an open source flash script called OSFLV for embedding uploaded videos. This required activating the 'convert videos to flv' switch and ensuring that ffmpeg was installed on your web server, which wasn't always possible in shared hosting environments and could be a pain on unmanaged dedicated servers. Also, more importantly, it meant your mobile users couldn't watch the videos because mobile devices don't usually support Flash. Recently I found that OSFLV was no longer working correctly -- the osplayer.swf player wasn't showing up.
Sorry for the downtime on some parts of the websites this week. After selling my most server-intensive site I've been downsizing from a dedicated server to shared hosting, and the process has proved more complicated than anticipated. Everything except the demos is back up now, and I'll get to the demos shortly. In the process I found and fixed a moving-related bug with integrated sites. The uploadpath value in the database doesn't change automatically when the config.php version of that value changes, and this results in integrated scripts failing to find the themes. Run upgrade.php to fix that.
Most of my clients make most of their revenue from displaying advertising. With that in mind, I've been working on a new script called WSN AdUnblocker to help increase advertising revenues. If like many of us you use an ad blocker to browse the web, you may have noticed some sites detect that and ask you to whitelist them to allow their ads to be displayed. If you're like me, you'll give that a try and leave them whitelisted as long as their ads aren't so aggressive that they make the site hard to use.
The last few days have seen several releases relating to MIME HTML emails. Here's what happened. The first discovery was that sites which had been sending MIME messages okay before started spitting out error and not sending the mail when their web servers updated to PHP 5.5.26 or later. I investigated and found that PHP version included a change to PHP's mail function restricting what can be sent in the headers field, in an attempt to stop malicious header injections. Unforunately it stopped the MIME code of WSN and many other scripts.