Geeklog

Assuming that one has not implemented any WebServer based or file access security changes:

The default install of Geeklog does not secure the installation and will leave your admin/install/install.php file open for anyone to access. I Recommend a few things

Remove access rights to the directory

Change the name of the install directory

Configure webserver security - e.g. Use apache .htaccess

All of the above

Doing a little check before submitting this note, 50% of the sites I checked have open access to install.php. I debated about posting this, in case someone thinks this would be their idea of fun. Hopefully, it will be seen as a reminder to secure our installs - as anyone that has installed GL will know the default install path.

A recommendation would be for GL to include a install feature like Gallery that will secure all access and redirect anyone without proper authentication to the main page.

Cheers,
Blaine

I've released my first Geeklog theme for download. This new theme is called Foundation. you can get it from the downloads section at geeksta.com.

I installed Geeklog quite recently (1.3.2) and really like it. I started playing around with the themes and decided to make my own, one that would be put CSS. However, soon after editing the .thtml files in layout/themeName/, I found that the templates were only used for some of the page building, and that lib-common.php was actually writing markup into the page as well.

This limits themes considerably; lib-common.php should extend the method of just pulling the layout files and inserting data into them. It should not be inserting any markup of its own.

I'm guessing that the move to a fully modular separation of presentation and content is planned for 1.4. If it's not, it should be! It would make theme creation a lot easier, and would probably also make code maintenance and alteration easier as well.

It wouldn't require a CSS theme to ship with it; the same table-based themes would work fine as long as all the HTML was confined to the layout subdirectories. If that happens, I'll certainly work on a pure CSS GeekLog (hooks for browser-detection should be put in the code too).

Anyway, that's meant as constructive criticism - it's a great application!

MLimburg: It's been a problem with GL for a while, as we've moved from a 100% backend generator to the beginning of templates. A fair amount of work would be required to move it across to full templates, so we've opted to focus on GL 1.4 for true template support. Infact, I already have a version working right now :)