Welcome to Geeklog Thursday, July 30 2015 @ 06:59 PM EDT
Mark Evans informs us that Saif El-Shere reported XSS in the bbcode of the Forum plugin for glFusion. Due to the shared history of the two projects, these XSS also exist in the Forum plugin for Geeklog. The Forum plugin 2.7.4 fixes these issues.
To upgrade from version 2.7.3, you need to replace these 3 files:
Then simply run the upgrade from Geeklog's Plugin admin panel.
Paypal plugin now allows you to sell access to some of the content of your site or to establish management paying members of a club or association.
This new version 1.2 introduces a new type of product, subscritions. This feature allows you to create membership for one or several days, weeks, months or years. Users who subscribe online are automatically added to a group you specify. Group members can then access content reserved for them during the entire period of their membership. Once it is completed, the member is automatically removed from the group.
Many other new features are available with this release. Please refer to the wiki page for more details.
Starting with Geeklog 1.8.0, Geeklog will require PHP 5.2.0 or later to run. The last version of Geeklog to run on older PHP versions will be 1.7.2, to be released in early 2011.
To put things into perspective: Support for PHP 4 by the PHP development team offically ended on December 31, 2007. A last official release, PHP 4.4.9, was made on August 8, 2008. Since then, no security or other bugfixes have been released for PHP 4.
Some Linux distributions with long-term support, most notably Red Hat Enterprise Linux 4 (RHEL 4) and CentOS 4, shipped with PHP 4 at the time they were released and have therefore committed to continue PHP 4 support until the end of their support period. Therefore, unfortunately, there are still "supported" PHP 4 installations out there.
As a compromise and service to those of our users being "stuck" on such a setup, the Geeklog Team will continue to provide security fixes for the Geeklog 1.7 branch in a timely manner until February 29, 2012 (which coincides with the "End of Production 3 phase" for RHEL 4). Where by "timely", we mean "as soon as possible, but not necessarily on the same day as the then-current release". The further versions drift apart, the more work will it be for us to backport fixes.
Overall, however, we would really suggest that you switch to a host running PHP 5.2 or later, if at all possible and as soon as possible.
If you need help in setting up or using Geeklog, please see the documentation, the FAQ, the Wiki, try our search page or browse through the Support Forum. Chances are someone else already had the same problem.
More resources are listed on the support page.
If you still can't find an answer, feel free to post in the forum.
Need help now? Try our web-based IRC chat.