Feb-16 XHTML validation, time zones, FOAF, session security, content management
YACS now parses articles and comments, and rejects input that is not compliant with XHTML specification. Actually the input is submitted to a XML PHP parser, and any error is reported. This simple feature is very efficient to spot unbalanced tags. However, it is not aiming to enforce any XML grammar.
YACS now automatically adds to any user profile some RDF meta-information. As a starting point we have selected to implement basic properties and relationships as specified in FOAF Vocabulary Specification. At the moment, any YACS server can be parsed automatically by a robot to learn user names and avatars. These will be extended over time, as usual. And of course, we will get the most out of FOAF when we will have found a way to link people (actually, user profiles).
Some friendly hackers have shown me different ways to hack PHP sessions. As a result YACS now adds many checks on the basic PHP system.
YACS now automatically adds to any user profile some RDF meta-information. As a starting point we have selected to implement basic properties and relationships as specified in FOAF Vocabulary Specification. At the moment, any YACS server can be parsed automatically by a robot to learn user names and avatars. These will be extended over time, as usual. And of course, we will get the most out of FOAF when we will have found a way to link people (actually, user profiles).
Some friendly hackers have shown me different ways to hack PHP sessions. As a result YACS now adds many checks on the basic PHP system.
242 files have been modified or added.
As usual, it is highly recommended to ask YACS to smoothly upgrade your server. For further information check How to achieve incremental upgrades of a YACS server?.
Here is a list of new or updated features coming with this release:
YACS validates submitted content. We are using a standard PHP XML parser to ensure that at least there is no un-balanced HTML/XHTML tag. No more no less. This simple check is enough to spot most typing errors. For example, the introduction and description fields are validated in articles/edit.php. The
Time zones are taken into account. To render a date YACS takes into account its own time zone, and the time zone the surfer is in (skins/skin_skeleton.php). The server time zone is computed automatically (shared/global.php), but can be manually overriden in the configuration panel for skins (skins/index.php). The time zone of the surfer is gathered through some Javascript at login time (users/login.php) and saved into session data (shared/surfer.php). These are reflected in the test page as well, for debugging purpose (control/test.php). Also, when a new page is submitted, YACS adjusts the publication and expiration dates to its own local time (in articles/edit.php for example). As a side effect of time adjustments, the cache engine has been updated as well (shared/cache.php).
FOAF data has been made available for each registered surfer (users/describe.php). Related meta information has been added to each user profile (users/view.php).
Session management has been enhanced to better protect from hackers and to compensate from lazy ISP. See shared/global.php and shared/surfer.php.
In a previous version we introduced a heartbit mechanism to prevent session break on idle time. Now the scope of this mechanism has been limited to forms only. See query.php for example.As a result, the layout of regular pages has been streamlined. Also, this reinforces the new security policy on session management, with a time-out after one hour of idle time, except on forms.
YACS supports pages within articles. Add the keyword
Articles can be published in the future, and YACS will list and display pages only on time. A field has been added to the edition form (articles/edit.php). See updated MySQL requests into articles/articles.php. The review script (articles/review.php) lists separately published pages before they pop up.
YACS better supports locked sections and locked articles. When a section is locked, it does not accept new articles (except from associates, as usual). And when an article is locked, it can not be modified. This applies also to images, files, comments, links and locations attached to locked pages. See actions/edit.php and code related to layout such as articles/layout_articles_as_boxes.php.
Locked sections and articles are now flagged using a small icon, and a run-once script is provided to update reference skins.
A new option '
To enable alternative management schemes several options have been added to the main configuration panel (control/configure.php). Now you can allow only associates to create new articles and limit members contributions to comments and links (parameter
Editors have a direct access to sections they are managing at their own user profiles. See users/view.php.
Submitted pages are not visible to all members anymore, but only to the poster, to section editors if any, and to associates. Check the function
AWK scripts (actually, files of type '
When publishing a submitted article, YACS now advertises this to external servers only if access to the page has not been restricted, and if the article will appear at the home page. See articles/publish.php.
When the '
Also, the articles/layout_articles_as_manual.php better supports empty levels, if any.
Referral processing has been enhanced with the detection of search requests from several popular engines. While displaying referrals YACS shows search keywords where applicable. Also, YACS now reports separately on popular referrals (without search requests) and on popular keywords (search requests only). See agents/index.php and agents/referrals.php. Finally, the script links/check.php has an option to process referral information gathered up to now.
YACS is more flexible in the rendering of user profiles. This has been implemented through a new function
Links have been added to most module index pages to jump directly to related configuration panels. See agents/index.php for an example of this. In most cases it is not required to go to the Control Panel first.
The panel form (panel.php) has been streamlined.
The main help panel now better adapts to actual surfer capability (Associate, Member, etc.)
The script that handle HTTP errors (error.php) has been modified to better adapt to diverse conditions.
The layout of the Control Panel has been heavily reengineered, to simplify the access to main modules, and to list all configuration panels at one place. See control/index.php.
A new configuration panel has been added for Flash objects (feeds/flash/configure.php). Related parameters are mainly used in feeds/flash/slashdot.php.
Scripts used to submit mail messages (articles/mail.php and users/mail.php) now uses the shared library shared/mailer.php, and the overall size of code has been reduced.
YACS also makes a broader usage of
The code used to read external RSS feeds has been switched to the library links/link.php. As a result, the size of feeds/feeds.php has been reduced by 25%.
Many scripts have been updated because of the hunt of uninitialized variables. Most
The legacy string '
The registration script works as expected since we have suppressed calls to
All reference scripts have been double checked to remove extra characters at the end. It is well-known that these white termination characters can induce some empty white screens in some occasions.
HEAD requests are not counted anymore in browser statistics (agents/browsers.php), nor in response time statistics (agents/profiles.php), nor in referral statistics (agents/referrals.php).
A rendering bug of the gadget panels has been fixed in the test page for skins (skins/test.php).
As usual, it is highly recommended to ask YACS to smoothly upgrade your server. For further information check How to achieve incremental upgrades of a YACS server?.
Here is a list of new or updated features coming with this release:
YACS validates submitted content. We are using a standard PHP XML parser to ensure that at least there is no un-balanced HTML/XHTML tag. No more no less. This simple check is enough to spot most typing errors. For example, the introduction and description fields are validated in articles/edit.php. The validate() function is in shared/global.php. Time zones are taken into account. To render a date YACS takes into account its own time zone, and the time zone the surfer is in (skins/skin_skeleton.php). The server time zone is computed automatically (shared/global.php), but can be manually overriden in the configuration panel for skins (skins/index.php). The time zone of the surfer is gathered through some Javascript at login time (users/login.php) and saved into session data (shared/surfer.php). These are reflected in the test page as well, for debugging purpose (control/test.php). Also, when a new page is submitted, YACS adjusts the publication and expiration dates to its own local time (in articles/edit.php for example). As a side effect of time adjustments, the cache engine has been updated as well (shared/cache.php). FOAF data has been made available for each registered surfer (users/describe.php). Related meta information has been added to each user profile (users/view.php). Session management has been enhanced to better protect from hackers and to compensate from lazy ISP. See shared/global.php and shared/surfer.php. In a previous version we introduced a heartbit mechanism to prevent session break on idle time. Now the scope of this mechanism has been limited to forms only. See query.php for example.As a result, the layout of regular pages has been streamlined. Also, this reinforces the new security policy on session management, with a time-out after one hour of idle time, except on forms. YACS supports pages within articles. Add the keyword [page] where you want to insert page breaks, and let YACS build navigation links. See articles/view.php to understand how it works. Articles can be published in the future, and YACS will list and display pages only on time. A field has been added to the edition form (articles/edit.php). See updated MySQL requests into articles/articles.php. The review script (articles/review.php) lists separately published pages before they pop up. YACS better supports locked sections and locked articles. When a section is locked, it does not accept new articles (except from associates, as usual). And when an article is locked, it can not be modified. This applies also to images, files, comments, links and locations attached to locked pages. See actions/edit.php and code related to layout such as articles/layout_articles_as_boxes.php. Locked sections and articles are now flagged using a small icon, and a run-once script is provided to update reference skins. A new option 'no_index' has been added to sections that have to be not publicly listed in the site map (sections/index.php) . For example, if you want to complement an existing section with a related discussion board, you can create a secondary section, configure it as a discussion board, but hide it from the site map. To enable alternative management schemes several options have been added to the main configuration panel (control/configure.php). Now you can allow only associates to create new articles and limit members contributions to comments and links (parameter without_submission). Also, you can explicitly allow authors to change their articles after publication, which is not the default YACS behaviour anymore (parameter with_revision). Editors have a direct access to sections they are managing at their own user profiles. See users/view.php. Submitted pages are not visible to all members anymore, but only to the poster, to section editors if any, and to associates. Check the function list_by_date_for_anchor() in articles/articles.php. AWK scripts (actually, files of type '.awk' are accepted as valid attachment files. See files/edit.php and files/view.php. When publishing a submitted article, YACS now advertises this to external servers only if access to the page has not been restricted, and if the article will appear at the home page. See articles/publish.php. When the 'layout_as_manual' option has been set to one section, related articles now features navigation links (to next and previous pages) at several places within the main panel. See articles/article.php, . The idea comes from the layout of the MySQL Reference Manual. Also, the articles/layout_articles_as_manual.php better supports empty levels, if any. Referral processing has been enhanced with the detection of search requests from several popular engines. While displaying referrals YACS shows search keywords where applicable. Also, YACS now reports separately on popular referrals (without search requests) and on popular keywords (search requests only). See agents/index.php and agents/referrals.php. Finally, the script links/check.php has an option to process referral information gathered up to now. YACS is more flexible in the rendering of user profiles. This has been implemented through a new function get_user_profile() member of the Anchor interface (shared/anchor.php), and overloaded on a per-section basis (sections/section.php). This function is called at several places while rendering a page, at articles/view.php. A first version of the rendering engine for user profile has been implemented in skins/skin_skeleton.php. This topic will be extended in upcoming releases. Links have been added to most module index pages to jump directly to related configuration panels. See agents/index.php for an example of this. In most cases it is not required to go to the Control Panel first. The panel form (panel.php) has been streamlined. The main help panel now better adapts to actual surfer capability (Associate, Member, etc.) The script that handle HTTP errors (error.php) has been modified to better adapt to diverse conditions. The layout of the Control Panel has been heavily reengineered, to simplify the access to main modules, and to list all configuration panels at one place. See control/index.php. A new configuration panel has been added for Flash objects (feeds/flash/configure.php). Related parameters are mainly used in feeds/flash/slashdot.php. Scripts used to submit mail messages (articles/mail.php and users/mail.php) now uses the shared library shared/mailer.php, and the overall size of code has been reduced. YACS also makes a broader usage of get_teaser() (in articles/article.php) instead of handling introduction and description fields again and again. Again, a big saving in code size. The code used to read external RSS feeds has been switched to the library links/link.php. As a result, the size of feeds/feeds.php has been reduced by 25%. Many scripts have been updated because of the hunt of uninitialized variables. Most unset() have been replaced with safe assignments, to get initialized variables. A very tedious change, I can tell you... The legacy string 'wrap="virtual"' has been removed from all text areas and now even YACS forms are validated by the w3c. The registration script works as expected since we have suppressed calls to CreateImageFromString(). Actually, users/edit.php does not induce HTTP Internal Server Error anymore when a user profile has an email address. All reference scripts have been double checked to remove extra characters at the end. It is well-known that these white termination characters can induce some empty white screens in some occasions. HEAD requests are not counted anymore in browser statistics (agents/browsers.php), nor in response time statistics (agents/profiles.php), nor in referral statistics (agents/referrals.php). A rendering bug of the gadget panels has been fixed in the test page for skins (skins/test.php).Rate this page
Posted by Bernard on Feb. 16 2005, (popular)
