PostNuke

Flexible Content Management System

News

Development Update, August 2006-01

Contributed by on Aug 23, 2006 - 06:19 PM

New Core Development Team members


The development team is proud to announce that Axel Guckelsberger (guite) and Mark Trimble (trimble) have been added
to the core devs team.



SecurityCenter enhancements


All security related settings and advice for a secure PostNuke installation (like the enhanced AntiCracker) will
reside in the PostNuke SecurityCenter. Furthermore, new enhancements have been made to the 0.8 codebase to prevent
(potential) csrf forgeries (which is one of the top 10 security issues within the
OWASP list).



Footer message from DB to templates


The (legacy) footer message, currently sitting happy in the Settings module, has been kindly asked to move from the
database into the theme templates. Fortunately for us all, it did! Lay-out controls should per definition not be part of
core settings, but handled through blocks and templates. Lots of themes already have custom footer messages (credits for
example) coded in the templates, and designers or site maintainers who really want the footer message to be set from the
database (so that it can be changed without touching the filesystem) can use Xanthia's blockzones as a powerfull and
clean solution.



Ajax Support Package for 0.76x codebase


While .8 comes with Ajax support out of the box, every module developer has to maintain his own copies for the .76x
codebase. There are more and more modules requiring Ajax and/or the Ajax effect libraries, for example Formicula
(beginning with 1.0), MultiHook (beginning with 2.0), pnForum (beginning with 2.7) and pnMessages (beginning with 1.0).
An AjaxSupportPackage is released at pnForum project file list for module developers to use. Carefully read the shipped readme file!



Ajax in News module


In the 0.8 News module, Ajax technology has made it very easy to allow inline editing of articles, so there is no need
to load the full 'edit' page anymore. Furthermore, the textarea is showing the maximum number of bytes to be used, and
(while typing) the number of bytes used so far.



Hooks in sequence


If a module has more than one hook to offer, at this moment there is no control over which hook to call first. From
release 0.8, it is possible to assign hooks in a defined sequence. This is relevant for especially the transform hooks,
for example MultiHook or bb_code, to allow for ordering of hooks execution.



User activity and activation check


Planned for 0.8+ is a user activity check after a new user has registered. At this moment, sometimes
users register and never come back to the website. This new check is to see if the users have 'activated' their account,
and if not within som xx hours, the user is deleted from the userbase.


3952