Joomla! 1.0.4 [ Sundial ] is out today. It covers a number of security issues:

Critical Level Threats

• Potentional XSS injection through GET and other variables
  - Affects all previous versions of Joomla! and Mambo 4.5.2.3
• Hardened SEF against XSS injection
  - Affects all previous versions of Joomla! and Mambo 4.5.2.3

Low Level Threats

• Potential SQL injection in Polls modules through the Itemid variable
  - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
• Potential SQL injection in several methods in mosDBTable class
  - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
• Potential misuse of Media component file management functions
  - Affects all previous versions of Joomla! and Mambo 4.5.2.x series
• Add search limit param (default of 50) to `Search` Mambots to prevent search flooding
  - Affects all previous versions of Joomla! and Mambo 4.5.2.x series

Since this is a security release, it is advised that you upgrade as soon as possible.

Popularity: 3%

Share This

If you're new here, you may want to subscribe to my Full RSS feed. Thanks for visiting!

Opera has announced a beta software development kit (SDK) for its mobile phone Web browser and user interface package, called Opera Platform.

I thought I was the only one seeing the benefit of using Ajax.

Full Article at News.com

Popularity: 4%

Share This

Dave over at ILoveJackDaniels.com has a nice cheat sheet in PDF and PNG format. Nice and wallet sized. Included, you’ll find a guide to the XMLHttpRequest object, functions and methods (from DOM and otherwise), some simple JavaScript, Regular Expressions and Events.

This has come in very handy to me personally, so I urge any serious web developer (except the experts, of course) to take a look at this and keep it close. Trust me, it is a real time saver.

Popularity: 2%

Share This

Brian Goldfarb, a Microsoft Product Manager, had an interview some days ago where he answered questions about the company’s plans with Ajax development tools. This is quite an interesting article. However, I love the way that Dion at Ajaxian.com summarized things summarizes things:

To some up:

• “Ajax is hard”
• “Microsoft invented Ajax”
• “Microsoft will make it easier”

This was basically what Brian Goldfarb seemed to have been getting to.

Popularity: 3%

Share This

This is where many web developers tend to disagree. We can never seem to settle on a good code editor, ever. I’m going to leave you with a few of my favorites and some that I hate.

First off, I live and die by Macromedia Dreamweaver 8 Win/Mac. As a matter of fact, I also use Macromedia Fireworks 8heavily for my web site designs. I just think that they have done a good job and incorporating HTML and CSS together. Especially with version 8.0. But then again, you get what you pay for because it’s going to set you back quite a pretty penny ($399). But it was a good investment for me.

On the other hand we have the Frontpage junkies. I haven’t really looked at Frontpage much since early 2000. I’ve opened up the version that comes with Office XP, but I was not impressed. What I do remember is that back in the day it was horrible. Frontpage used to dump a bunch of Microsoft specific “tags” into the code that it just served to bulk up the final output. There is the small advance of using Frontpage Extensions, which enable things like site counters and other things (sorry, I really haven’t been looking into it), but the problem lies in the fact that Frontpage extensions on servers usually cost more and they are very limited, and simply I haven’t heard anything about Frontpage lately, so I’m staying away from it.

For PHP editing I use a simply text editor called emEditor. One nice feature is tabbed editing. It also has syntax highlighting. Since I don’t write or compose very large PHP scripts, this is more than adequate for me.

When I’m at work and on Linux (Fedora) I stick to KDevelop. Most likely, I would be doing some C programming anyways, so it is just convenient since it is already opened to just drag and drop scripts and HTML files in there. I don’t, however, do any heavy HTML design on Linux though. I haven’t found tools suitable for such yet. There is something called NVU, but it just doesn’t do enough for me to design a site from scratch using this.

Popularity: 3%

Share This

Since this blog does (claim to) encompass all sorts of Web Development. I’ve decided to insert a couple basic links. I’m not much for HTML my self. Honestly speaking, I don’t know much HTML and I refuse to learn it. Yes, I am a Web Developer and have designed 20+ websites in the past 4 years, but HTML is something I’m not too good at. If you ask me, it’s all in the tools you use.

Since my personal knowledge is limited in this field I’ve provided you with a series of links to site which have helped me:

• W3Schools
• Davesite
• HTMLGoodies
• Webmonkey (My personal favorite)

I do hope these help you on your HTML quest, if you choose to embark on one.

Popularity: 2%

Share This

After days of configuring and reconfiguring, I have finally gotten the sequence down for a Fast CGI installation. Please note, these instructions are specifically for a fresh install of Fedora Core 4. This is what I’ve been working with, for distribution purposes. You may generalize the instructions where applicable of course. And as always, proceed at you own risk. Here we go (Italics indicate my personal settings):

1. Run the following command at the prompt:
   yum -y install httpd-devel
   You may also download the RPM, or if you’re really adventurous, build it from the source. This installs the httpd-devel package, which is needed for this installation. Most systems may already have this installed, but a fresh default install of Fedora Core 4 does not.
2. Download the “mod_fastcgi” package from FastCGI.com and unzip it to some directory of your choice.
3. Perform the following commands:
   cd mod_fastcgi...
cp Makefile.AP2 Makefile
make top_dir=/etc/httpd
make top_dir=/etc/httpd install
chown -R apache /etc/httpd

   The FastCGI Apache module has now been built.

4. Add following lines to /etc/httpd/conf/httpd.conf:
   LoadModule fastcgi_module modules/mod_fastcgi.so
Alias /fcgi-bin/ /var/www/fcgi-bin/
<directory /var/www/fcgi-bin/>
SetHandler fastcgi-script
Options +ExecCGI
</directory>
FastCgiConfig …. (if needed)


Share This

Darren at Problogger.net mentions a change that Chitika is going through right now. After getting some more information from the Chitika support staff I think I understand what they’re going to do. Some of the text links on the ads are going to be converted to static links to the advertiser’s product description. From my understanding the links in the tabs (Best Deals, Search, etc) will still count toward your click through.

They are countering what they call “click curiosity”: people who just click to get information about the product and not are necessarily interested in purchasing. This means a higher turnover to the advertisers of course.

Chitika themselves admitted that there will be a drop in revenue for publisher. They even offer an incentive:

To best compensate for any potential revenue loss, we are issuing a network-wide 10% bonus through the end of November.

Fact of the matter is, we can all expect to see a permanent drop in Chitika revenue due to this change, no doubt about it. From the response I got, this did not seem to be an advertiser initiated change. It seems that Chitika is doing some forward thinking and for-seeing a problem and are taking the necessary steps to avoid it. This is comforting to me. It shows that they are really committed to working out the kinks in their beta product.

Share This