The bug pertains to user registration, although small its preventing registration on a default installation. The problem was caused by a last moment removal of what was thought to be a no longer used function. Because of this the register.php file fail's to register accounts.
The latest version of 1.0.7 has been updated on GoogleCode and our link's have been updated to reflect this. If you havent installed the blog yet, rest assured that you wont come across this bug, if you currently have a 1.0.7 installation and need to have this fixed, then download the latest version again and replace your current register.php with the one in the download.
To keep Mi-Dia as open as possible, we have uploaded the legacy files including BETA's to GoogleCode, allowing anyone to download, use and modify the past code along with the present.
Please be aware that any legacy version ( Not Latest Version ) will not be fully secure due to not having patches added. It is advisory that no one use these in a live enviroment.
Also note that downloads marked with Discontinued will not receive support as the code is outdated or largely different to later versions. View Full Entry Category: News Comments:0Tags:Update GoogleCode Downloads
Over the last few night's a few idea's have rested on my mind, thing's which would make sence to see through in the next release. These idea's are the following;
1) Guest Commenting An option would be added to the Staff Panel allowing guests to post comments, To do this though 2 new fields will be added to the comments table.
Name and Email. These fields will be used only during guest posting, and will only be checked by the system when the ID identifyer returns a false account such as id 0.
This will eliminate the need for registration but will be at the Admin's discression. This may or may not come anti bot facilities.
2) Registration Authentication Another option to be added in the Staff Panel to allow the admin to define the Registration Authentication option. Set to current standards it would leave
the registration unaltered by sending the generated password to the user by email. If no authentication is selected, then the password will be shown upon registering.
3) Snippet Adaptation Snippits for Entries would be changed, allowing the Admin to set the following options.
- Full - Would show snippet for listing and at the start of entries
- Enabled - Would show snippet on listing page but not on Entries, acting more as a summary.
- Disabled - Would replace listing with full entry and fully remove snippets from the blog.
A large delay for such an important message, but finally I have had the time to write the code for the Latest Download block. This block is present only on the home page and provides links to the release entry of both Full Release and Beta Release for Mi-Dia Blog. View Full Entry Category: News Comments:0Tags:Mi-Dia Website Block Upgrade
The upgrade is complete but this website still needs to have its custom chances re added and this will be done within the next few days. Sorry for any inconvenience. View Full Entry Category: News Comments:0Tags:Update
To save server bandwidth, and to rely more on one of the third party download and project systems we use, we are considoring in removing our download section and moving fully to either of the following.
SourceForge or GoogleCode
Plan's to move the download's are not immediate, but may take place soon and we will make you all aware before hand, the only real difference in this case though is that the Download link will change to which host is choosen as the primary. View Full Entry Category: News Comments:0Tags:Downloads Google Code
These bugs were only made aware recently as a hacking and exploit website accidently referred some hacker's to mi-dia's url without hiding their own, these bugs are as follows
- Active XSS
A form of Cross Site Scripting which was enabled by the clean function not being applied to Search Tags. This has been Rectified.
- SQL Injection
A form of harmful command vunderability intent on damaging databases through manipulated strings. This has also been rectified in 1.0.7
These have been addressed fully in 1.0.7 and have been revealed to be present in 1.0.4 to present. We will now push the release of 1.0.7 to as soon as safely possible. If you wish to modify your installation to arm against these bugs then go through all files pertaining to user input and ensure all input values are protected with the clean() function. View Full Entry Category: Development Comments:0Tags:Bugs Explout XSS SQL
This version of Mi-Dia blog has undergone a great deal of change to add new functionality, securety and usability to make Blogger's lives much easier and safer.
Some of the changes - Admin Section Using Own Header
- Admin Section Using Own Template
- Fixed bug with Welcome Message
- Removed discontinued functions
- Support for Youtube Video
- Support for Image Enhanced Templates
- Fixed XSS vunerability Bug
- Hidden Log Viewer For Debugging Purpose Added
- Fixed SQL vunerability in index.php
- New Installer
A new, more simplified version has been added to the 1.0.7 release, base on the origional, the following changes have been made,
- Version Specification Value
- Cut down step process to 2 pages
- Added Error Reporting and Prevention of Install if Config is incorrect or lacking fields.
- Installer now suggests the most likely install config for your web account
From 1.0.7 Release onwards, each version will come with an upgrade,php, intended to enable web masters to upgrade an existing installation of Mi-Dia Blog by simply uploading the files and running an upgrade.php file.
The upgrade.php will only run database changes, and is being introduced in 1.0.7 as the release will soly be a file based release, no database modifications have taken place.
Although this is true, there will be one tiny entry that needs changing, which will be the version number, which will be the first official function delbt with by the upgrade.php
Please note that uprade.php will not be included in BETA releases, as these releases contain potential issues and are not fully tested and approved for large scale usage. View Full Entry Category: Development Comments:0Tags:Upgrade 1.0.7
Although not ideal, a phpBB 3 forum has been set up to handle support and communal discussions at http://forum.mi-dia.co.uk.
We would have liked to develope an intergrated forum but the time required to write the forum software is not available to us, hence why we have opted for phpBB. Due to lack of intergration, the forums do not share the same accounts as Mi-Dia Blog Website.
We hope to switch to an intergrated forum system in the future, but this is all we can organise in the short term. View Full Entry Category: News Comments:0Tags:Forum Support phpBB
Potentially support for many other Media BBcode could be added, but at this stage in development we didnt want to get ahead of ourselves and focused on adding support for the daddy of online streaming. Youtube.
To view the BBcode in work, visit our development blog where youtube has been added to the snippet of one of the entries.
Author:Chris ( Admin ) Date: 5/04/2010, 10:29 am Status: Offline
The template itself is complete, but undergoing validation with the W3C XHTML validator, although this will make the template 100% valid, there may be some IE related issues as Microsoft refuses to get with the times.
