Textpattern repository moved to Google Code
As a pragmatic result of our long-lasting struggle to tame the touchy Subversion host we finally gave in and moved our code repository. While being there, we’ve also established a mailing list which broadcasts commit notifications (feed).
More details are over at the FAQ article.
NB: To obtain your own working copy of the repository, you will need a fresh checkout. Relocating an existing copy will not work as the repository UUIDs have changed. To preserve any private modifications, create a patch file from your old working copy and re-apply this patch to the fresh checkout.
Posted 36 days ago by Robert Wetzlmayr · Comment [7]
Textpattern Gets Ripped Off?
It’s one thing to re-brand and sell, quite another to call it your own, disable features and charge for adding them back, then heave support back onto the open source community.
Legal (if they provide the source to all their clients under GPL), but positively shameful.
Update
It turns out that we have a combination of two misunderstandings:
- money was paid for a site’s design two years ago, not a content management system or extended support
- a misunderstanding of what the proper way to go about branding is
I consider this fully resolved. If you have any questions, please contact me privately.
Explanation of the Update
For those that have been following this from the beginning, and are a little confused…
As stated above, it was a misunderstanding. I talked with them personally, and there was not only a reasonable explanation but a sincere apology. They have also made corrections to their site to clarify what it is they are actually offering, and they now understand the correct way to go about offering a customized Txp install for their clients.
Hence, the links were removed. If I believed that their corrections were only the result of “getting caught” (which is what actual thieves/site rippers tend to do), I would not have removed them. I am fully satisfied that it wasn’t intentional.
Posted 75 days ago by Mary Fredborg
Textpattern 4.0.6 released
After quite a while and lots of work from many, many people it’s finally here. Textpattern 4.0.6 is available as always on the download page.
We have fixed no less than six security issues. Because half of those can be used from the public side, updating is strongly recommended.
Updates should be seamless for the vast majority of people, otherwise make sure that all plugins are also updated to their most recent version, especially admin-side plugins. We’ll add entries to the FAQ specifically for 4.0.6 where questions may arise.
Changes in 4.0.6:
- Security (public side):
- safer use of txp_login cookie + nonce (note: users are logged out after upgrading!)
- fixed XSS vulnerability (thanks DSecRG) and input validation in setup script.
- fixed XSS vulnerability and parameter value overflow in comments preview (thanks DSecRG)
- Security (admin side):
- add missing escape in SQL query (admin side)
- fixed local file include vulnerability (publisher only) in textpattern/index.php (thanks DSecRG and Victor)
- escape request method as shown on logs tab (thanks Victor)
- New languages: Croatian, Korean, Português (Brasil), Serbian (Latin + Cyrillic), Turkish and Vietnamese
- New tags:
<txp:if_search_results> </txp:if_search_results><txp:search_term />
- Changed tags:
<txp:thumbnail />allows non-JS links to the full-size image<txp:article_custom />allows comma-separated lists for category, section and author attributes (thanks Manfr
e)<txp:linklist />allows comma-separated list for category attribute<txp:file_download_list />allows comma-separated list for category attribute<txp:recent_articles />allows comma-separated lists for category and section attribute<txp:related_articles />allows comma-separated list for section attribute<txp:search_result_excerpt />allows a custom “break” attribute defaulting to an ellipsis
- Several tags have been deprecated and will be replaced automatically during the upgrade:
<txp:sitename />,<txp:request_uri />,<txp:s />,<txp:c />,<txp:q />,<txp:id />,<txp:pg />(more info) - Added ‘password reset’ functionality (with confirmation email) on the login screen
- Update to jQuery 1.2.2 as a default JavaScript library
- Fix textile list incompatibility with PHP 5.2.4 (and higher)
- F
