Flux CMS DevBlog

And here comes a new cool feature for the upcoming 1.5 release. The Blog Sidebar Editor. You can now rearrange, delete, add new "widgets" (term stolen from wordpress) to the 2 sidecolumns of your blog. It's hard to describe, therefore I made a little screencast which should tell more than thousands words:

To make your old blog.xsl working with the sidebar editor, you have to change your blog.xsl a little bit. Search for the following templates and replace them with:

<xsl:template name="contentRight">
  <xsl:apply-templates select="/bx/plugin[@name = 'blog']/xhtml:html/sidebar[@sidebar=2]"/>
</xsl:template>    
<xsl:template name="leftnavi">        
  <xsl:apply-templates select="/bx/plugin[@name = 'blog']/xhtml:html/sidebar[@sidebar=1]"/>
</xsl:template>

And if you didn't include it already, also add on top:

<xsl:import href="../standard/plugins/blog.xsl"/>

That's it. And if it doesn't work for you or you have problems with it, just ask, we're more than happy to help you out.

BTW, it uses the script.aculo.us library for those wondering.

It took longer than expected, but now we've done it. We released Flux CMS 1.4.0. The url is

http://bitflux.org/download/fluxcms-1.4.0.tgz

Or get it as snapshot from:

http://bitflux.org/download/fluxcms_1_4-snapshot-svn.tgz

resp. the SVN URL

https://svn.bitflux.ch/repos/public/fluxcms_demo/branches/1_4/

Changes since the last announcement:

- Enabled FCKeditor as alternative default editor to BXE (instead of Kupu)
- Added "about" page in the demo.
- Added twoday to Flux Blog importer (by Hannes)
- Added memcache support for some DB lookups
- Added possibility to add users without admin account
- Enhanced possibilities to allow for private posts without admin account
- Less warnings with PHP 5.1
- Prevent spam via contact form (see this for more info)
- Many other bugfixes

Flux CMS 1.5 is already on the way, with some new blog features and a whole new more advanced permission system.

If you want to protect your whole Flux CMS installation with a standard mod_auth .htaccess setup, then you have to set allowHTTPAuthentication in config.xml to false:

 <allowHTTPAuthentication>false</allowHTTPAuthentication>

Now, mod_auth and Flux CMS don't disturb each other anymore (the only thing not possible anymore with this is to check for blog posts marked private via RSS and http auth, but there's another way to do this now, which we'll cover later )

Increasingly, spambots are taking any form they can get, so it's not surprise there's more and more of this useless shite coming through the contact form...

Now, there's an easy way to prevent this, I just committed a new patforms element called Bottest. It works with the old, but still effective technique of having a via-css-hidden formfield. If it's filled out, it's most certainly a bot :)

How to add it to your form:

- Upgrade the CMS to the trunk or the 1_4 branch. Or just put this file inc/patForms/Element/Bottest.php into the right folder.
- Then add the following line to your contact form table in /contact/index.en.xhtml

<tr class="formurl"><td forms:fieldErrorID="email" nowrap="nowrap"><i18n:text>Bot-Test (leave blank)</i18n:text>:</td><td class="formgenerell"><patForms:Bottest label="i18n(E-mail)" name="homepage" required="no" description="" /></td></tr>

And make sure the the css-class "formurl" has a display: none in your CSS.

Hope that helps..

Flux CMS runs currently on PHP 5.0, 5.1 and 5.2-dev, but ...

5.0.3 has issues (the blog plugin won't work), so this version is not really recommended and with 5.1 you maybe get some new notices and warnings. The notices and warnings problems are solved in the 1_4 branch and in the trunk. But if you're too lazy to upgrade, just lower your error_reporting level (which is always recommended on production systems, anyway).

Some issues also exist with different libxml2 versions, especially the libxml2 2.6.16-19/20 series. If you're using Debian stable, you'll have 2.6.16 and that's certainly causing issues with the blog plugin. You're advised to upgrade to libxml2 2.6.2x, which is in Debian testing

And we will soon release 1.4.0, promised :)

Lately, we're again swamped by comment and trackback spam. As (almost) nothing gets through the spam filter, this isn't so bad per se and people using Flux CMS with the default options won't notice anything.

But if you allowed to be notified about "rejected" comments, you'll maybe get dozens of notification-mails a day. You can easily turn that off, go to the Site Options and search for "blogSendRejectedCommentNotification" and set that to "No" and there will be silence (except for the odd "Moderated" comment here and there. These are mainly trackbacks, which are harder to correctly filter out, but we already get most of them and we work on the rest)

If the above setting doesn't help and you still get way too many messages, please inform us, also with a copy of the spam you get. We try hard to improve our anti-spam techniques.

but we're online again as soon as possible, looks like some internal network issues and nothing major...

Update: And now it's working again... Some internal routing issues prevented that the packages went to the freeflux server :( Now also has a new IP (from the new data center), so the pending move one floor up won't be of any major hassle now :)

Using https with Flux CMS is not a problem by design, but we had the following harcdoded by default in config.xml:

<constants>
        <constant name="BX_WEBROOT">http://{$_SERVER['HTTP_HOST']}/</constant>
</constants>

This always switches back to http:// and therefore make the https:// mode unusable.

If you only want to use https, the solution is easy, just change http:// to https:// above. But if you're in a mixed environment, you were lost. Until now. Apply this patch to your installation and change the above config line to

<constants>
        <constant name="BX_WEBROOT">http(s)://{$_SERVER['HTTP_HOST']}/</constant>
</constants>

and it should work in both, http and https. Of course, you can also just update your installation to the latest trunk or 1_4 branch (but you still have to change the config.xml, and the http-only is still the default, if you install from scratch)

Update: There was one check in master.xsl for http://, therefore you have to patch that to. See this patch for the details.