PacerCMS

The latest stable release of PacerCMS is now available for download. We would like to thank user inner.ground for his fantastic work on developing the internationalization capabilities found in this release, and Eric Lemoine for creating the first localization of PacerCMS in French. This release also introduces a database upgrade tool, which will aide in making sure future updates to PacerCMS run smoothly. Editors can also now “Preview” an issue’s front page, sections and individual articles prior to to setting it as the “current” issue through the issue manager.

As always, we invite feedback on our software and suggestions on how it may be improved. We are also always seeking developers to help improve our project.

This Release (Subversion R129)

• Localization (#22)
• Localization: French (#24)
• Upgrade scripts for installer (#8)
• “Preview Mode” for public side (#16)
• Various bug fixes and minor enhancements from the Developer’s List

Download PacerCMS 0.7
Discuss this Release

PacerCMS developer inner.ground has recently completed the integration of an implementation of PHP’s gettext function without the need for complex server configuration. He has also devised a way to extract all of the strings in the default template and throughout the Site Administrator so that they may be translated into countless other languages. We have posted the PO file to the subversion repository, where it will also be released with future versions of PacerCMS.

Link: http://pacercms.googlecode.com/svn/trunk/locale/tools/LC_MESSAGES/

If you have a background in a language other than English and would like to be involved in localizing PacerCMS, please contact us.

A vulnerability in the ADOdb Lite package that PacerCMS uses to interact with the database has been discovered that could potentially allow an attacker to execute PHP on your system. Please remove the following file from your install, as its functionality is of limited use to the software at this time.

./includes/adodb_lite/adodb-perf-module.inc.php

In order for the attacker to exploit your system register_globals would have to be enabled on your PHP installation with your Web host. Most modern hosts have this feature disabled by default, but some (including GoDaddy) leave it enabled for backwards compatibility. Further reading:

http://php.net/register_globals

Again, please take a moment to remove the specified file from your installations even if you do not have register_globals enabled. The problem has been reported to the developer of ADOdb Lite, but a patched version is not yet available.

Running an online newspaper or magazine may bring some unwelcome attention from those seeking to exploit vulnerabilities in PacerCMS. We have received a great deal more traffic as of late as a result of our previous vulnerability and a few other minor examples that would effect a very small percentage of Web hosts. With that in mind, realize that your site is always in the crosshairs of an attacker because he or she can draw a great deal of attention by defacing or disabling your Web site. If you come across a site outlining a vulnerability in the software, please let us know (through direct e-mail) so that we may act quickly.