BlogCFC, Galleon Updates

Just a quick note to point out some updates. BlogCFC 5.9 has been updated to include some small fixes. There are some more fixes that will be included - probably this weekend. As I mentioned with the initial release - 5.9 is the end of the line for 5.X version, but I don't want to leave small, easily fixable bugs in the code base while folks wait for 6.

Next - Galleon was updated to finally support Access. I'm sorry I didn't ship that out sooner. Frankly I wish Access would just go away, but I know some of my users still want to use Access, so hopefully this release will resolve those issues.

Now let me talk a bit more about the BlogCFC changes as I think the issue will be something my readers may want to think about. First off - thanks to Dan Switzer for finding these bugs. One of the things I 'preach' when I do my security class is to remember that whatever security applies to page A also needs to apply to page B. BlogCFC's main index page uses a setting, releasedonly, to tell the back end to only fetch released blog entries. This setting is not used in the Admin. I forgot this setting in both the search and RSS page, so it was possible for these files to reveal unreleased entries. So theres two problems here. First - my code should default to released only. Always default to the safer version, Raymond! Second - my rule of always applying the same security should have been applied to every page grabbing entries. So good catch there by Dan!

Archived Comments

Comment 1 by RobW posted on 11/20/2007 at 8:52 PM

In the readme.txt are the 5.9.001 updates included in the list of files updated for 5.9, or are there other files that weren't listed?

Comment 2 by Raymond Camden posted on 11/20/2007 at 8:56 PM

They certainly should be. I always update the readme.

Comment 3 by RobW posted on 11/20/2007 at 9:58 PM

It looks then like you forgot to check the file in, as the readme in both the zip and the svn repo are from October. I just like having the list of updates so I can update only the files that were modified, I'm not trying to bust your chops or anything.

Comment 4 by Raymond Camden posted on 11/20/2007 at 10:08 PM

Oops. Fixed.

Comment 5 by RobW posted on 11/20/2007 at 10:18 PM

Thanks.

Comment 6 by Phillip Senn posted on 11/21/2007 at 9:22 AM

Is Galleon written in one of the frameworks?
The reason why I ask is because
In Message.cfc, function notifySubscribers, you set
username = variables.user.getUser(variables.user.getUsernameFromId(arguments.userid)).username

Is that the OO way of assigning variables?

Comment 7 by Raymond Camden posted on 11/21/2007 at 5:55 PM

I wouldn't call it OO. I'd just call it a shortcut. Since the method returns a struct, I can do xxxx.structkey on it.