Just a quick note to point out some updates. BlogCFC 5.9 has been updated to include some small fixes. There are some more fixes that will be included - probably this weekend. As I mentioned with the initial release - 5.9 is the end of the line for 5.X version, but I don't want to leave small, easily fixable bugs in the code base while folks wait for 6.
Next - Galleon was updated to finally support Access. I'm sorry I didn't ship that out sooner. Frankly I wish Access would just go away, but I know some of my users still want to use Access, so hopefully this release will resolve those issues.
Now let me talk a bit more about the BlogCFC changes as I think the issue will be something my readers may want to think about. First off - thanks to Dan Switzer for finding these bugs. One of the things I 'preach' when I do my security class is to remember that whatever security applies to page A also needs to apply to page B. BlogCFC's main index page uses a setting, releasedonly, to tell the back end to only fetch released blog entries. This setting is not used in the Admin. I forgot this setting in both the search and RSS page, so it was possible for these files to reveal unreleased entries. So theres two problems here. First - my code should default to released only. Always default to the safer version, Raymond! Second - my rule of always applying the same security should have been applied to every page grabbing entries. So good catch there by Dan!
Archived Comments
In the readme.txt are the 5.9.001 updates included in the list of files updated for 5.9, or are there other files that weren't listed?
They certainly should be. I always update the readme.
It looks then like you forgot to check the file in, as the readme in both the zip and the svn repo are from October. I just like having the list of updates so I can update only the files that were modified, I'm not trying to bust your chops or anything.
Oops. Fixed.
Thanks.
Is Galleon written in one of the frameworks?
The reason why I ask is because
In Message.cfc, function notifySubscribers, you set
username = variables.user.getUser(variables.user.getUsernameFromId(arguments.userid)).username
Is that the OO way of assigning variables?
I wouldn't call it OO. I'd just call it a shortcut. Since the method returns a struct, I can do xxxx.structkey on it.