linear

[« Greymatter 1.3] [Main Index] [case mod 101: how to paint your computer case (part 1) »]

What's so cool about Greymatter 1.3?

10/02/2003

What's so cool about Greymatter 1.3? Where to even start...

I'll start with security, because that's the thing that made me get involved in the first place, and brought me to the forums.

+ GM 1.3 maintains the original spirit of allowing commenters to post link markup, but has significantly enhanced validity checking to ensure that cross site scripting issues don't cause you or your provider grief. As noted in the brand new security section of the manual, the only safe posture is to disable comments entirely, but we've raised the bar significantly for robustness of the comments implementation.

+ The rebuild files process no longer exposes author passwords, nor usernames. We generate a file on the server that contains a token, then pass that token and compare it to the value persisted in the file. This keeps your author info out of your browser history, and out of server logs including proxies. Knowledge of the token won't get you any access.

+ It's not strictly a security issue, but the search function now sanitizes the query string much more effectively, which will reduce greatly the number of script crashes on 'poison' query strings.

+ Passwords are not stored on disk in plaintext any longer. This was introduced in 1.21c but then backed out. This implementation is pretty well tested.

But the new default templates are something to shout about too.

+ We banged a lot of new variables into 1.3, and made sure the default templates use them all. These range from popular mods that are now integrated, to some user requested features, to things that make it easier to use cookies, to some stuff that was hacked in a long time ago and never documented, to several brand new templates.

+ The default templates are valid XHTML-transitional, and that's a giant leap forward.

+ The default template set makes extensive use of CSS, and a huge amount of customization can now happen *just* by editing the stylesheet alone.

+ < blockquote > is long gone, and won't be missed.

Some new templates that make what used to be difficult hacking much easier.

+ There's now a date grouping footer that allows you to use a block-level element (such as a div or even a table) to contain a date grouping. This feature is showcased nicely in the default templates (which use tables *only* for the calendar). There's an index version, and an archive version of this.

+ outbound links can be effectively targeted now with two new templates that allow you to set target frames for {{ authorsmartlink }} and {{commentauthorsmartlink}} (this allows "open commenter's homepage in a new window" without hacking GM code, and quite a bit more).

+ and templates allow you to define a label for the entry music an mood fields. The label only appears when the field is filled, so you don't get a bunch of clutter in entries where you leave those fields blank. Furthermore, they allow repurposing those fields for anything you like (track the phase of the moon, or the national debt, or the price of tea in China)s since no labels are hardcoded for the new fields.

+ {{smartemoticonscode}} template works with the per-entry setting to allow emoticons (smilies), and only shows the table to commenters if you've enabled emoticons for that entry (and globally in config). Once again, not cluttering up your entry pages.

+ Allows you to place the javascript for setting cookies (or anything else, really) in the head of your entry (or anywhere) instead of inline with the HTML. This satisfies my sense of the way things ought to work, mainly.

+ We pretty much buffed up every template, and they all got improved significantly in the default set that ships with 1.3. The fact that they validate as XHTML now says a lot for how much we had to change by way of syntax deficiencies.

Mods! The stuff you really want!

+ We integrated entry mood, entry music, emoticons, and remember commenters mods into 1.3. There are config settings and templates that control these, and if you don't need them, we coded them so they don't get in your way (upgraders take note).

+ The file format is fully backward compatible. So you could downgrade from 1.3 if you really really wanted to.

A few usability enhancements

+ Rebuilding all after a template edit now offers to take you back to the edit template menu instead of forcing you back to main menu.

+ Cicking D&R will now save config before it runs the D&R proper.

+ Cleared up a bit of ambiguous wording here and there, and added some friendly reminders into status notes.

+ The upgrade routine was tested against every version I could lay hands on, and will work with 1.21x including c with encrypted password file. Upgrade with confidence

+ We updated the manual, as if you guys cared. :P

And finally bugfixes. They're detailed in the changelog if you care about that sort of minutiae. A huge effort went into this release, and we are confident the quality is something we can be proud of. There's always going to be bugs, but this is one small step for a blog, one giant leap for blogkind.

You're gonna love it.


text, scripts and images copyright © 2001-2011 . All rights reserved.