WordPress 4.0.1 Security Release

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Jouko Pynnonen. This issue does not affect version 4.0, but version 4.0.1 does address these eight security issues:

  • Three cross-site scripting issues that a contributor or author could use to compromise a site. Discovered by Jon Cave, Robert Chapin, and John Blackbourn of the WordPress security team.
  • A cross-site request forgery that could be used to trick a user into changing their password.
  • An issue that could lead to a denial of service when passwords are checked. Reported by Javier Nieto Arevalo and Andres Rojas Guerrero.
  • Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. Reported by Ben Bidner (vortfu).
  • An extremely unlikely hash collision could allow a user’s account to be compromised, that also required that they haven’t logged in since 2008 (I wish I were kidding). Reported by David Anderson.
  • WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Reported separately by Momen Bassel, Tanoy Bose, and Bojan Slavković of ManageWP.

Version 4.0.1 also fixes 23 bugs with 4.0, and we’ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos. Reported by Chris Andrè Dale.

We appreciated the responsible disclosure of these issues directly to our security team. For more information, see the release notes or consult the list of changes.

Download WordPress 4.0.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Already testing WordPress 4.1? The second beta is now available (zip) and it contains these security fixes. For more on 4.1, see the beta 1 announcement post.


Introduction CPM/PERT diagrams (which Microsoft Project refers to by the ambiguous name of `network diagrams`) are useful for planning what needs to be done in what... (last changed by FahmiNizam)
Publié dans Non classé


Introduction CPM/PERT diagrams (which Microsoft Project refers to by the ambiguous name of `network diagrams`) are useful for planning what needs to be done in what... (last changed by FahmiNizam)
Publié dans Non classé

The MVC pattern in Common Utilities

Original Image

Probably very few of you know it, but Common Utilities have included since version 2.2, a basic implementation of the pattern MVC (Model - View - Controller). In this article I will give you a basic explanation of its operation in Common Utilities and integrated modules.

If you still do not know what MVC is, please read this article on Wikipedia to learn more about it.

How MVC works in Common Utilities

When a module uses the MVC features of Common Utilities, all requests are received through the URL and it's the job of RMCommon to receive, process and direct them to the appropriate module. To achieve that, RMCommon includes an appropriate option to specify where to receive requests for each module. This is done through the configuration, indicating the URL you use each module.

For example, if the module is that we look for is located in the "inventory" directory, and RMCommon configuration has established as their path to the folder "inventory" when RMCommon receives a request to the URL http://sitio.com/inventorios automatically redirect the request to http://sitio.com/modules/inventory . This means that the module will respond to all requests made ​​with misitio.com/inventarios .

URL Parameters

Once RMCommon knows where to locate each module, you can tell that we get the module by specifying the parameters of the URL. Parameters provided must be written in the form module / controller / action / other-parameters . This simple format allows all requests to the module, which are handled by RMCommon follows:

Common Utilities finds the appropriate driver folder controllers within the module's directory. Take for example the URL http://sitio.com/ library / books / list / category / bestsellers /

The process is as follows:

The corresponding module is located library. Depending on the routes that have been configured, this directory could match the directory of the module or be a different one. In this sample library is the directory of the module.

Common Utilities driver looking books in the directory controllers of the module library , and loads the PHP class.

Now find the corresponding method to the action list and processes the request by passing the parameters category = bestsellers . These parameters must always be in pairs.
After processing the data, Common Utilities get the template (view) and returns the corresponding result.

Some conventions in this

How to locate the controllers? To begin, the drivers should be located as files within the directory controllers of each module. In addition, there are certain rules for naming files that contain drivers. In our example (yes, the library) the driver file should be called books-controller.php . In addition, this file should contain a class, the controller itself, named as follows: Library_Books_Controller and must inherit from the main class RMController . Finally, the class must contain a method called list , which will be invoked by RMCommon to present a result. Until here everything is clear? So these are the rules:

- The driver files must be located in the directory controllers of the module.
- The file name must follow the rule -controller.php .
- The controlling class within the file must be named _ _controller , and should contain as many methods as actions are to be processed.

The methods / actions should be named according to the action requested by the URL. If the action is called form , the created class must contain a method form () . If the action is called categories-form , then the class must contain a method called categories_form () .

A controller class looks like this:

class  Mymodule_Nombrecontrolador_Controller  extends  RMController 

RMModuleAjax ,  RMProperties ,  RMModels ;

    public  function 
__construct () { 
parent :: __construct (); 
this -> default  =  'index' ;  // default action 
this -> controller =  'categories' 

    public  function 
index () { 
// Logic index action

This -> tpl -> header () 
requires this -> parent -> view 
this -> tpl -> footer (); 

What about the models?

Models are only accessible through the controller. This means that they can only be used by the methods of the controller class. The models also have some specific rules:

- Must be located in the module's /models folder .
- A model file must be named as -model.php .
- The file must contain a class named _ _model .

A typical statement from an exact model would be:

class  Mymodule_Nombremodelo_Model  extends  RMActiveRecord 

RMModels ;

    public  function 
__construct () {

parent :: __construct (  'model' ,  'module'  );

        / **
Titles table fields
* / 
this -> titles = array ( 
'column'  => __ (  'Column Title' ,  'module'  ), 
'column2'  => __ (  'Title column2' ,  'module'  ), 


And the views?

Eventually we get the Views. These are actually templates that are derived from the name of the action. For the above example, where the module is used library and the driver is requested books for executing the method (action) list , Common Utilities get the template list.php , because it is the one that corresponds to the action list . Easy, right?

It follows that the view files (templates) should be appointed as the action (controller method) running. If our action is the name of form , so our staff must be appointed form.php . If the action is the name -form categories , also our file should be named categories-form.php .

One more thing. The Views, as in any module, should be stored in the directory templates module, but not directly, but in appropriate subfolder, depending on the following cases.

- Templates Folder can contain standard templates (as commonly used in the modules).
- Modules can have templates for the control panel or section templates for public, therefore within the directory /templates there should be two subfolders: backend and frontend .
- Within each of these subfolders there should be a new subfolder for each driver that handles Views. If the driver is called categories, then there must be a subfolder called categories where the Views will be kept for each action.

This new approach of module development in XOOPS enables faster and more structured development. Furthermore, with its auxiliary objects, Common Utilities facilitates the implementation of AJAX in modules allowing more intuitive and easy to use experience for users.

Alkacon OCEE 4.5 for OpenCms 9.5 released

Alkacon OCEE for OpenCms is a commercial extension for OpenCms that offers Support for LDAP, Clustering, Replication and improved performance. Full information about OCEE is available on the Alkacon website.

The new OCEE version 4.5.0 is a maintenance release that brings some improvements and fixes several issues of earlier OCEE versions. A new version 3.5.5 for OpenCms 8.x and a version 2.1.8 for OpenCms 7.x is also available. 

Please see the OCEE release notes for a full description about the new features and changes in this version.

OCEE 4.5.0 is required by the new OpenCms 9.5 and backward compatible with all older OpenCms 9.0 versions.

About Alkacon OCEE

The Alkacon OpenCms Enterprise Extensions (also called OCEE) are a commercial extension for OpenCms. Alkacon OCEE adds features to OpenCms that are often required for running OpenCms in a medium or large Enterprise, where data consistency, security and failover are highly important.

The main components are:

  • Alkacon OCEE Cluster Manager
    Allows for clustering of OpenCms Servers for mission critical environments.
  • Alkacon OCEE Replicator
    Makes it possible to replicate the OpenCms repository data to remote database instances, e.g. from "test" to "live" servers.
  • Alkacon OCEE LDAP Connector
    Provides full integration of existing LDAP user directories with the OpenCms permission system.
  • Alkacon OCEE Accelerator
    Provides additional high performance caches to accelerate the data access and delivery.

The Alkacon OpenCms Enterprise Extensions are available as a licensed software product from Alkacon Software GmbH, the company responsible for most of the development of the open source core OpenCms system.

OCEE is installed on a standard OpenCms system. OCEE is a binary only distribution. This means that the source code for the OCEE modules is not available. To use any of the Alkacon OCEE packages, you need to enter a license key that will be provided by Alkacon software after your purchase of an Alkacon OCEE license.

L’Hebdo WordPress n°245 : WordSesh – Shortcodes – Ecriture sans dictraction

Choisir un thème optimisé

Le thème idéal, on le trouve comment ? Les clés données par Daniel.

Réduire les dépendances d’ACF

Grégoire explique comment on peut se détacher de l’extension ACF.

Le mode d’écriture sans distraction amélioré

WordPress 4.1 va apporter une améliorer du mode sans distraction. Voyez vous-même ! (en)

Il veut aider la communauté grâce à vos dons

Vouloir contribuer à BuddyPress, bbPress et GlotPress et demander d’être soutenu par la communauté pour ce faire… tel est l’objectif de ce passionné. Aidez-le vous aussi (en) !

Dompter les shortcodes

Utiliser les shortcodes devient un jeu d’enfant avec cette extension encore en beta (en).

Disqus serait-il le diable ?

C’est l’avis de Chris Lema en tout cas. Son argumentaire est visible ici. (en)

Les Posts formats ou les formats de contenus en français

Aurélien de WPChannel explique ce que sont ces fameux posts formats et comment les utiliser à bon escient.

WordSesh revient !

L’événement live de 24 H non stop de WordPress revient cette année. Suivez les actus (en) !

WordPress 4.1 beta 1

Bienvenue à WordPress 4.1… Beta 1 !

Cette version est toujours en développement, donc il est déconseillé de l’installer sur un site en production. Il est mieux de prévoir un site web de test sur lequel vous pourrez essayer comme bon vous semble les dernières fonctionnalités. Pour essayer WordPress 4.1, installez  l’extension WordPress Beta Tester. Ou vous pouvez télécharger la beta ici (zip).

WordPress 4.1 est prévue en version définitive le mois prochain, donc nous avons besoin de votre aide pour les tests. Voici quelques unes des nouveautés que vous pourrez essayer :

  • Notre magnifique nouveau thèmes par défaut, Twenty Fifteen. Il s’agit d’un thème sobre, prêt pour les mobiles, orienté blog et surtout très simple.
  • Un nouveau mode d’écriture sans distraction pour l’éditeur. Il est activé par défaut dans cette beta, nous attendons vos retours sur cette option.
  • La possibilité d’installer de nouveaux langages directement depuis le menu « réglages généraux » (Disponible dès lors que vos fichiers restent accessibles en écriture).
  • Une nouvelle barre de formatage pour les images intégrées dans vos contenus.

Il y a aussi de nombreux changements pour les développeurs à tester :

Si vous voulez plus d’informations sur ce qui change dans cette vfersion 4.1, consultez l’article hebdo sur l’avancée des travaux sur le blog de développement.

Si vous pensez avoir trouvé un bug, postez-le sur Alpha/Beta dans le forum de support. Nous sommes à votre écoute ! Si vous êtes en mesure de reproduire un bug, faites un rapport sur le WordPress Trac. Comme toujours, vous trouverez  la liste des bugs connus et ce qui est déjà réparé.

Bon test !

Thème Twenty Fifteen
Le merveilleux visage qui qui cache
De nombreuses améliorations

NB : Il s’agit de l’adaptation en français de l’article de WordPress.org.

xBootstrap 1.03 Final


The new version 1.03 of of the xBootstrap theme is an update with a focus on compatibility with the NewBB module, in addition to other improvements that have been made.

Original Image

Original Image

Original Image

- Support for NewBB module (Angelo Rocha)
- Update Bootstrap vertion to 3.3.1 (Angelo Rocha)
- Update PM and Profile extension template files (Angelo Rocha)
- Fix grid layout (Angelo Rocha)
- Other minors Adjustsments (Angelo Rocha)
- Added Masonry Cascading grid layout library - http://masonry.desandro.com/ (Angelo Rocha)
- New News module grid (Angelo Rocha)
- Added grid function in js.js (Angelo Rocha)
- Fix bug in tdmdownloads, div unclosed (Angelo Rocha)
- Fix bug in tdmdownloads, modal description link ID (Angelo Rocha)
- Fix tdmdownloads index grid (Angelo Rocha)
- New extgallery grid system (Angelo Rocha)

Download here!

Demo: Click Here!

Source code on Github


QuickPages 2.0 RC available for download!

Original Image

Eduardo Cortés (aka BitC3R0) has just released QuickPages 2.0 RC for XOOPS 2.5.7

QuickPages module belongs to a new generation of modules for XOOPS based on Common Utilities. This allows you to better utilize all the cool features currently provided by XOOPS and the power and beauty offered by Common Utilities.

QuickPages allows you to create semi-static pages easily and quickly. It is ideal for Landing Pages, Sales Pages and any other Marketing site. You can create a single or a few pages, or even a full Website.

QuickPages support templates for every page. That means that you can provide to your pages an incredible appearance and functionallity.

These are some of the QuickPages features:

- Single pages
- Home pages
- Standalone pages
- Categories organization
- Templates for pages


XOOPS 2.5.6 or 2.5.7
Common Utilities 2.2
AdvancedForms for Common Utilities


Install QuickPages normally, as any other module for XOOPS and Common Utilities.

Download: click here