WordPress 4.2.2 Security and Maintenance Release

WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Version 4.2.2 addresses two security issues:

• The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org (including the Twenty Fifteen default theme) have been updated today by the WordPress security team to address this issue by removing this nonessential file. To help protect other Genericons usage, WordPress 4.2.2 proactively scans the wp-content directory for this HTML file and removes it. Reported by Robert Abela of Netsparker.
• WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi from Baidu[X-team].

The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor. This issue was reported by Mahadev Subedi.

Joomla : Features Overview

Joomla is one of the world's most popular software packages used to build, organize, manage and publish content for websites, blogs, Intranets and mobile applications. Owing to its scalable MVC architecture its also a great base to build web applications.
With more than 3 percent of the Web running on Joomla and a CMS market share of more than 9 percent, Joomla! powers the web presence of hundreds of thousands of small businesses, governments, non-profits and large organizations worldwide like Citibank, eBay, Harvard University, Ikea, McDonald's and Sony.
As an award winning CMS led by an international community of more than a half million active contributors, helping the most inexperienced user to seasoned web developer make their digital visions a reality.
Here are some of the Joomla! features you will love.

Multilingual

Joomla is the most popular and widely supported open source multilingual CMS platform in the world, offering more than 64 languages. Webmasters and content creators can create websites to be presented in multiple languages, without ever needing to step outside of the options available in the Joomla! core software. This is a big step forward and represents a set of capabilities that can make websites much more accessible, reaching out to a much larger audience.

Well Supported

Our worldwide, enthusiastic community is filled with individuals, and teams of world class developers and business consultants who actively help at no cost in the forums.
There are thousands of professional Joomla! service providers throughout the world who can help build, maintain and market your Joomla! projects. The Joomla community has a vetted directory of just some of these providers at the Joomla Resource Directory.

Easy Upgrades

One of the big challenges with any software is keeping it up to date. Fortunately, Joomla! has a "One Click Version Update" feature to make this process super easy for users of any skill level.
The built-in updater also has an automated checker which notifies you if anything needs updating; this includes notifications of the core software and Joomla extension that utilise this feature. Keeping your site up to date is the single best thing you can do to secure your web assets and Joomla gives you the tools to do this with little effort.

Integrated Help System

Joomla has an in-app contextual help system to help every level of user to operate their Joomla! Most pages have a help button in the top right, helping you fully understand all options on that page. There is also a glossary explaining the terms in plain English, a version checker makes sure you're using the latest version, a system information tool helps you troubleshoot. If all else fails, links to a wealth of online resources for additional help and support are available, such as Joomla! Documentation and User Forum.

Media Manager

The Media Manager is the tool for easily uploading, organizing and managing your media files and folders. You can even handle more types of files, thanks to the configurable MIME settings. The Media Manager is integrated into the Article Editor so you can access images and all other media files for easy usage and enhancement of your written content.

Banner Management

With the banner manager you have the possibility to easily add advertising and monetize your website. The tool allows you to create clients and campaigns, to add as many banners as you need, even custom codes, to set impression numbers, track the clicks and much more...

Contact Management

Not enough with just one contact form on your site? The contacts component allows you to add several contacts, departments and categories, and extend the basic contact information with miscellaneous information and an image. Easily set up a contact form for each contact you create and allow access to the public or just to some registered users, or create a listing of these contacts.

Search better, Search Smarter

With the built in search and smart search, your website visitors will be able to quickly and easily find the appropriate information on your site. And even more, thanks to the statistics you can analyze your visitors needs and streamline your content even better to serve them. You have the ability to use the included smart indexing, advanced search options, auto suggest searches - making Joomla search the best in class right out of the box.

Content Management

Joomla is a Content management system at heart and has some seriously great features that make organising and managing your content a breeze. Content creation is made very easy by the inbuilt WYSIWYG editor and allows you to edit content without any knowledge of code. After you created your content you'll find a lot of possibilities to show it on the frontend. Next to different layouts, you're able to use several pre installed modules to show the most popular articles, latest items, related articles and more.

Nested categorization

When you are managing content, organisation is a key requirement. Being able to create categories with nesting and no limits on depth is a great plus in helping manage large websites.

Tagging

When categorisation is not enough to structure your content, it's time to look at a flat organisation structure which is best served by tagging. What's more, tagging in Joomla also supports nesting, so limits are just not there!

Frontend Editing

Editing content should be easy and fast. You are reading through your site's content and see a change you need to make. No need to login to the administrative section any more for simple edits of content and modules. Simply click and edit from the frontend.

Content Versioning

You will never again lose a previous important version of your article and other changes on your site. You are now able to track exactly who made what changes, when, and, if a version note was entered, why the item got edited. Then if needed you can revert to any previous version.

Syndication and Newsfeed Management

Make sure your visitors stay updated on the new content you're adding, even when they come only once in a while. With Syndication you create a feed that users subscribe to in their favorite RSS reader and so they receive the updates. With newsfeed management, you can integrate RSS feeds to your site. Gather all posts from some of the largest news sites and show them on your site for example.

Menu Manager

The Menu Manager allows you to create as many menus and menu items as you need. You can structure your menu hierarchy (and nested menu items) completely independent of your content structure. Put one menu in multiple places and in any style you want; use rollovers, dropdown, flyouts and just about any other navigation system you can think of. Also automatic breadcrumbs are generated to help navigate your site users.

Powerful Extensibility

The Joomla core is just the beginning, the real power is in the way you can customize Joomla.More then 8.000 extensions are available to extend your website and broaden it's funcionality. Visit the Joomla Extensions Directory or use the Joomla extension finder built right into Joomla to see thousands of ways to enhance Joomla to suit your needs.

Extensive ACL for all your access control needs

ACL stands for Access Control List , it allows you to manage the users of your site, and different groups. When you're managing large content portals or even intranets that means you need extensive control on who can see what and who can edit or manage what. The Joomla ACL is extremely powerful and can be tweaked via configuration to suit any needs you might have.

For Designers

Design Uncoupled

Joomla was one of the pioneers in open source CMS's by adopting a MVC design strategy. MVC means that views are strictly separate from the business logic. This is a huge advantage since you own the views or can override them to achieve superior custom designs. Joomla not only gives you the design freedom that you have always craved but can help you make your sites stand out in the crowd!

Responsive with Bootstrap

Joomla is Mobile Ready and allows you to build more than just websites but online applications that can respond to virtually any device. Joomla! core templates are built with Bootstrap making it responsive out of the box. Which means you have a toolset to work with which makes creating templates even easier!

Do More with Less

Spend less time coding and reduce the tedious tasks associated with building interfaces in Joomla 3. Joomla now features LESS CSS and jQuery which means you can write less code to achieve greater results. In addition the Icomoon font icon library provides a wealth of retina-optimized icons. The Joomla User Interface (JUI) library gives you a standardized backend & frontend interface.

Override Away!

With a highly advanced override system, designers get an awesome amount of power over how pages & elements of pages are presented without touching any of the core code! Practically any HTML generated by Joomla can be customized to your project.

Beautiful Fonts for that extra edge

Designers know the power of fonts for expressing ideas and design strategies. With Joomla you don not need to get constrained by standard Web fonts. The Joomla core itself opens a whole new world of expression because it allows you the freedom to use Google fonts to make that new design dream come true !

Template Management

Templates in Joomla are more than a framework for managing your designs but a powerful tool suite for making your site look exactly the way you want. You have complete control of your presentation since you can either use a single template for the entire site or a separate template for each site section or menu item. The level of visual control goes a step further with powerful template overrides, allowing you to customize each part of your pages.

For Developers

User Management

Joomla has a registration system that allows users to configure personal options. Out of the box, there are nine user groups with various types of permissions on what users are allowed to access, edit, publish and administer.
Authentication is an important part of user management and Joomla supports multiple protocols, including LDAP, OpenID, and even Gmail. This allows users to use their existing account information to streamline the registration process.
All of this can be added onto with extensions, giving you complete control over what users can access and how they authenticate to your site.

Microdata library implementation

Developers will now be able to incorporate microdata more easily into their extensions and sites. From automating the Author tag in articles, to generating detailed markup for directories of information, the microdata library will significantly enhance how you can optimise SEO with Joomla!

Cloud Storage APIs

A new API in Joomla will allow Joomla to access cloud storage services including Amazon S3, Google Cloud Storage, Rackspace and Dropbox. This allows sites to now use these services as content distribution networks without the need for third party extensions.

System Features

Speedy page loads are possible with page caching, granular-level module caching, and GZIP page compression.
If your system administrator needs to troubleshoot an issue, an extended debugging mode and error reporting are invaluable.
The FTP Layer allows file operations (like installing Extensions) without having to make all the folders and files writable, making your site administrator's life easier and increasing the security of your site.
Administrators quickly and efficiently communicate with users one-on-one through private messaging or all site users via the mass mailing system.

Web Services

In a web where content is being shared across multiple networks, Joomla makes it easy to manage your content from a single location. With APIs supporting several third party services and a connector enabling requests to anywhere on the web, users and developers have a magnitude of power and data readily available to them.

PHP JSON: An Example Javascript JSON Client With PHP Server

While JSON has many uses, probably the most common use is to pass data structures to Javascript. JSON is simply a standard format for data structures.

In this example we'll use a PHP page as a JSON server; we'll use an HTML page with embedded javascript to contact the server, retrieve the data and display it via an alert popup.

A JSON Server in PHP

First, the server. Our server here is very simple, but of course it could easily retrieve data from a database. The data structure that this example sends is also very simple, but JSON can send data structures that are as complex as you like.

<?php

// Prevent caching.
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 01 Jan 1996 00:00:00 GMT');

// The JSON standard MIME header.
header('Content-type: application/json');

// This ID parameter is sent by our javascript client.
$id = $_GET['id'];

// Here's some data that we want to send via JSON.
// We'll include the $id parameter so that we
// can show that it has been passed in correctly.
// You can send whatever data you like.
$data = array("Hello", $id);

// Send the data.
echo json_encode($data);

?>

Let's imagine you run this on your local machine and access it with a URL like this: http://localhost/test.php?id=goodbye

What you get back looks like this:

["Hello","goodbye"]

Here we see some simple data in standard JSON format.

But it's much more interesting to retrieve this data via javascript.

A Simple JSON Javascript Client

The following HTML page implements a simple javascript client that contacts our server, retrieves data via an AJAX call and displays it in an alert popup.

While you could make the AJAX call in pure unvarnished javascript, it's much better to use a standard javascript library to hide browser and platform differences. In the following code we use the industry-standard free jQuery library, which downloads as a single file.

<html>

<head>

<script src="jquery-1.5.2.min.js"></script>

<script language="javascript">

// This just displays the first parameter passed to it
// in an alert.
function show(json) {
   alert(json);
}

function run() {
   $.getJSON(
 "/test.php", // The server URL 
    { id: 567 }, // Data you want to pass to the server.
   show // The function to call on completion.
    );
}

// We'll run the AJAX query when the page loads.
window.onload=run;

</script>

</head>

<body>

JSON Test Page.

</body>

</html>

JSON Example

This example reads JSON data from a web server running PHP and MySQL:

Customers.html

<!DOCTYPE html>
<html>
<body>

<h1>Customers</h1>
<div id="id01"></div>

<script>
var xmlhttp = new XMLHttpRequest();
var url = "http://www.w3schools.com/website/customers_mysql.php";

xmlhttp.onreadystatechange=function() {
    if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
        myFunction(xmlhttp.responseText);
    }
}
xmlhttp.open("GET", url, true);
xmlhttp.send();

function myFunction(response) {
    var arr = JSON.parse(response);
    var i;
    var out = "<table>";

    for(i = 0; i < arr.length; i++) {
        out += "<tr><td>" +
        arr[i].Name +
        "</td><td>" +
        arr[i].City +
        "</td><td>" +
        arr[i].Country +
        "</td></tr>";
    }
    out += "</table>"
    document.getElementById("id01").innerHTML = out;
}
</script>

</body>
</html>

---

The PHP Code on the Server

This is the PHP code running on the server:

<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");

$conn = new mysqli("myServer", "myUser", "myPassword", "Northwind");

$result = $conn->query("SELECT CompanyName, City, Country FROM Customers");

$outp = "[";
while($rs = $result->fetch_array(MYSQLI_ASSOC)) {
    if ($outp != "[") {$outp .= ",";}
    $outp .= '{"Name":"'  . $rs["CompanyName"] . '",';
    $outp .= '"City":"'   . $rs["City"]        . '",';
    $outp .= '"Country":"'. $rs["Country"]     . '"}';
}
$outp .="]";

$conn->close();

echo($outp);
?>

---

A Styled Version

Customers.html

<!DOCTYPE html>
<html>

<head>
<style>
h1 {
    border-bottom: 3px solid #cc9900;
    color: #996600;
    font-size: 30px;
}
table, th , td {
    border: 1px solid grey;
    border-collapse: collapse;
    padding: 5px;
}
table tr:nth-child(odd) {
    background-color: #f1f1f1;
}
table tr:nth-child(even) {
    background-color: #ffffff;
}
</style>
</head>

<body>

<h1>Customers</h1>
<div id="id01"></div>

<script>
var xmlhttp = new XMLHttpRequest();
var url = "http://www.w3schools.com/website/customers_mysql.php";

xmlhttp.onreadystatechange=function() {
    if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
        myFunction(xmlhttp.responseText);
    }
}
xmlhttp.open("GET", url, true);
xmlhttp.send();

function myFunction(response) {
    var arr = JSON.parse(response);
    var i;
    var out = "<table>";

    for(i = 0; i < arr.length; i++) {
        out += "<tr><td>" +
        arr[i].Name +
        "</td><td>" +
        arr[i].City +
        "</td><td>" +
        arr[i].Country +
        "</td></tr>";
    }
    out += "</table>"
    document.getElementById("id01").innerHTML = out;
}
</script>

</body>
</html>

WordPress 4.2.1 Security Release

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

The Drupal overview

Effective Web design balances flexibility and simplicity. If a system is too simple, it can only be used for a single purpose - but if it is too flexible, it may be too difficult for new users to learn.
Drupal strives to balance this by providing its users with the tools they need to make their own content management solution, while still providing some pre-built components to help them get started. Thus, it can be described both as a content management system (CMS) and a content management framework (CMF) - one system that strives to have the strengths of both, without their deficiencies.
Most CMS's are like a toy boat or truck - specific assumptions have been made about their use, assumptions that would be hard for you to override. Frameworks, on the other hand, provide you with raw materials only - you need to know a programming language and have a clear design vision to put them together.
Drupal is like a Lego kit. Skilled developers have already made the building blocks - in the form of modules - that you need to create a site that suits your needs, whether that is a news site, an online store, a social network, blog, wiki, or something else altogether.

Drupal in action

To make the contrast between Drupal and other CMS's more concrete, consider the example of a news site. You want to be able to post news articles on the site, and you want the homepage to have a section featuring the five most recent ones. Next, you decide that you want to add a blog section, and put a list of links to the five most recent blog entries on the homepage as well.
If you were using an ordinary CMS, first you would install a plugin that handled news articles and could put short blurbs on the homepage. Next, you’d install a plugin that would track the latest blog posts and put a list of those on the homepage. Each plugin would only be responsible for tracking and managing a particular kind of content, and would remain relatively isolated from the others.
But, what happens when you have that brilliant middle-of-the-night idea, and want to blend these two functions by showing a list of blog posts about the latest news items, ordered by most active contributor first? If you’re using a “toy truck” CMS, you may be out of luck, or need to hire a developer to write you a custom plugin from scratch. But through the power of the Drupal way, the way of manageable abstraction, you can whip out a kit full of parts and knock this together pretty quickly. (Hint: just use Views.) Since Drupal's modules do things in a standard way and interface with a common underlying system, building all sorts of clever, customized features is just a matter of snapping parts together.
Of course, this flexibility comes at a certain cost. While a toy truck is instantly understandable and ready to use without much thought, a modular vehicle construction kit will by nature require you to read the instruction manual first. The building blocks are out there, but you'll need to learn how they fit together before you can take a paper prototype and turn it into a full-featured website.
Drupal core, and the thousands of contributed modules that build on it, require an initial investment to learn, but mastering the Drupal way is immensely rewarding; the passionate community is a testament to its power to liberate site builders from the simplicity/flexibility dilemma. Once you've tried Drupal, you'll likely leave your toy truck and boat in the closet gathering dust.

How Drupal does it

Intrigued yet? Let's take a closer look at how Drupal works.
People often think of a website as a collection of static pages, with some functions (like a blog, or a news engine) thrown in to round it out. When they go to manage their site, they are thinking in terms of a tree-like hierarchy of pages that they will go in and edit.
Drupal, on the other hand, treats most content types as variations on the same concept: a node (more on this in a moment). Static pages, blog posts, and news items (some possible node types) are all stored in the same way, and the site's navigation structure is designed separately by editing menus, views (lists of content), and blocks (side content which often have links to different site sections).
It’s a lot like the separation you find in standards-compliant page coding—XHTML provides the meaningful structure of the information, while CSS arranges it for presentation. In Drupal, nodes hold the structured information pertaining to a blog post (such as title, content, author, date) or a news item (title, content, go-live date, take-down date), while the menu system, as well as taxonomy (tagging of content) and views, create the information architecture. Finally, the theme system, along with display modules like Panels, controls how all this looks to site visitors.
Since these layers are kept separate, you can provide a completely different navigation and presentation of your content to different users based on their specific needs and roles. Pages can be grouped differently, prioritized in a different order, and various functions and content can be shown or hidden as needed.

Nodes: The secret to Drupal's flexibility

We don't talk about "nodes" every day, but since they are at the heart of Drupal's design, they deserve further investigation. At its most basic, a node is a set of related information. When you create a new blog post, you are not only defining its body text, but also its title, content, author link, creation date, taxonomy (tags), etc. Some of these elements will be shown by the theme layer when the node is displayed. Others are meta-data that control when the node will show up at all - such as taxonomy or publishing status.
Since each item of content is stored as a node, and contains the same basic information, each can be handled in a standard way by both Drupal core and contributed modules. This allows site builders to choose exactly where they want content to show up, and exactly how they want it to look in each case. Most of a Drupal site builder's time is spent defining what kinds of information you want to store in your nodes, and configuring the structures (menus, taxonomy trees, views, panels) in which to display them.
As suggested before, you aren't limited to a single way of presenting your site's content. You can define as many navigation schemes, custom themes ("skins" for the site), blocks (small bits of content, such as the five most recent blog articles described earlier), and feature sets as there are distinct audiences for your site.
Comments are second-class citizens in Drupal compared to nodes, but they also illustrate the Drupal way. Comments aren't just part of the blog system, since there isn't a separate "blog system." Comments can be enabled on any node type you choose - blog posts, news items, book pages (which provide basic wiki features) and any other you may create.

Collaborative at the core

Creating an informational website that broadcasts from “one to many” is something that most CMS's do right out of the box. However, where Drupal really shines is when you want to empower site users to create content, and connect with each other - moving from "one to many" to "many to many."
With some CMS's, you can set up a blog, and you can install plugins to handle having a community of users, but what happens when you want to give individual blogs to each of your users, sorting their contents so that they can be displayed individually with their own skins, while also generating cross-blog topical digests, top five lists, and links out to elaborate, customized user profiles? What if you want to also integrate that with forums, a wiki-like environment, and give each user their own gallery of taggable photos?
Drupal is designed from the ground up so site builders can delegate content creation, and even site administration, to users. All you have to do is define who gets to do what on your site (through user permissions), and then you can start collaborating.

Get started quickly, customize extensively

Drupal's flexibility is incredible, but installing it is surprisingly easy. With a simple FTP upload and a few short web-based configuration questions, you can connect with your database and have your first Drupal site up and running within an hour.
Pick one of the included themes, and just start adding content. Do you want to have visitors log in? Switch authentication on or off. Want to switch on some of the included tools? Turn on forums; enable commenting on node types; turn on the book module for wiki-like collaboration; create forums and polls; use taxonomy to give site content structured, hierarchical categorization or free-form tagging.
Do you want your own skin applied to the site? Drupal's theme system uses tiny snippets of PHP that you can insert into the appropriate spots in your design to replace your placeholder Lorem Ipsum text with dynamic content. Drupal’s generated markup is clean, standards-compliant XHTML. No old-school tables. No cruft. No kidding.

The Drupal flow

If you want to go deeper with Drupal, you should understand how information flows between the system's layers. There are five main layers to consider:

1. At the base of the system is the collection of nodes—the data pool. Before anything can be displayed on the site, it must be input as data.
2. The next layer up is where modules live. Modules are functional plugins that are either part of the Drupal core (they ship with Drupal) or they are contributed items that have been created by members of the Drupal community. Modules build on Drupal's core functionality, allowing you to customize the data items (fields) on your node types; set up e-commerce; programmatically sorting and display of content (custom output controlled by filters you define); and more. There are thousands of different options within the fast-growing repository of contributed Drupal modules. They represent the innovation and collaborative effort of everyone from individuals to large corporations.
3. At the next layer, we find blocks and menus. Blocks often provide the output from a module or can be created to display whatever you want, and then can be placed in various spots in your template (theme) layout. Blocks can be configured to output in various ways, as well as only showing on certain defined pages, or only for certain defined users. Menus are navigators in Drupal, which defines the content coming on each defined menu path (relative URL). Menus are core element of Drupal which gives all the pages created in Drupal
4. Next are user permissions. This is where settings are configured to determine what different kinds of users are allowed to do and see. Permissions are defined for various roles, and in turn, users are assigned to these roles in order to grant them the defined permissions.
5. On the top layer is the site theme (the "skin"). This is made up predominantly of XHTML and CSS, with some PHP variables intermixed, so Drupal-generated content can go in the appropriate spots. Also included with each theme is a set of functions that can be used to override standard functions in the modules in order to provide complete control over how the modules generate their markup at output time. Templates can also be assigned on-the-fly based on user permissions.

This directional flow from bottom to top controls how Drupal works. Is some new functionality you want not showing up? Perhaps you uploaded the module into the system but have not activated it yet, and this is making everything downstream non-functional (as in "A" in the diagram above).
Maybe the module is installed and activated, but you still don’t see what you want on your site. Did you forget to place the block, as in "B"? Or are your user permission settings conflicting with what you want and your users are not set to see the output as in "C"?
Additionally—as mentioned earlier—getting the kind of granular control you want over the details of the XHTML module outputs requires understanding this flow. Are you using a module that does exactly what you want, only you wish the markup was just a little bit different? Maybe you’d like it to use different tags, or you’d like to assign a CSS class to something? You accomplish this by copying the output function from the module and pushing it up to the functions document in your theme. Modify the code there, and when the system goes to output, it will see your customized function and use that instead.

Get up close and personal

Now that you’ve gotten a brief introduction to the Drupal way, why not install Drupal on your server and try it for yourself? The Installation & Configuration guide gives step-by-step instructions if you need help getting started.