Home » Blog »

babygekko development blog

Secunia Advisory SA49052 is incorrect - the correct one is SA49023

Please note that Secunia SA49052 is incorrect because Baby Gekko CMS v1.2.0 is not affected at all with this low severity XSS vulnerabilities. The correct one is SA49023.

Baby Gekko v1.2.0 released, with 3rd party independent security testing performed by Zero Science Lab

Download URL: http://www.babygekko.com/downloads/gekko_web_builder_v1.2.0.zip

What makes Baby Gekko v1.2.0 so much more improved?

• Email templates - customize your own message for user registration, activation, forgot password, etc.
• New feature: account activation by email
• Combined admin.js and gekkoz.js and merge it into one to save bandwidth
• More CSRF protection implemented for some of the AJAX part
• Captcha in user activation option
• Fixed UTF-8 search display (mb_substr)
• Removed $onload from each script in admin/apps - existing 1.1.x app may give a Javascript error in the backend (administration), however it will still run just fine.
• On the Javascript/AJAX side, you can extend from let's say blog.js or html.js etc since the $onload is removed and replaced with $start_ajax_app
• Install all filter/block/app in one zip
• Checkbox not saving properly in Filter Config
• New: Case insensitive username
• New: login by email
• New: activation_string for new user registration
• New: Email template, customizable from the backend
• New: HTML5 backend
• Using PHPMailer now by default
• Fixed the Image Manager
• Fix Drag and Drop with multiple app
• Fix Menu Item Display in Admin
• Fix nested tree rendering error
• Auto Cleanup Session
• Block now includes language file properly in the admin section
• File Manager .DS_Store is no longer appearing there
• Block now includes language file properly in the admin section
• Checkbox not saving in Block Config
• File Manager – Added search functionality and fix listings

Zero Science Lab has helped not only to identify but also fixed some bugs that are shipped in the core version.

• 12 XSS bugs in contacts module (frontend)
• 5 XSS bugs in users module and register function (fronend)
• 1 XSS bug in menus module (backend)
• 2 XSS bugs in blog module (backend)
• 1 URI XSS bug
• 2 Path Disclosure bugs in the default demo templates

Credits: Gjoko Krstic from Zero Science Lab
Advisory ID: ZSL-2012-5086
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php

Some Highlight of new features:

Quick update - March 28, 2012

Just a quick update - here's what we're working on now:

• More free templates (by the end of May)
• More documentation for developers
• A shopping cart app (by the end of June)
• Tutorials for end-users on our Youtube Channel..

Alright, back to work.

 

A small bug in the UNIX version of Baby Gekko (Microsoft WebPI and WebMatrix are not affected)

A small bug has been reported here where it wouldn't installation and this only affects the UNIX version (Mac OS X/Linux/BSD). The fix is here. Alternatively, you can re-download v1.1.5a.

BabyGekko v1.1.5 is now available on Webmatrix/WebPI

Baby Gekko v1.1.5 is now available! This is a maintenance release (Apache) and the first version that is fully compatible with IIS/WebMatrix. The time has finally come and it's long over due that Baby Gekko is listed among other CMS such as Drupal, Wordpress, Concrete5, etc. Yes, the company is still new (Dec 2011) but the software has been developed since 2006 and is quite mature. Our thanks to the IIS, MS' Web Platform and WebMatrix for their feedback and recommendations. This version brings the following changes:

• Admin area loads faster now.
• Buttons are now grey-colored by default to make it easier on the eyes.
• gekkodatepicker.js, yui_validation.js and gekkoutilities.js have been merged into a single file gekkoz.js (please note this if you use the CSS-based form validation for your app). Everything should be backward compatible although the form validation is now a class of itself.
• A few minor bugfixes.
• There will be more documentation and 3rd-party apps/blocks/filters coming (yes, we still have work to do in documentation and providing free apps right now, but this will change soon in the next few months). This is also your chance to contribute and be the pioneer. Simply join our forum and submit your apps and we'll link your site!

Download v1.1.5 (or simply use the auto-updater if you're lazy like me. Note: for auto-update, you need to download that auto-updater first and upload it through Applications menu). Any changes you made files ending in ".template.php" in the frontend won't be overwritten. I use this auto-updater to manage several websites and saved many hours!

v1.1.5 (Apache on BSD/OS X/Linux/Solaris/Windows 2003/2008). Some installation video tutorials are available from http://www.youtube.com/babygekkocanada
or
Directly from Microsoft Web Platform Installer (only for IIS7.x on Windows 7/2008/2008R2). If you are so inclined, please give us a great review on Microsoft's website. Thanks. Note: IIS 6 on Windows 2003 is definitely not supported and we have no plan on supporting any deployment on Windows 2003/IIS6 (although technically you can, by disabling the URL Rewrite function in config.inc.php manually). If you use Apache on Windows 7/2003/2008, you can use the generic version on this site.

If you plan on deploying the site on IIS, please only download directly from Microsoft Web Platform Installer or WebMatrix since there's a few differences for IIS and do not use the generic version from our site. Microsoft's WebMatrix is actually very decent for testing and there's even a one-click uploading function. If you're on Windows and use IIS, you might want to check it out. If you have your own Windows 2008 server, please use Web Platform Installer.

Baby Gekko v1.1.4 released

Baby Gekko  v1.1.4 has been released. You can download it from here.

List of fixes:

• Correctly identifies 404 page for files in the root html application (previous version will still return the main home/index page)
• RSS now generates absolute path
• Changed captcha colors so it's more visible (not just grey)

List of new features:

• New TinyMCE skin (see the screenshot below)
• Port number for installation - now accepts any port (used to be able to accept port 80 only)
• Clear Cache button in the Settings menu
• Block outputs are all buffered so you can correctly add CSS, Javascript, etc to the header instead of in the body of the HTML
• SSL support - now you can force the pages to be displayed in SSL only. SSL can also be used for login
• Saving aliases are now correctly check. e.g: if there's already an application called "blog", it will automatically save it as "blog-1"
• Contacts and User signup - give admin control to display captcha or not during signup/sending email message
• SortBy options in Editor
• Page Counter if there's 'pageview' field if the application sets 'chk_enable_pageview_stats' to 1
• When timed out in Admin session and Admin relogin, it will go to the intended page (also filtered for XSS just in case)

Sample of websites using BabyGekko CMS engine

Here's some websites created using BabyGekko CMS Engine

http://www.babygekko.com/site/showcase

Gekko Web Builder v1.1.3 has been released

Version 1.1.3 fixes URL rewriting bug (Apache/Linux) and also introduces compatibility with Microsoft's IIS 7.5 with a new web.config included by default.

All users are recommended to use the Auto-Updater, which can be found in the Extensions section.

You can download the latest version: v1.1.3

A screenshot of a Wordpress theme converted into BabyGekko CMS template

This is just an example of a Wordpress theme that has been converted into BabyGekko CMS theme. More templates are coming.

BabyGekko CMS API has been released

BabyGekko CMS API has been released and you can learn more about how it works and how to start building applications, blocks, and filters from here: http://api.babygekko.com.

copyright © 2007 - 2012 babygekko.