Home » Blog »

babygekko development blog

Secunia Advisory SA49052 is incorrect - the correct one is SA49023

Please note that Secunia SA49052 is incorrect because Baby Gekko CMS v1.2.0 is not affected at all with this low severity XSS vulnerabilities. The correct one is SA49023.

Baby Gekko v1.2.0 released, with 3rd party independent security testing performed by Zero Science Lab

Download URL: http://www.babygekko.com/downloads/gekko_web_builder_v1.2.0.zip

What makes Baby Gekko v1.2.0 so much more improved?

• Email templates - customize your own message for user registration, activation, forgot password, etc.
• New feature: account activation by email
• Combined admin.js and gekkoz.js and merge it into one to save bandwidth
• More CSRF protection implemented for some of the AJAX part
• Captcha in user activation option
• Fixed UTF-8 search display (mb_substr)
• Removed $onload from each script in admin/apps - existing 1.1.x app may give a Javascript error in the backend (administration), however it will still run just fine.
• On the Javascript/AJAX side, you can extend from let's say blog.js or html.js etc since the $onload is removed and replaced with $start_ajax_app
• Install all filter/block/app in one zip
• Checkbox not saving properly in Filter Config
• New: Case insensitive username
• New: login by email
• New: activation_string for new user registration
• New: Email template, customizable from the backend
• New: HTML5 backend
• Using PHPMailer now by default
• Fixed the Image Manager
• Fix Drag and Drop with multiple app
• Fix Menu Item Display in Admin
• Fix nested tree rendering error
• Auto Cleanup Session
• Block now includes language file properly in the admin section
• File Manager .DS_Store is no longer appearing there
• Block now includes language file properly in the admin section
• Checkbox not saving in Block Config
• File Manager – Added search functionality and fix listings

Zero Science Lab has helped not only to identify but also fixed some bugs that are shipped in the core version.

• 12 XSS bugs in contacts module (frontend)
• 5 XSS bugs in users module and register function (fronend)
• 1 XSS bug in menus module (backend)
• 2 XSS bugs in blog module (backend)
• 1 URI XSS bug
• 2 Path Disclosure bugs in the default demo templates

Credits: Gjoko Krstic from Zero Science Lab
Advisory ID: ZSL-2012-5086
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php

Some Highlight of new features:

Quick update - March 28, 2012

Just a quick update - here's what we're working on now:

• More free templates (by the end of May)
• More documentation for developers
• A shopping cart app (by the end of June)
• Tutorials for end-users on our Youtube Channel..

Alright, back to work.

 

A small bug in the UNIX version of Baby Gekko (Microsoft WebPI and WebMatrix are not affected)

A small bug has been reported here where it wouldn't installation and this only affects the UNIX version (Mac OS X/Linux/BSD). The fix is here. Alternatively, you can re-download v1.1.5a.

BabyGekko v1.1.5 is now available on Webmatrix/WebPI

Baby Gekko v1.1.5 is now available! This is a maintenance release (Apache) and the first version that is fully compatible with IIS/WebMatrix. The time has finally come and it's long over due that Baby Gekko is listed among other CMS such as Drupal, Wordpress, Concrete5, etc. Yes, the company is still new (Dec 2011) but the software has been developed since 2006 and is quite mature. Our thanks to the IIS, MS' Web Platform and WebMatrix for their feedback and recommendations. This version brings the following changes:

• Admin area loads faster now.
• Buttons are now grey-colored by default to make it easier on the eyes.
• gekkodatepicker.js, yui_validation.js and gekkoutilities.js have been merged into a single file gekkoz.js (please note this if you use the CSS-based form validation for your app). Everything should be backward compatible although the form validation is now a class of itself.
• A few minor bugfixes.
• There will be more documentation and 3rd-party apps/blocks/filters coming (yes, we still have work to do in documentation and providing free apps right now, but this will change soon in the next few months). This is also your chance to contribute and be the pioneer. Simply join our forum and submit your apps and we'll link your site!

Download v1.1.5 (or simply use the auto-updater if you're lazy like me. Note: for auto-update, you need to download that auto-updater first and upload it through Applications menu). Any changes you made files ending in ".template.php" in the frontend won't be overwritten. I use this auto-updater to manage several websites and saved many hours!

v1.1.5 (Apache on BSD/OS X/Linux/Solaris/Windows 2003/2008). Some installation video tutorials are available from http://www.youtube.com/babygekkocanada
or
Directly from Microsoft Web Platform Installer (only for IIS7.x on Windows 7/2008/2008R2). If you are so inclined, please give us a great review on Microsoft's website. Thanks. Note: IIS 6 on Windows 2003 is definitely not supported and we have no plan on supporting any deployment on Windows 2003/IIS6 (although technically you can, by disabling the URL Rewrite function in config.inc.php manually). If you use Apache on Windows 7/2003/2008, you can use the generic version on this site.

If you plan on deploying the site on IIS, please only download directly from Microsoft Web Platform Installer or WebMatrix since there's a few differences for IIS and do not use the generic version from our site. Microsoft's WebMatrix is actually very decent for testing and there's even a one-click uploading function. If you're on Windows and use IIS, you might want to check it out. If you have your own Windows 2008 server, please use Web Platform Installer.

Baby Gekko v1.1.4 released

Baby Gekko  v1.1.4 has been released. You can download it from here.

List of fixes:

• Correctly identifies 404 page for files in the root html application (previous version will still return the main home/index page)
• RSS now generates absolute path
• Changed captcha colors so it's more visible (not just grey)

List of new features:

• New TinyMCE skin (see the screenshot below)
• Port number for installation - now accepts any port (used to be able to accept port 80 only)
• Clear Cache button in the Settings menu
• Block outputs are all buffered so you can correctly add CSS, Javascript, etc to the header instead of in the body of the HTML
• SSL support - now you can force the pages to be displayed in SSL only. SSL can also be used for login
• Saving aliases are now correctly check. e.g: if there's already an application called "blog", it will automatically save it as "blog-1"
• Contacts and User signup - give admin control to display captcha or not during signup/sending email message
• SortBy options in Editor
• Page Counter if there's 'pageview' field if the application sets 'chk_enable_pageview_stats' to 1
• When timed out in Admin session and Admin relogin, it will go to the intended page (also filtered for XSS just in case)

Sample of websites using BabyGekko CMS engine

Here's some websites created using BabyGekko CMS Engine

http://www.babygekko.com/site/showcase

Gekko Web Builder v1.1.3 has been released

Version 1.1.3 fixes URL rewriting bug (Apache/Linux) and also introduces compatibility with Microsoft's IIS 7.5 with a new web.config included by default.

All users are recommended to use the Auto-Updater, which can be found in the Extensions section.

You can download the latest version: v1.1.3

A screenshot of a Wordpress theme converted into BabyGekko CMS template

This is just an example of a Wordpress theme that has been converted into BabyGekko CMS theme. More templates are coming.

BabyGekko CMS API has been released

BabyGekko CMS API has been released and you can learn more about how it works and how to start building applications, blocks, and filters from here: http://api.babygekko.com.

Gekko Web Builder version 1.1.2 is released

We have just released version 1.1.2 of Gekko Web Builder. This is a minor release.

Fixes:
- Frontend search result ignored the summary field

New Feature:
- Added sub-application loading capability within an application (frontend and backend)

Download it here: http://www.babygekko.com/downloads/gekko_web_builder_v1.1.2.zip (or you can use the auto-updater in the extensions section)

Gekko Web Builder v1.1.1 is released

Gekko Web Builder v1.1.1 has been released. This release fixes a few minor bugs in the user login area. If you have used v1.1.0, be sure to go to the extension area and download the one-click updater extension so you don't have to manually update your CMS.

Download it here: gekko_web_builder_v1.1.1.zip

Announcing the release of Gekko Web Builder v1.1.0

Baby Gekko is a leading-edge content management system that continues to deliver innovative features to many users. Gekko Web Builder brings exciting new features for users and web developers. Highlights of these features can be found below.

• Tested with over a million rows. Gekko Web Builder can hold large dataset
• API Change: MD5 is replaced with salted SHA1 for user authentication
• Enhanced frontend search
• Added getBlockCountByPosition for compatibility with mosCountModules for those who wants to migrate their Joomla template
• Enhanced frontend search
• New icons
• Many many bug fixes

Download it here: http://www.babygekko.com/downloads/gekko_web_builder_v1.1.0.zip

Gekko Web Builder v1.0.1 released

Gekko Web Builder 1.0.1 is now available on the forge for download here. This version also fixes the bug where creating thumbnail function fails on PHP 5.2 since the file type was determined with finfo_open, which is not available until PHP 5.3. We added a backward compatibility fix for this function.

Gekko Web Builder v1.0.0

Hello,

Gekko Web Builder v1.0.0 is finally out and you can download it here: http://www.babygekko.com/downloads/gekko_web_builder_v1.0.0.zip.

New features at a glance:

• BabyGekko's own TinyMCE media manager
• Enable multi-session login
• XML-RPC ready (will be implemented as an extension instead of built-in for security reason)
• YUI v2.9
• More stable API
• Many many bug fixes

Happy Thanksgiving!

Gekko Web Builder v0.99BETA is out

Hi folks,

Gekko Web Builder v0.99BETA is out. You can download it here: http://www.babygekko.com/downloads/gekko_web_builder_v099BETA.zip. I will be focusing the development on documentation, themes and applications and I hope this is the start when the content management system grows.

New features at a glance:

• YUI v2.8.2r1
• TinyMCE 3.3.9.2
• Breadcrumbs
• Final API freeze
• Many many bug fixes

Merry Christmas and have a Happy New Year!

Demo

You can try the demo at http://gekkocms.babygekko.com. The backend can be viewed from here: http://gekkocms.babygekko.com/admin (no password required, but write access and certain functionalities have been disabled)

Gekko Web Builder v0.98ALPHA has been released

Gekko Web Builder 0.98ALPHA has just been released. It's about 4-6 weeks before final API freeze then I will release the BETA version. I am currently running it on my blog http://www.prana.bz (ex-Wordpress) and has tested this for the last couple of weeks and so far it's been great.

Please note:

• It is better to run this apps in suPHP mode so you don't have to chmod the cache directory to world writeable (777).
• You must set the application alias for HTML (Go to Web Pages -> Configuration -> Application Alias)
• Database fields have been changed. Unless you're proficient with SQL, it is better to perform a fresh install. (Please note that database structure has been finalized for now, so I am not expecting any further change except some index optimization, etc)

Download here: http://www.babygekko.com/downloads/gekko_web_builder_v0.98ALPHA.zip

In Progress - New Template Manager

Just an update on this ongoing active development. We are still working on the Template Manager.

In Progress - Items with Multiple Categories

We're delaying v0.91 release as we're still refining the BasicMultipleCategories class (the framework). The application for this class will be e-commerce, business directory, etc.

Sample screenshot:

Gekko Web Builder v0.91 to be released soon

Coming soon (first week of April): Gekko Web Builder v0.91ALPHA.

What's new:

• Database caching!
• Text filters
• Comment module
• Fix - Menu ordering bug

Gekko Web Builder v0.90 released

Now you can download the code right here.

Some known issues:

• Date editor is a bit buggy in the HTML editor.
• When saving a menu item, and if the admin changes the search-engine friendly shortcut, it will not be automatically updated. You must go back to the menu editor and re-edit and save it. This will be fixed in the future.
• There is no path bar implemented in this release yet.
• You can install 3rd-party components manually but there is no upload function like in Mambo.

Gekko Web Builder Demo

Gekko Web Builder demo can now be accessed from here:

http://gekkocms.babygekko.com/

We are still finishing the final package before releasing the PHP code next week.

Gekko Web Builder to be released soon

Gekko Web Builder v0.90ALPHA has just been finalized. Our site now runs on this software and we will provide the downloads within 72 hours after the final testing.

Please click here for more information.

Merry Christmas 2009 & Happy New Year 2010!

Wishing everyone a Merry Christmas & Prosperous New Year!!

Seasons Greetings

Seasons greetings,

Our office will be closed from December 25 - January 6

We will resume our normal operation on Monday, January 7, 2007. Web hosting technical support (excluding web design) will still be available during the closing period.

Wishing you a Merry Christmas and a have a great New Year!

Nifty Box 1.03

This plugin gives you the ability to easily add beautiful rounded corner box (niftybox) and multiple columns (niftycolumn) for a block of text with only CSS - no extra images at all! The box is useful for displaying quotes, stylish rounded box and creating multiple columns in your content. e.g: { niftybox background=ivory,textcolor=maroon,float=right} This is a sample of nifty box {/niftybox }

Note: We've tested this with several layout templates and the NiftyColumn is known not to work with the default rhuk_solarflare_ii template that is shipped by default in Joomla. However, NiftyBox works fine in all cases.

Download: niftybox_1.03.zip

Demo: http://www.babygekko.com/niftybox-demo.html

VERSION History

• v1.03: minor maintenance release - fixed CSS floating/clearance for individual niftybox. Also fixed duplicate CSS tag in generated HTML code in the HEAD tag.
• v1.02: fixed line-break bugs.
• v1.01BETA: removed Javascript completely, added border options, fixed MSIE, new visual color guide (compatible with most major browsers). Tested with Opera, Firefox, Seamonkey, MSIE 6.
• v1.0BETA: fix MSIE 6 and 7 rendering

New support forum

New support forum is opened. Please use this facility to ask questions, comments, etc about our web design, hosting, or open source software: http://www.babygekko.com/forum/

Nifty Box v1.02STABLE

Nifty Box v1.02 Mambot will be released next week (Tuesday, May 29, 2007). This will fix the line break bug when you are typing in Joomla WYSIWYG editor.

New website is up and running!

Our website has been revamped! We hope that it makes it easier for our users to browse {ln:faq 'Frequently Asked Questions}.

copyright © 2007 - 2012 babygekko.