www.clan-themes.co.uk :: View topic - What Version Of Nuke To Use
Welcome To Clan Themes
As the board grows please remember the Search Option and we hope you find our community useful.
We also monitor Private Messages to stop members from abusing our sites system. If you are asking for assistance please provide your site link and nuke version, Thanks.
I wanted to take a moment to talk a little about the current state of affairs with PHP-Nuke and the intentions of what is now becoming "many" of us in the PHP-Nuke development community.
I am addressing this because it is important for everyone in the community of PHP-Nuke Webmasters to realize some of the facts about what is going on with PHP-Nuke, where it has been and where it seems to be going.
In the latter regard, I can only assure everyone that the biggest obstacle to PHP-Nuke evolution is the self-proclaimed "Author", Mr. Burzi. I say this only because with each new version of PHP-Nuke that is released, Mr. Burzi fails to apply previous version fixes, while he also creates new bugs and security holes. If you use any version of PHP-Nuke that comes from Mr. Burzi, quite frankly you are at severe risk of intrusion and hacking. There is no easier or nicer way to put it.
In this regard, I want to talk a little about PHP-Nuke 7.9. It should be pointed out right off the bat that PHP-Nuke 7.9 has many very serious issues. In fact, even with "Patched" the issues are so major that it staggers the imagination to contemplate just how bad they are.
In this latest release, the Nuke author has attempted to employ new filtering processes in an effort to deal with the many gaping security holes left in Nuke after version 7.6 with the implementation of the TinyMCE HTML Editor.
Unfortunately, Mr. Burzi's efforts once again were hap-hazard at best and actually create more problems than they seek to fix. Additionally, even after three versions of Nuke, Mr. Burzi still has failed to properly integrate the TinyMCE HTML Editor and rumor has it that affective version 8.0, the editor functions will be removed. Additionally, Mr. Burzi proposes to once again completely change the administration functions of PHP-Nuke making all legacy modules incompatible and requiring recoding.
Let me cut to the chase. First, don't use PHP-Nuke 7.7 through 7.9 under any circumstances! There are simply far too many problems and this code is basically a giant mess that should be completely ignored. "1CMS" uses PHP-Nuke Version 7.8 as a baseline; however, you need to keep in mind for all intensive purposes what I have here is NOT PHP-Nuke, it is something completely different as every single baseline file has been recoded. Yes, it is PHP-Nuke compatible, but that is about as far as the relationship goes.
Unfortunately, with PHP-Nuke 7.9 things get even worse then previous versions. Much like versions 7.7 and 7.8, there are severe new problems created by Mr. Burzi's, "I know best and I am going it alone" approach to coding and distribution. As he fails to even attempt minimal testing of his code, it should be obvious to everyone that this is dangerous stuff which should be avoided like small pox.
This "I know best" attitude has finally taken a toll on some of the better known and dedicated nuke developers including Bob Marion, the widely respected developer of the Nuke Scripts Network (NSN) solutions. Bob recently announced that he will no longer be supporting future versions of PHP-Nuke because of Mr. Burzi's methodologies for releasing new versions and the total disregard in addressing serious security issues. You can read Bob's comments at: http://www.nukescripts.net/index.php?op=NEArticle&sid=2206.
I find myself totally agreeing with Bob's perspectives with the one exception that I refuse to support Version 7.9 because of the major new flaws.
In my extensive testing of PHP-Nuke 7.9, I have discovered many new problems that make using it simply impossible, even with "Patched" loaded. In fact, I was hoping to adapt some of the new security filtering models and functions into "1CMS" but I have since abandoned that idea as the methodologies are deeply flawed. They fail to take into consideration the many different types of input variables that exist in Nuke and try to assign "all inclusive" type assumptions. This is simply no solution at all and testing has revealed that the current solution is indeed susceptible to XSS, JavaScript and other forms of attack if you know how and where to format the query.
Regarding Mr. Burzi's intentions for the future, again I agree with Mr. Marion that because Mr. Burzi "goes it alone" and ignores existing fixes that have implemented for as many as 8 versions back, I cannot endorse or recommend using any version of PHP-Nuke distributed by phpnuke.org or anywhere else for that matter. The code is simply horrible and instead of fixing problems and improving the code, Mr. Burzi just keeps tacking on new bugs and security holes in every new release.
As I have commented before (elsewhere), another major concern that I have is with people like Chatserv, the honorable author of the "Patched" series of updates. In my humble opinion, Chatserv seeks only to help the community by fixing various PHP-Nuke baseline problems. However, by distributing "Patched" for the last three versions of Nuke, I feel that his work only exasperates the fundamental problems while giving webmasters a "false sense of security". Indeed, "Patched" fixes some known bugs, but it does not begin to address any of the serious security, or major nuke structural or overall design flaws.
While I admire and respect Chatserv for attempting to patch some of the holes in these latest versions, as I have said before, the "Patched" solution is comparable to putting a band-aid over a shotgun wound. "Patched" for versions 7.7 through 7.9 may have some benefits; however, it does not begin to address ANY of the major design flaws of these three latest versions of Nuke. Patched does not begin to even address any of the HTML editor or security issues introduced with 7.7 and made only worse in versions 7.8 and even worse yet again in 7.9. Thus, if you have deployed any of these latest versions with "Patched" you should seriously consider downgrading to 7.6 with Patched 3.1 where there exists at least minimal protection from known vulnerabilities.
This leads me back to the beginning. What is best for the community of Nuke Webmasters that don't want to worry about these issues, but rather just want to provide content? In my humble opinion, the best scenario would be one where Nuke was stabilized and secured and evolution moved forward from there. In a nutshell, this is what I strive to accomplish with "1CMS". To lock it down, fix the issues and the functional bugs, to make it fully cross-browser compatible, and finally to make it compliant to W3C presentation standards. I didn't want to re-invent the wheel; however, the huge number of baseline issues made it necessary!
In moving forward with evolution of this solution, I seek to address ALL Nuke issues to make this version not only easy to use and robust, but secure as well. This is why to date; this solution has not been released publicly. Unlike Mr. Burzi, I don't want to release any version that would potentially put anyone at risk. I believe that the code should not be released until it reaches a point where it could be defined as reasonably secure, which is anything but what baseline or even "Patched" PHP-Nuke code is at this point.
This is a philosophy difference that I take very seriously. I firmly believe that it is time that a Nuke based solution not only be robust with features and compatibility with existing add-ons, but that baseline should also be standardized and stabilized to offer both webmasters and add-on developers alike a predictable model, evolution path and a logical, easy to employ and manipulate (customize the look and feel) structure.
I invite you to comment to this article and to talk about anything that you would like to see in Nuke as well as to express your viewpoints or concerns regarding my perspectives.
Here is another post from bob marrion from NSN regarding the same issue
Quote:
Let me start by saying, PHP-Nuke has had a long run with a steady downhill slant. With each new version the bugs become more and more severe, more and more dangerous. I spend too much of my time over securing scripts to make up for what PHP-Nuke is sorely missing.
Discussions have been started in several places about the future of PHP-Nuke and where it's headed. The majority seem to agree that as long as mr. burzi remains at the helm it is going to continue it's downard sprial. Along the way he will continue to rape the community $10 at a time and never blink an eye.
With this in mind I have decided that NukeScripts(tm) WILL NOT support a version beyond 7.9 unless, and we all know it won't happen, he opens it up to the community and starts including proper fixes, patches, enhancements, and input from those that can fix his dang piece of trash.
Therefore, I will update all NSN scripts to be usable with PHP-Nuke 7.0 thru 7.9 inclusively patched to the latest Patched level only, currently 3.1 (3.1e by my tracking) but not allowing the WYSIWYG to be used. The newest releases here have already been set to that standard in NukeClients(tm), NukePrizes(tm), the upcoming NSN News 2.0.0 (which btw bypasses all nuke security and uses it's own).
I am then going to look into a new fork/cms that starts either with 7.8 or preferablely 7.9 that has proper security and html compliance. The latter meaning I will have to do some studing to bring all of my scripts into complaince as well.
So where does this leave the newer releases of nuke.... well personally im not and wont use anything above 7.6... Make sure you do some research before you make your clan site, dont assume that the newest version of nuke is the best and safest !!
You can now get versions of nuke that are security patched and are secure so be very carefull what version u choose, if you would like any advice please ask !
Last edited by Ped on Wed Mar 28, 2007 9:17 pm; edited 2 times in total
gnav
Reputation: 461.4
Local time: 9:22 AM Location: New York City
Status: Offline
0.01 posts per day Medals: 0
Joined: Dec 09, 2006
Last Visit: 11 Dec 2006
Posts: 5 Points: 609
Posted:
Sat Dec 09, 2006 5:57 am
I had tried to get up my Clans site using 7.9, huge errors on the forums, tried 7.8 more errors, finally tried 8.0 and everything seems to be working fine for now except for some reason my shout box wont work, which im not sure could be blamed on me or the phpnuke version. I am definately looking for a secure working alternative which will still allow me to use phpnuke templates. Any ideas about how good the php platinum you have on this site is? Thanks.
=(-G-)=Nav
Ped
Reputation: 450.3 votes: 17
Local time: 3:22 PM Location: Great British Empire
Status: Offline
2.93 posts per day Medals: 2 (View more...)
Clan Themes Theme Guru Joined: Nov 13, 2006
Last Visit: 06 Jul 2008
Posts: 1759 Points: 8479
Finally! A bundled phpNuke distribution (based on v7.6) with all of the latest patches from Chatserv installed as well as the latest NukeSentinel(tm) release (2.4.2pl5 as of this writing) and more. Simply ftp the files, make a few changes in config file, run the installer, and you have a site with all the protection that this one does!
As far as im aware it is the best secure and safest nuke version avalible today !
With regards to your shout box u should post in the nuke problems it might be some thing simple ..... How well developed is your site ? you should consided reverting to the above distro after some checks.
Your theme templates from 8.0 will work on that too
gnav
Reputation: 461.4
Local time: 9:22 AM Location: New York City
Status: Offline
0.01 posts per day Medals: 0
Joined: Dec 09, 2006
Last Visit: 11 Dec 2006
Posts: 5 Points: 609
Posted:
Sat Dec 09, 2006 9:54 am
Ahhh you rock. Thanks Bro.
=(-G-)=Nav
P.S. Its abt 5 in the morning here and I have to go to the airport tomorrow morning to pick up my mom, so I'm out everyone. Fun first day on these forums. Catch you all later today.
bassaddicted
Reputation: 462.3
Local time: 9:22 AM Location: Quebec
Status: Offline
0.10 posts per day Medals: 1 (View more...)
Site Helper Joined: Dec 16, 2006
Last Visit: 11 Feb 2008
Posts: 54 Points: 9140
Posted:
Mon Dec 18, 2006 5:14 am
Really Good Info :)} at least if people read they wount Chsoe the Wrong Php-nuke hehe :D
Finally! A bundled phpNuke distribution (based on v7.6) with all of the latest patches from Chatserv installed as well as the latest NukeSentinel(tm) release (2.4.2pl5 as of this writing) and more. Simply ftp the files, make a few changes in config file, run the installer, and you have a site with all the protection that this one does!
As far as im aware it is the best secure and safest nuke version avalible today !
With regards to your shout box u should post in the nuke problems it might be some thing simple ..... How well developed is your site ? you should consided reverting to the above distro after some checks.
Your theme templates from 8.0 will work on that too
I have to agree. Raven's Distro is by far the best I've come across, plus with FCKeditor and NSN Groups bundled right in, it saves huge amounts of time for news and administration.
nextgen
Reputation: 471.3
Local time: 3:22 PM Location: modded.nuke@yahoo.com
Status: Offline
0.09 posts per day Medals: 0
Joined: Jan 09, 2007
Last Visit: 04 Jul 2008
Posts: 47 Points: 620
I am guessing you guys are using the most recent platinum or you did A tonof coding to yours ? Would you mind saying which version of the nuke cms you are using ?
Scorpion
Reputation: 471.6
Local time: 2:22 PM Location: 30 miles from Carentan
Status: Offline
0.56 posts per day Medals: 3 (View more...)
Very Important Person Joined: Dec 09, 2006
Last Visit: 04 Apr 2008
Posts: 321 Points: 31063
Status: Offline
0.25 posts per day Medals: 1 (View more...)
Clan Themes Theme Guru Joined: Nov 14, 2006
Last Visit: 31 Mar 2008
Posts: 149 Points: 17981
7.6Posted:
Wed Jan 10, 2007 6:49 pm
Hi as stated above we are indeed using Raven Nuke 7.6. It might look slightly different due to the theme , the number of modules and blocks we are using and the mods in the forum but it 7.6.
Thanks
Heefy
Ped
Reputation: 450.3 votes: 17
Local time: 3:22 PM Location: Great British Empire
Status: Offline
2.93 posts per day Medals: 2 (View more...)
Clan Themes Theme Guru Joined: Nov 13, 2006
Last Visit: 06 Jul 2008
Posts: 1759 Points: 8479
Posted:
Fri Jan 19, 2007 12:05 am
Here is another site condemning anything above 7.6
Quote:
Many users of this site will no longer answer questions from people running "fresh" installs of 7.7-9 or any future versions which include tinymce.
I personally recommend you do not use it, undertake a "fresh" install of an earlier version instead.
7.7-9 is in my opinion a complete backward step and by default is nothing more than an insecure pile of cack.
Many of it's issues relate to the tinymce wysiwyg editor which was added at 7.7
Most of the questions posted here recently are about either html issues in the forums, reviews, news etc, all of these problems relate to the wysiwyg editors addition in my opinion.
Unfortunately some users of established sites have upgraded to 7.7-9 and will attempt to help only those users with problems.
