Spy Journal 3.0 Filtering the web for you

In the process of upgrading Drupal sites to the latest version 6.3, I have come across a configuration difference between version 6 and previous versions.

Where before I used to put contributed modules and themes into the modules and themes folders, now they should reside under the sites\all\modules and sites\all\themes folders.

So now this makes an upgrade quite a bit easier.

Here is our process

1. For version 6 sites, check the available updates for any other module and theme updates that are required. Log into the site www.website.com/user as administrator.
2. Ensure back up is complete of both home directory and database
3. Go to admin settings, Site configuration, and site maintenance and put site into offline mode
4. Then go to administer and change theme to Garland
5. Turn off all non core modules
6. Now delete out all folders and files from public_html (within its Drupal folder) except
1. Sites (IMPORTANT)
2. Files
3. Any other non standard files or folders

Joe from Joe Tech has written an article outlining the top ten reasons he thinks the new Entrecard – SezWho partnership is great for bloggers.

Here’s a one line summary of each point – for the details read his article.

1. Your blog will get more comments
2. Comments will be high quality comments
3. You will leave more comments
4. Earn Entrecard credits
5. Check Me out – a SezWho feature
6. Reduced bounce rate
7. Backlinks
8. Its Viral
9. School of Blogging
10. It will keep you blogging

Drupal has today announced Version 5.8 and 6.3, releasing security patches to fix some security flaws.

Here is the announcement:

Multiple vulnerabities and weaknesses were discovered in Drupal. Neither of these are readily exploitable.

CROSS SITE SCRIPTING

Free tagging taxonomy terms can be used to insert arbitrary script and HTML code (cross site scripting [ http://en.wikipedia.org/wiki/Cross-site_scripting ] or XSS) on node preview pages. A successful exploit requires that the victim selects a term containing script code and chooses to preview the node. This issue affects Drupal 6.x only.

Some values from OpenID [ http://openid.net/what/ ] providers are output without being properly escaped, allowing malicious providers to insert arbitrary script and HTML code (XSS) into user pages. This issue affects Drupal 6.x only.

filter_xss_admin() has been hardened to prevent use of the object HTML tag in administrator input.

Wow – what an amazing website. Not only is the content fascinating – well to me anyway – I love old world war 1 and 2 vintage airplanes – and these machines a beauties – but the website is also a work of art. (and they are Kiwis!)

The Vintage Aviator is an amazing website. The developers have spent countless hours putting this together. There is a full description of what they did to make this work on the Drupal website.

They list all the modules they use as well as the custom modules developed and other tweaks they had to do. The developer, dman also explains how they solved the CSS issues (including ignoring some of the IE6 issues).

This is a great site – congrats to all involved.