November 23, 2010 by Alistair Deneys
Today I’ve made a new release of the EviBlog Sitecore shared source module.
Release 1.6 includes the following bug fixes:
- Comment display on website contains an XSS vulnerability. Used Microsoft’s AntiXSS library to properly escape the content before putting it on page.
- User comments were being displayed as a single line, removing line breaks entered during comment submission – fixed
- User comments in the CMS were displayed as a single line text field so authors couldn’t see line breaks from input – fixed
- If a user entered invalid name characters in their name the module would throw an exception as the comment item name is based on the users name. Filter the input name to make sure valid characters are used or substituted.
- The following new features have also been added:
- WCF service and client to allow submitting comment from a delivery server back to the authoring server in a multi-server setup.
- New setting in config include file determines if WCF is to be used or not.
- Capture comment author’s IP address for auditing.
- I’ve updated the documentation on the Trac wiki to detail how to setup the WCF server and client for deploying to a multi-server environment which you can find at http://trac.sitecore.net/EviBlog/wiki/MultiServerSetup.
Nick Wesselman has also made a release of his Youphoria branch which you can read about on his blog over at http://www.techphoria414.com/Blog/EviBlog-Youphoria-Branch.aspx.