Today, Benjamin finally released the security fix version 0.94.1 of my new toy, SemanticScuttle .
SemanticScuttle is a php-web-based bookmarking tool one can use to collect links and use them from every computer with internet access. Bookmarks can be public, private and shared (visible for registered users).
I needed such a tool for my personally as well as at work where we just needed something to share bookmarks. Online services were no option since we share "secret" links to server administration tools and so. SemanticScuttle did what we needed, but lacked LDAP authentication support. I quickly wrote a patch, and since then Scuttle became a part of our daily work life. (That's why Open Source rocks. Something missing and nobody around to do it? Fix it yourself within hours!)
After getting it running at work, I installed it on my laptop and was a bit disappointed: E_NOTICEs here and there, unfreed sql results and some strange hacks needed to get URL rewriting to work properly. Also the code was a bit of a mess - I am really used to pretty code, formatted according to the PEAR Coding Standards , and the Scuttle code just looked awful.
So what does a hacker do? Hack on it and fix the issues. I did that, and a couple of days later, the SemanticScuttle bug tracker had 10+ new patches. Unfortunately, nobody applied them. Then I got in contact with Benjamin, the project's current maintainer who told me that time was rare and that I could get access to svn and prepare the next release with all this bug fixes.
The next weeks I did just that and on October 2nd version 0.94 got released, fixing 16 bugs and implementing one feature request.
0.94.1
I thought I'd stop now and go back to my other OSS projects and were already on the run when I got a mail from Benjamin telling me that someone contacted him who was willing to pay for a bookmark voting system. That was an offer I did not want to decline, and got in contact with him.
After the details of the voting system were laid out, I began hacking and - while I was at it - fixed the unit tests, wrote new ones, cleaned up the Services section, gave the whole thing a new file layout where you now only have the files in the web root that are needed there and fixed bugs here and there.
While programming the voting code, I stumbled across some serious Cross Site Scripting (XSS) issues. After fixing them in trunk, I ported them back to 0.94. Benjamin released that security fix release as version 0.94.1 today. If you have a SemanticScuttle installation, update it!
0.95
The next version, 0.95, will be released in the near future. It will be a mainly feature release with a new voting system, the completely revamped directory layout (which lays base for PEAR-packability) and perhaps some more features I'm not yet sure of. Here are some screenshots:
Layout #1:
Layout #2:
