EllisLab text mark

HTTP_HOST and SERVER_NAME Security Issues

Many PHP sites rely upon the HTTP_HOST or SERVER_NAME variable to define the domain for any URLs. For example:

<a href="<?=$_SERVER['HTTP_HOST']?>/blog/">Blog</a

That URL would render as whatever domain you’re on, followed by /blog. That’s a really handy trick when the site runs on multiple environments (e.g. your local install, your co-worker’s local install, the development server, and the live site).

The Problem(s)

That sounds really convenient, but there is a problem. The

Continue Reading

GeeUp 2016: Automated Testing—It’s Not Just for Programmers

Kevin Cupp: Automated Testing

Adding features or making changes to a web site or app can cause anxiety. What if you break something and cause a bug? This week at the GeeUp conference in Leiden, EllisLab engineer Kevin Cupp will demistify automated testing. He will show you how you can know right away if your new changes are really working, increasing trust and stability of your code base.

The benefits of automated testing go beyond a programmer’s code. Kevin will also share some tips for automating tests that can help

Continue Reading

ExpressionEngine 3.3.2 Released

We’ve just released ExpressionEngine 3.3.2. Here are the highlights:

  • Saving entry revisions is now so automatic that we removed the “Save Revision” button.
  • Member Groups took their ginko biloba and can remember the Allowed Channels for other sites when updating Member Groups on a different site.
  • Markdown <code> blocks temporariliy only displayed temp, they too took their ginko biloba.
  • Disabled checkboxes should no longer look as enabled as enabled checkboxes do, which definitely never looked

Continue Reading

ExpressionEngine 3.3.1 Released

Let’s get down to business: ExpressionEngine 3.3.1 is out, here’s why you should update now:

  • Logging is now more verbose and will regale you with tales of users changing passwords, email addresses, member groups, and logging in as other users.
  • We eliminated some extra, duplicate, and redundant queries that were unnecessary when editing templates that are saved as files.
  • Fixed a security bug where logged out users could be shown altered system messages. (What? It’s a security bug, we don’t

Continue Reading

ExpressionEngine 3 E-Commerce is Here

Starting today you can get CartThrob for ExpressionEngine 3 in our store. Build content-first e-commerce sites with the most flexible CMS on the planet.

E-commerce for ExpressionEngine with CartThrob

When you use ExpressionEngine, you expect things to be flexible. To fit your design. To be secure. To have a great visitor experience that you have total control over. Why should you compromise those standards when you add e-commerce to your site?

CartThrob is a flexible e-commerce add-on, powered by ExpressionEngine. With the combination

Continue Reading

Introducing the Default Theme

ExpressionEngine is a powerful tool, perfect for skilled developers and designers to jump in and make their static website dynamic.

What about the person who just wants to put up a blog, fast?

That’s where the new default theme comes in.


The main goal with the default theme was simplicity. Something that looks good out of the box, but that wasn’t over designed or hard to change. The default theme had to be a starting point.

Towards this goal we made the design and structure

Continue Reading

ExpressionEngine 3.3.0 Released

This release represents one of the most productive releases by our team to date, and with it comes a bunch of new features. If you just want to download and get started right away, head on over and download it now. If you’d like to see what’s new, keep reading.

Channel Sets

Channel Sets

James talked about these last week and we’re very excited to see what you can do with Channel Sets. In a nutshell: Channel Sets allow you to reuse the structure that makes up a (group of) Channel(s): Field Groups,

Continue Reading

Introducing Channel Sets

I’ve built a lot of sites with ExpressionEngine. I love ExpressionEngine.

One thing that’s always been a hassle when building a new site is making all the custom fields and channels from scratch. It’s repetitive. Making new channels and fields is especially repetitive when you’ve already built fifty blogs/calendars/portfolios/etc.

In ExpressionEngine 3.3, we’re introducing Channel Sets.

With Channel Sets you can export a Channel or set of Channels. Then you can import that set into a new

Continue Reading

Time to Upgrade PHP

Now that both ExpressionEngine 3 and ExpressionEngine 2 are compatible with PHP 7, you may be wondering whether it’s worth the trouble asking your host to upgrade PHP. Why fix what’s not broken, right? If your host is resistant, certainly it’s not worth shopping for a better host, right?

There are three common myths for not updating your PHP version:

  • Web hosts don’t offer the newer version.
  • You don’t really gain a lot.
  • Things will break.

Let’s dispell these myths.

Continue Reading

Only 7 Days Remain To Join Us at Peers!

In its fourth year, Peers Conference has hit its stride, and we are happy to be sponsoring once again. Join us April 13–15 in St. Petersburg, Florida for one of the more unique tech conferences around.

St. Petersburg, FL sunrise

Instead of the same old talks you’ve heard before, Peers is more of an opportunity to learn from your industry equals. People in the trenches just like you. Nearly half of the presenters are #womenintech. Its organizers understand that our industry is stronger when we help each other.


Continue Reading