EllisLab text mark

Managing Menus Masterfully

In ExpressionEngine versions one and two you could customize the control panel main menu.

Due to this flexibility a person could mimic the “drowing_in_icons” desktop effect with little effort, in turn making the menu less useful, in spite of its flexibility.

When I started working on the control panel for version three, I wanted to make the cp responsive, take away the “flexibility” of the menu, and curate a more consistent user experience. My heart was in the right place, but my head was

Continue Reading

ExpressionEngine Conference 2016 Call for Papers

Madison Event Center auditorium

The ExpressionEngine Conference is coming to the midwest this year on October 3 & 4th. Details for attendees will be made available soon via the conference website. This year we’re lending a hand in getting the best speakers and presenters. We sent out a call for papers via our newsletter and Twitter, and the response has been great. The lineup is looking fantastic so far!

If you haven’t submitted your proposal to speak yet, there are only 10 days left to do so. And the bar has been set high

Continue Reading

ExpressionEngine 3.3.4 Released

We’ve just released ExpressionEngine 3.3.4. That’s 3.3.4 not 3.4.0. The 3.4.0 release is in developer preview for a wee bit longer.

Here are the highlights:

  • Security fixes in the control panel for potential SQL and XSS injection vulnerabilities. Hat tip to the dedicated folks from HackerOne who found a few more ways we could better secure our control panel! Security reports are always appreciated.
  • The publish page’s file modal now searches in all the things, as long as the things are file

Continue Reading

ExpressionEngine 3.4.0 Developer Preview

Developers now have their hands on a preview of ExpressionEngine 3.4.0. The primary reason for a developer preview is a new feature available to third-party developers: custom control panel menus.

custom control panel navigation items

Third-party developers can now add control panel navigation items with a dead simple API. It allows the creation of single item menus, dropdown menus, fuzzy search filtering, and call to action items.

$sub = $menu->addSubmenu('Widget Maker');

foreach ($widgets as $id => $title)
{

Continue Reading

ExpressionEngine 3.3.3 and 2.11.2 Released

Just in time for the summer months, we bring you the latest, greatest, most palindromic of stability releases.

Notable changes in version 3 include:

  • The file modal search box has finally found its purpose in life and has decided to become an ExpressionEngine file modal search box.
  • Member group locking has been locked down and works consistently across the application.
  • Entry status hex color variations are a little less colorful and a lot more valid.

The version 2 release is purely

Continue Reading

CartThrob 3.0.2 Released

CartThrob, a flexible e-commerce solution for ExpressionEngine, has just been updated to version 3.0.2. This is a patch release, and here are the details:

  • FIXED: Clicking payment gateway selection checkbox labels caused all gateways to be selected
  • FIXED: missing fieldtypes in installer causing Grid_lib accepts_content_type error when trying to create new channel fields
  • FIXED: installer “Unable to locate the files needed to install this module” errors
  • FIXED: Required field form errors do not

Continue Reading

MySQL 5.7 on OS X: Server Has Gone Away

Exception Caught

SQLSTATE[HY000] [2006] MySQL server has gone away
/system/ee/legacy/database/drivers/mysqli/mysqli_connection.php:82

Have you seen this error show up randomly while working in your local environment? I started getting this error randomly after updating to MySQL 5.7, and it’s really bugged me. I finally tracked it down so I thought I’d share my frustration and make this issue a bit more discoverable. MySQL and Unix internals are not my wheelhouse, so if I get some details wrong, please let me know so I can correct them.

tl;dr: MySQL 5.7 will break on OS X after too many connections are left open within eight hours. Restarting the server will fix it until the next time this occurs. You might be able to prevent this by dramatically reducing MySQL’s interactive_timeout and wait_timeout.

Continue Reading

HTTP_HOST and SERVER_NAME Security Issues

Many PHP sites rely upon the HTTP_HOST or SERVER_NAME variable to define the domain for any URLs. For example:

<a href="<?=$_SERVER['HTTP_HOST']?>/blog/">Blog</a>

That URL would render as whatever domain you’re on, followed by /blog. That’s a really handy trick when the site runs on multiple environments (e.g. your local install, your co-worker’s local install, the development server, and the live site).

The Problem(s)

That sounds really convenient, but there is a problem. The

Continue Reading

ExpressionEngine 3.3.2 Released

We’ve just released ExpressionEngine 3.3.2. Here are the highlights:

  • Saving entry revisions is now so automatic that we removed the “Save Revision” button.
  • Member Groups took their ginko biloba and can remember the Allowed Channels for other sites when updating Member Groups on a different site.
  • Markdown <pre><code> blocks temporariliy only displayed temp, they too took their ginko biloba.
  • Disabled checkboxes should no longer look as enabled as enabled checkboxes do, which definitely never

Continue Reading

ExpressionEngine 3.3.1 Released

Let’s get down to business: ExpressionEngine 3.3.1 is out, here’s why you should update now:

  • Logging is now more verbose and will regale you with tales of users changing passwords, email addresses, member groups, and logging in as other users.
  • We eliminated some extra, duplicate, and redundant queries that were unnecessary when editing templates that are saved as files.
  • Fixed a security bug where logged out users could be shown altered system messages. (What? It’s a security bug, we don’t

Continue Reading