A new release of mojoPortal is available from the download page.
We have released version 2.0.1 for Windows/2.0 .NET and version 1.0.1 for 1.1 .NET or Mono.
There are some significant upgrade issues to be aware of if upgrading from previous versions see below for details.
Changes for the 2.0.1 version
-
MasterPages, previously we were using Paul Wilson's MasterPages which made this an easy change
-
Themes, using a custom VirtualPathProvider and VirtualFile, I am storing the theme.skin files in the same folder with the other skin elements like layout.master and style.css and images under ~/Data/Sites/[SiteID]/skins/[skinname] instead of in the default App_Themes folder. Themes give you awesome control over the visual properties of all the built in server controls. I have stubbed out most of the server control properties in the skin.theme files with the default properties to make it easy for designers to know what properties are available.
-
I implemented a custom SiteMapProvider and am now using the new ASP.NET Menu control for the menu instead of skmMenu. The skmMenu is still there if you want to use it there is a setting to allow that and you can also use the new TreeView control for the menu if you wish.
-
I reduced the number of included skins but the ones I kept are all using css layout with no tables.
-
I removed table layouts from most of the modules and supporting pages except where displaying tabular data
-
The site is in general now XHTML compliant though it may still be possible in some cases that you could manage to get non compliant markup into the database. To get my sites compliant I had to do some cleanup of existing content in the db.
Changes for both 2.0.1 and 1.0.1 versions
-
Update to the latest version of NeatUpload, the awesome upload control by Dean Brettle
-
Dean Brettle has developed a new Cross Site Scripting (XSS) prevention technique called NeatHtml that is included in this release.
-
The last release added support for LDAP Authentication against OpenLDAP contributed by TJ Fontaine, this release we add support for Active Directory authentication as well as regular Windows NTLM authentication with help from Haluk Eryuksel, who also contributed the Turkish translation
-
Joseph Hill added a whole new data layer for SQLite and also provided a feature to expose the forums as RSS
-
I implemented a feature to automatically create initial site data for new installations and when creating new sites. Previously we had separate data creation scripts for each data layer and over time they had become inconsistent. This feature eliminates the need to maintain data creation scripts and makes the initial data consistent no matter which data layer is used. The initial data is retrieved from text files with a .config extension stored under Data/MessageTemplates and can be localized or customized
Numerous other little changes and fixes have also been done. If any of you think of anything major I've forgotten to mention let me know and I'll update this post.
For the current release, there will be no difference in the data schema between the 1.0.1 and the 2.0.1 versions but going forward the 2.x branch will begin to diverge as I add tables and columns to support the Personalization and Membership APIs and other plumbing to prepare for converting the modules into WebParts.
IMPORTANT UPGRADE ISSUES:
As always be sure and backup both your web site and your db before attempting an upgrade. Ideally you would perform the upgrade on a copy and then cut over to it if all goes well.
In previous versions of mojoportal I had some not so well implemented strategies for preventing Cross Site Scripting (XSS) that included storing content in the db as HtmlEncoded. In the new design, all content it stored raw and XSS prevention is used prior to displaying the content. The benefit of storing the content raw is that we can continue to come up with new techniques of XSS prevention without modifying the data. Any XSS prevention technique that modifies the data on the way into the db makes it harder to improve the strategy over time. The problem this poses for upgrading is that some of your content may currently be HtmlEncoded in the db and since we are no longer decoding it on the way out it will display as markup rather than render correctly. To address this issue we have created a Utility page to decode existing data. You must first login as administrator and then navigate to siteroot/Admin/dbUtils.aspx to see the utility. The utility page has full instructions for its use right on the page. For security purposes the page requires that you be logged in as site admin and also you must enter the correct connection string for your db to use the utility. You can copy this from your web.config file and paste it in. Note that you should only use this utility if you see encoded content after the upgrade. If your content looks correct there is no need for you to use this utility.
Additionally if any of your existing content has anything potentially malicious or even poorly formed html you me see error message from NeatHtml and you may need to edit the content to fix it. There is also a utility to help you find existing content that is not valid according to NeatHtml. As with the decoding utility above, you must login as site admin and navigate to siteroot/Admin/ContentValidation.aspx. Enter the connection string there and click the button to search for invalid content.
Myself, I had several hours of work cleaning up content in this site during the upgrade. In some cases it was sufficient to just open the content in the editor and save to correct the problem, in others the problem was caused by users copying html fragments from error pages and pasting them in the forum without using the past as text toolbar to strip out the markup. Many of those cases could be fixed by cutting the content and re-pasting using the paste as text toolbar (in fckEditor this is the one with the Clipboard and a T). In a few cases I had to go into the db to clean up things like blog comments because we don't currently have an editing feature for these in the UI.
I think my experience may have been made more difficult by some other issues such as numerous svn upgrades along the way and I think I ran and early version of the decoder utility too many times on my data which messed it up in some cases. Also my joeaudette.com site shares the same db and has some old content that was originally migrated from Rainbow portal. In short I'm hopefull that your upgrade won't be as challenging as mine was but I want you to be aware of the potential issues and work involved to resolve them. Don't forget to backup first!
Finally, after the upgrade, due to some of the above issues you should also re-build the search index for your content. To do that, delete the files from ~/Data/Sites/[SiteID]/index and then when you try to search it will re-build the index, wait a few minutes after that before searching again.
If you have any troubles please post in the forums and we will try to help. Those doing a clean install don't need to worry much about these upgrade issues.