In ExSite 3.4 and earlier, encryption was a pure-perl implementation of the TEA algorithm.  This failed on 64-bit architectures because it was strongly dependent on machine word sizes, and Perl 5 does not offer enough control over word size to maintain the integrity of the algorithm.

The work-around in ExSite 3.5 is to use an external encrypter, which is just the TEA algorithm written in C.  On 64-bit servers, you sould compile crypt_tea.c and leave the binary in cgi-bin for it to work.  On 32-bit servers, the old pure-perl algorithm will continue to be used.  If using ExSite::Crypt, the API should be the same no matter which underlying engine is used.

WARNING:  The pure-perl and C encrypters are not cross-compatible in their results so be careful about long-term storage of encrypted data when migrating sites from 32-bit to 64-bit machines.  It may be necessary to temporarily decrypt stored data, and then re-encrypt on the new server.  The number of mixing rounds for strong encryption has been increased from 32 to 64 in the 64-bit version of the Encrypter, on the recommendation of some cryptanalytic sites.  Note that that ExSite does not store anything encrypted by default, so default installs should not have any problems.

All CGI program names should be taken from $config{prog} instead of hard-coding the CGI program name.  For example, use "$config{prog}{page}" instead of "page.cgi".  The purpose of this change is to make it easier for some installs to change their CGI program names to suit local requirements.

page.cgi now supports path-based page specification, eg. /cgi/page.cgi/section/page.html.  The purpose is to lay the foundation for building more user-friendly URLs on dynamic pages.

A related experimental feature is to prepublish dynamic pages, ie. publish them to their page filename, but leave dynamic tags unresolved.  The dynamic tags are then expanded when the page is viewed.  In combination with the feature mentioned in the previous paragraph, this allows for some straight-forward mod_rewrite trickery, in which your dynamic pages appear to be static.  For example, if dynamic.html is a dynamic page with unresolved CMS tags, then the URL

http://foo.com/dynamic.html

Could (via mod_rewrite) translate to:

http://foo.com/cgi/page.cgi/dynamic.html

If static pages are run through page.cgi in the same way, nothing happens, because they contain no tags to act upon.

The miscellaneous routines for setting and fetching cookies have been replaced with a simple and versatile cookie managment system.  ExSite now uses a tied hash called %cookie to hold all cookies it knows about in the current request.

To read the value of a cookie, simply look up its value in this hash.  To set a new value, just set the hash value.  ExSite takes care of issuing the appropriate cookie header so that the value will persist.  To remove a cookie, delete it from the hash, as you would any other hash key.

The older cookie-handling routines are still in place, but are deprecated, and will be removed at some point in the future.

Here is the executive summary of new feature sets in ExSite 3.5.  These will be further detailed in future blog posts.

Control Panel Updates
Your plug-in control panels will pop up in separate windows now.  That makes it easier to work with several plug-ins, websites, or pages, at one time.

HTML Editor
Tables and other special formatting HTML is now quietly highlighted in the HTML editor to make it easier to tell when your cursor is in the right cell.

Captchas
Web forms can now support "captchas", which are the puzzles that make you type in some distorted text to prove that you are not a robot.  This helps to reduce the incidence of spam that is posted via your web forms.

Search
New integrated search capabilities allow you to search through your specialized plug-in data (for example, your member profiles, comment archives, or event calendar) using the regular web site search tools.

RSS
New RSS tools allow you to post RSS feeds, and integrate RSS feeds from other websites into your site.  RSS feeds are ways of publishing your headlines and links so that other sites and news readers can see your updates quickly.

e-Zines
New e-Zine tools give you more options for formatting and layout of your articles, forums, and blogs.  Other new features include unlimited attachments on articles and comments, emoticons, captchas for public comments, and automatic RSS feed generation.

Internationalization
ExSite now has better multilingual capabilities, especially for Asian languages.

Performance Upgades
ExSite has been upgraded to run on powerful 64-bit servers.

The month-by-month browsing has been improved by use of a drop-down selector to jump ahead or back by up to 3 months at a time (this number is configurable).  This is faster than the one month forward/back buttons that were used previously.

An image/logo/photo can be uploaded for each event now, and is displayed in the normal event preview.

Lastly, events can now be managed by regular members, if the web site allows it.  This is for community web sites in which the members can add their own events to a community calendar so that other members can see it.  The site owner is notified by email when events are added.

Version 3.4.6 is in production and running all supported web sites.  New features that are visible to end-users:

MySite now supports multiple website management under a single login ID.

Surveys can now customize the email template for survey responses.

SimpleRegistration now has special confirmation pages.

SiteBuilder is a new and improved tool for non-admins to create their own websites.

ImageRotate is a new tool to run an animated slideshow, with fades.

PhotoForum is new tool to allow photo sharing in an online community.

Icon Handling

Icons on the webtop and Website Manager are now floating, so they should not cause horizontal scrollbars to appear on low-resolution monitors, as they used to.  However, icons with long names without spaces may have their names clipped to fit within the alloted space for the icon.

Menus

There is now a Submenu-only option for SimpleMenu-generated menus.  This creates a menu consisting of the child pages of the current page. (The regular submenu option shows the submenu if it exists, and the current menu level if not.)

Control Panels

We now have a standard set of HTML user-interface controls, including tabs, frames and boxes, collapsing elements, icons, and help popups.  Plug-in control panels are being updated to use these for a more standardized user interface.

HTML Editor

The editor now has easy-to-use drop-down selectors to add special characters and formatting codes, including accented letters, symbols, hrules, and linebreaks.

Image Management

New PhotoAlbum plug-in provides flexible and powerful tools to manage libraries of images.  Includes tools to upload images, scale uploads to various web-ready sizes, make thumbnails, and manage captions.  Compatible with various album viewers, such as Gallery, SlideShow, and StripGallery.

New StripGallery plug-in gives you a flexible image viewer embedded into your page.  By default it displays your thumbnail previews in a scrollable strip, with a viewing area to display the selected image.  There are many options to change the orientation of the thumbnail strip, and position of the viewing area.

We recently clarified the differences between "Revisions" and "Versions":

• Revisions are successive updates to content (eg. latest revision compared to last week's revision).
• Versions are alternative presentations of the same content (eg. English version and French version).
  

"Publishing" is now equivalent to "approving a revision for public view".  Publishing a page approves the newest revisions of every content item on that page.  Publishing a whole section approves the newest revisions of every item in that section.

Previously, some content items were ignored by the publishing tools (eg. text items that were inlined into the main HTML instead of written out as separate files).  Now these items are marked as published even though they are not written out to files.  That publish timestamp serves as an indication that the revision is approved for public view.  When creating dynamic page views for the public, we only use the published versions of all content items, including inlined text content.  That means  that updates to the page body will NOT appear publicly until an  administrator has published the page (even though publishing a dynamic page may not result in any files actually being written to disk).

Page/content prefetching and caching are used to improve the speed at which pages are rendered.  This should at least double the speed at which dynamic pages and administrator previews are generated.

Website Manager menus were redesigned, as the old versions were very slow under Windows IE.  (The menus would not appear until all images and content on the control panel was loaded; this has been corrected.)  Page reloads may be required to get the latest version of the stylesheets and menu code to make the new menus work.

We also no longer bother republishing files that have already been published.

Installed numerous improvements to the Questionnaire framework.

Fixed image preview and upload problems in the editor image dialog.

Improved the Document plug-in for more user-friendly selection of the library to index.