Changes

Summary

The goal of UTF-8 CuteNews is to provide you a safer and better experience with the popular Content Management System CuteNews. Because the original author of CuteNews seems to have given up on official development plans, the goal of UTF-8 CuteNews is to fix security flaws as well as provide better international support.

This page lists all of the changes that were made from the basic CuteNews 1.4.6 to UTF-8 CuteNews and tells you why you should change to UTF-8 CuteNews.

Internationalization

CuteNews does not display all foreign/local characters (any letters with accents, or languages not using the A-Z alphabet) correctly. UTF-8 CuteNews is valid in every encoding and all characters are displayed properly! You don't have to create list replacements or any other strenuous workaround.

With this, people can view your articles without any problems and can also comment in their native symbols. You can use foreign symbols for nicknames and category names and your RSS feed is valid, no matter what characters you use.

Foreign characters are displayed properly in news articles, comments and nicknames.

Security & Stability

The downside of CuteNews' popularity is that it is in the focus of many hackers. The main changes from CuteNews 1.4.5 to 1.4.6 were security-related. Despite these changes, numerous security flaws still exist in CuteNews 1.4.6 - input is not filtered and checked correctly in the administration area, which allows users to execute PHP code on your server! With UTF-8 CuteNews, an effort is made to check input properly and to fix these security holes.

Moreover, UTF-8 CuteNews contains a feature which allows you to ban an IP address after too many unsuccessful logins. This way, brute force attacks¹ can be prevented.

The login ban feature in UTF-8 CuteNews prevents brute force attacks.

CuteNews still contains various bugs. Certain input is not filtered properly and may desynchronize the CuteNews database. At another place, an administrator could delete CuteNews core files through unfiltered input. What's worse, users can register as already existing names, as long as they use different lower- and uppercase (e.g., if there is a user name called "Thomas", one could register as "ThomAs").
All of these bugs, along with several minor ones², have been fixed in UTF-8 CuteNews.

Transparency & Ongoing Support

Users know what has changed from one version to another thanks to the change log. Any known bugs of CuteNews or UTF-8 CuteNews specifically are fixed as soon as possible and you can stay up to date thanks to the news window in the main administration page.

UTF-8 CuteNews is supported as well as the standard CuteNews 1.4.6 on the official CuteNews support forums, except that the flaws are continually fixed in UTF-8 CuteNews - because, unlike the original CuteNews author, UTF-8 CuteNews' author hasn't vanished from the forums.

Advantages

UTF-8 CuteNews provides you a safer, more stable experience. The look and feel in UTF-8 CuteNews remains the same as in CuteNews. The powered-by line will also NOT be disabled if you own a license.

Upgrading to UTF-8 CuteNews is very easy, and, should you not like UTF-8 CuteNews, you can change back to CuteNews 1.4.6 without any incompatibilities. (Be sure to leave me a message if you don't like UTF-8 CuteNews!)

Additionally, users can now search again³ in characters other than A-Z, 0-9 and the hyphen (-). This is a big advantage for people who use characters other than the basic Latin alphabet!

The search function in UTF-8 CuteNews allows users to search in their characters.

» UTF-8 CuteNews download page

Notes

¹ Brute force attack: Trying out all possible passwords (e.g. an automated process trying to login with words out of the dictionary). More information thereabout is available on Wikipedia.

² Additional bugs include the character | being replaced as I, wrong input which can create PHP error messages, administrators being able to delete themselves (this is probably not a bug, but an additional security measure added in UTF-8 CuteNews), some minor PHP error messages, PHP error messages when the PHP version is >= PHP 5.3.0, some article titles not shown properly in Edit News when they contain a single-quote ('), $PHP_SELF in index.php does not take effect everywhere, unescaped HTML in error messages, e-mail inputs are not checked properly. UTF-8 CuteNews also contains some tidied HTML and some English mistakes are fixed.

³ Characters outside of A-Z, 0-9 and - were disabled because a hacker could gain login details by injecting code into the search form. In consequence, this input check was issued, which is far too strict, however. Despite the fact that more characters are allowed in the search form in UTF-8 CuteNews again, it does not represent any security risk whatsoever.