Daniel Vena has identified a couple little security issues in a couple of the default Vanilla input filtering plugins that allows for some cross-site scripting hacks. He was kind enough to patch a start for some fixes into my Textile formatting extension, so it’s time to make sure everyone is up to date with v0.4. You can download it from my Vanilla Extensions page.

After some hacking and slashing (and knowing eventually it’ll become some sort of necessity for someone) I put together another Vanilla extension. This one lets you choose a Google AdSense ad unit to display in the panel section of your Vanilla-based forum.

Google Ads Extension (v0.1)

If there’s anyone out there who hasn’t tried Vanilla yet, you should. It’s one of the bestest forum apps out there (plus it’s PHP, GPL licensed and totally open-source). I installed a copy for myself and people are welcome to go play with it.

When Mark (yes, I’m going to talk about him like we’re the best of friends or something) put it together he did include an extension to allow people to use Markdown syntax in their posts, but I don’t know Markdown. Sure you can use HTML, but what’s the fun in playing with something like this if you can’t add onto it. So I put together a preliminary hacky version of Textile for it. So, without further ado:

Textile Extension for Vanilla, v0.1 v0.2

Update: Ichigo on the Lussumo community/support forum pointed out a bit of character encoding weirdness which should be cleared up now. (Thanks, Ichigo!)

This code is still a little rough around the edges, but it’s been working alright for me so far. It’s based on the standard wp-rss2.php code that comes with WordPress but rather than generating XML for RSS, it publishes to the Microsoft CDF format. For right now I’ve been saving this file as index.cdf and then adding this code to my .htaccess file to parse the file as PHP. I don’t know if that’s really necessary, but I figured it couldn’t hurt.

AddType application/x-httpd-php .cdf

Full source code is available here.

Update: Dreamhost appears to have one-upped the lot of us and put up a real version of how to do this on the Dreamhost wiki. Installing PHP5

There are already several different sites out there that chronicle the whole process to install PHP5 as a CGI module on a Dreamhost shared hosting account. And the one from moztips is quite good but it was missing the MySQL support. Conveniently he had explained how to do that in a Dreamhost knowledge base comment. So really this is 99% his work (and good work too, I might add), I’ve just done a little bit of housekeeping and cleaning up to package the bulk of it into a shell script that does include the MySQL support stuff in it by default (rather than having to dig about between two sources for it). This may delve into the mildly arcane, but hopefully should still be easy enough for anyone who’d think about doing this sort of thing to do with no problem.

1. Right-Click/Command-Click/etc. to download the following:
   • The Shell Script
   • The .htaccess file
2. Open the shell script in your text-editor of choice (i’m a fan of jEdit, myself) and use find/replace to replace ALL INSTANCES (notice how that’s all caps and bold?) of the following items:
   • YOUR_DH_LOGIN – replace this with your SSH login name.
   • YOUR_DH_DOMAIN – replace this with the directory name for the domain you want to install PHP5 in.
3. Rename the shell script to php5.sh and upload it to your home directory on your server, then CHMOD the script to give it execute permissions (chmod 744 php5.sh will work and keep anyone random out of it). Some FTP clients can do this, I tend to stick with the command line for it. Just my personal preference.
4. Rename the htaccess.txt file to .htaccess and upload it to the root level of your server (or into a specific directory if you want to continue using PHP4 for the rest of the site). Alternately if you’re already using a custom .htaccess file then you can just add the contents of htaccess.txt to that file.
5. Log into the server using SSH and type ./php5.sh to execute the script. Once you do this just leave your SSH window alone since it will take a good 45 minutes to an hour to actually run through everything. There will be long pauses where it doesn’t look like it’s doing much but it’s still going, trust me. Also, it will spit out streams of text and some error messages along the way, everything is going fine, though, and you’re free to ignore them unless it’s something that makes the script as a whole stop running and drops you back to a command prompt. If that happens, well, try starting at the beginning again.
6. Once all that is finished the script will create a cgi-bin directory inside the site directory and copy the php file into it as php.cgi. Right now the script tries to make the cgi-bin directory, and if one already exists it will freak out and not copy the php file into it. So if you already have a cgi-bin you’ve got a couple options.
   • Rename your existing cgi-bin and copy the existing scripts into the new one that will be created.
   • Copy the resulting PHP file on your own from /home/YOUR_DH_LOGIN/php/bin/php (which is a file with no extension) to wherever you want it and rename it to php.cgi.
   • Change the name of cgi-bin at the end of the shell script to another directory name.

   If you go with the third option you’ll need to either move the file manually or tweak the directory path in the .htaccess file too.

7. After that you should be all set, just make yourself a test page that calls phpinfo(); and enjoy the fruits of your labor.