Yesterday was the last day of our safari support effort. Unfortunately we have collected pledges for only $225 so neither the initial target nor our backup target were met.

We will evaluate other options of getting a Mac and implementing Safari support but no timeframe could be set at this point.

In case you are the one of those nice people who made a pledge, your credit card (or other source) wont be charged. Thank you very much for trying to help! And don’t forget that no matter that fundraising effort failed, you are entitled to 10% discount on any commercial license and this discount could be combined with other discounts (like at the time of this writing we are running CeBIT promotion with enterprise license selling at 199 euro instead of 250 and you can get additional 10% discount so the price would be less than 180). Drop us a line to spaw@solmetra.com to get your coupon code.

SPAW Editor PHP Edition version 2.0.3 is available for download from our download page

We have added a feature to customize predefined colors in colorpicker,
implemented an optional feature to convert special characters to html entities like ©, —, etc., and brought back highly requested quick image insert feature from SPAW 1.x. Fix for an ugly bug when editor wasn’t usable over HTTPS under Firefox is also included.

Not everything what was planned for this release was implemented but we thought that these changes are too important to just sit on them while we implement other features and fixes.

Here’s a complete change log:

1. FEATURE ADDED: optional feature to convert special characters to respectable html entities like © etc.
2. FEATURE ADDED: added a feature to quickly insert an image (in SPAW 1.x style)
3. FEATURE ADDED: predefined colors in color picker dialog could be customized
4. BUGFIX: removed unnecessary empty lines at the end of most language files
5. BUGFIX: numbered list items where rendered with value=”-1″ under Firefox
6. BUGFIX: SpawFm plugin: removed empty spaces in the end of include files
7. BUGFIX: under Gecko content area wasn’t editable after the first load when working over HTTPS
8. BUGFIX: additional bugfix for https under firefox issue: images were rendered as broken in editor
9. BUGFIX: SpawFm plugin: files were not listed when using HTTPS with Firefox
10. BUGFIX: SPAW usurped document’s mousemove and mouseup events
11. COSMETIC FIX: removed extra quote from the dialog_footer.tpl in spaw2 theme

It has come to our attention that someone named Hasadya Raed
has posted reports of remote include vulnerability in SPAW Editor PHP Edition version 1.2.4 in numerous places on the web (or at least they were copied from some source) like this

The report states that the file img_library.php is vulnerable because
it includes following lines:

include $spaw_root.’class/util.class.php’;
include $spaw_root.’class/lang.class.php’;

Since he found these lines he should have noticed that right above
them there’s a line like this:

include ‘../config/spaw_control.config.php’;

And any working copy of SPAW Editor MUST HAVE the file config/spaw_control.config.php and almost at the beginning of that
file there’s a line

$spaw_root = realpath(dirname(__FILE__).”/..”);

which defines $spaw_root variable which is later used in the lines stated as vulnerable.

While we accept that there is a very theoretic possibility that somebody just extracts SPAW’s archive into some directory and then don’t even tries to configure it but exposes this “installation” to the world and has register_globals set to “on”, we believe that this situation is so unlikely that it doesn’t deserve to be claimed as security threat and be spread all over security-related web sites.

We haven’t received any comments from Hasadya Raed so far. I will update this post if there are developments on this matter.

Our friend at amCharts.com has just released his second chart control in his collection of the beautiful eye-candy flash charts: Line & Area Chart

You can use these charts in conjunction with any server-side technology. You just have to output the values in XML or CSV formats. And best of all you can use fully functional version of the beauty absolutely free of charge (if you don’t mind a small link back to amCharts.com).

In addition to Line & Area Chart there’s also a Pie & Donut Chart which is as beautiful and as versatile as this one.

You can also help spread the word about amCharts by posting a link on your site, blog or forum and by digging this post on Digg.com

Half of the term for our fundraising effort to buy Mac to try and implement Safari support in SPAW Editor has passed but we only have pledges for less than 25% of the target amount. Judging from these numbers logical conclusion would be to assume that there’s no real interest in Safari support and investing significant amount (at least in this project terms) into this feature wont be highly appreciated by the community.

Sure, theoretically this could change in those 12 days that are left but something tells me that it’s not going to happen.

However we do understand the importance of support of all possible browser platforms. So, here’s the deal: if by the end of fundraising period (March 18, 2007) we will have pledges for at least 50% of the amount we will pledge the remainder ourselves.

In case you really want SPAW to work under Safari or know someone who is not aware of this effort or have a blog or participate in some forum where community would appreciate this feature, you or your friends or hardcore Apple fans or even Apple representatives can make a pledge of $25 or higher by visiting the page of this effort at fundable.org

You can find more information on the effort in the initial post.

And don’t forget that all donors (even if we don’t collect the amount and you won’t be charged anything) will get 10% discount on any commercial SPAW Editor license. So, if you were planning to purchase an enterprise license you will actually save money by donating $25! And if our campaign still fails you will just get 10% without spending a cent simply for showing good will.

If you make a pledge don’t forget to drop us a line at spaw@solmetra.com so we can send you a coupon code for your 10% discount since we can’t see your full email in fundable.org’s interface.