Movable Type 2.6

Movable Type 2.6 was released today. Well, it was Thursday when I started the upgrade, anyway.

It was a pretty simple upgrade from 2.5 to 2.6. Everything is running smoothly, although when I rebuild all files, I get the following error message several times at each stage of the build.

MT::App::CMS=HASH(0x8378b7c) Use of uninitialized value in substitution iterator at lib/MT/ line 387

Unfortunately, I don’t know enough about Perl to easily debug it. I just posted about the problem on the MT forums.

It’s not urgent, though, since everything seems to work okay.

Anyway, this was just an FYI that the MT 2.6 upgrade is available and seemingly usable on a DreamHost shared server.

It turned out to be a bug. Ben has already fixed it in the distribution. See the forum link in my previous post for details.

I’ve posted my MT 2.5 to 2.6 upgrade notes, which are also linked to from my MT 2.5 install notes.

[color=#CC0000]Important Security Note[/color]
Make sure you clean up any backup files created by your text editor. I have updated my 2.5 install notes to include appropriate instructions.

With Movable Type, you put your database password into a file called mt-db-pass.cgi. If you edit that file and save it with Emacs, you will get a mt-db-pass.cgi~ file with the original file contents. If a hacker guesses your directory structure, she can just ask the web server for that file. Since a .cgi~ file is nothing special to the web server if it is in an ordinary directory, it will serve it up just like a regular text file. Trust me, I recently discovered and confirmed this on my site. :blush:

Even if you changed your password in this file while editing it, a hacker would get the previous password, which might provide a clue to your new password or be a password you are using elsewhere. The worst case would be if you saved the file without changing the password.

Be sure to immediately remove editor generated backup files if they contain sensitive information. This is obviously not specific to Movable Type files.

This re-examination of file security was triggered by my discovery this afternoon that someone appears to have obtained the password I had been using with my blog and used it to post to my blog with my PhoneBlogger tool.

Hi there, I have yet to sign up to DH and would like to use Movable Type for my weblog. I’m planning to have the weblog as a subdomain, and would like to know if there would be any technical difficulties in doing that. Thanks.



I set up almost all of my blogs that way (at least on my personal host, not the DH domain I maintain for work). Works great.

However, the best way to avoid technical difficulties with an MT installation is to read the extremely useful instructions kindly provided by DH denizen Robert:

Note his warnings about removing temp files (note: pico doesn’t seem to create temp files by default, and for what you’re doing to the MT files, pico is more than adequate; however, if you crash pico, it will save files with a .save suffix, so watch for those).

The best way to avoid technical difficulties is to write your own ;D

sorry, MT is good though… it’s more fun making your own.

It may be fun rolling your own – to actually set-up a program with all of MT’s features is not a task anyone should look at lightly, though.

And… avoiding technical difficulties by writting your own does not compute. I am a fairly good PHP programer, and a tolerable Perl one – I can honestly say to get a program half as good I would have had to spend at least 10 times as much time writting and debugging the system as I’ve spent on customizing MT – including the plug-ins I’ve written and source code hacks (written or simply added), and every upgrade from 1.4 to current. (Or nearly every: think I missed at least one when they were fairly close together :wink: )