Do we need another blog software? well, it depends on what you really expect from blogging tools. If you’re absolute end user who use blog software just for blogging, then you have more than enough.
But if you need to do more or you want to add certain customizations or you’re a never-satisfied programmer, then you’d want to have choices.
You’d better take a look at this, a new open source blogging software, Habari.
The Swahili word habari translates to ‘news’, as in ‘what’s the news?’ Blogs — personal and professional — are all about spreading the news, so what better name to apply to blogging software?
Habari represents a fresh start to the idea of blogging. The system is fast, easy to use, and easy to modify. New users should have no problem using and enjoying Habari. Advanced users should have no problem tweaking Habari to do exactly what they need it to do.
Habari relies on PHP5 with PHP Data Objects (PDO), and your choice of SQL database (MySQL, PostgreSQL, SQLite). Habari is strongly object oriented, and implements the full suite of the Atom Publishing Protocol. User-created plugins make Habari do nearly anything imaginable, and a robust theme system permits the use of several popular templating solutions.
There are three reasons why you might want to try this out,
First, it’s built from scratch, i.e it’s a clean state .
Imagine starting on the ground floor. There were no presidencies, no set stringent codebase that couldnâ€™t be altered, no existing userbase that might be confused and the list goes on.
Second, it’s using object-oriented PHP5 style. Which mean it’s more simple, elegant in design and easily extensible. No need hundreds more lines of code when you have several simple function which already exists on PHP5.
From my point of view, WordPress is not well designed. This starts for example with the fact that they are escaping all input for the database in the beginning, and later when issuing the queries they just put variables directly into the query. The bug I released (charset conversion SQL injection) would not have been possible if they had chosen the more common design, to escape everything right before it is put into the query. Others might argue that they should better use prepared statements and variable binding, but WordPress has to be compatible with old MySQL databases and PHP installations that do not support this. Another problem of WordPress is that it is sooo user friendly that it spits out detailed error messages when a SQL query fails, such that a potential attacker can gain information about the query. This for example leaks the database table prefix.
The problem with many of these big PHP applications like WordPress and PHPBB is that they were started in the days when security was not taken so seriously, and from that day they have grown and grown. In many cases it would have been better to just rewrite them from scratch, but that is of course a lot of work and most people don’t like the idea.