PodHawk Podcasting to the world!

...to PodHawk.

PodHawk is a content management system specially designed for audio and video podcasters. Developed from the well-established LoudBlog software, PodHawk will manage your audio and video files, generate a full podcasting RSS feed, and allow you to present your postings on an attractive web-page. There is a choice of Flash players, so your listeners can listen to your masterworks straight from your site.

This site runs entirely on PodHawk, and shows a few of the things that PodHawk is capable of doing. You can read much more about PodHawk here, and download PodHawk 1.71 here.

Photo of a red-tailed hawk by Vicki’s Nature/flickr

There is a potential vulnerability in the system for handling comments from listeners/users. I have fixed it in a new release, PodHawk 1.73. You should upgrade your PodHawk installation as soon as possible.

Only two files need to be changed – podhawk/inc/commenthandler.php and podhawk/inc/smarty-functions.php. The new versions of these files are available for download here. You can if you prefer simply download these two files and upload them to your site in place of the existing files with these names. They will work on any PodHawk version since 1.7. If you have an older version, please consider upgrading now.

The vulnerability affects only the inbuilt PodHawk commenting system, not the option to use Disqus comments.

I have released PodHawk 1.72 today.

This is mainly a bug-fix release. In particular, the missing files in the Facebook plugin have been restored.

The two new features are:

• improved security of the Smarty templating engine. Details here.
• one-click options on the id3 page to use the post title in the id3 title tag and the post summary in the id3 comments tag.

You can download PodHawk 1.72 as a zip or a tar.gz package from Sourceforge. There are instructions for installing and updating in the packages.

I have released PodHawk 1.71 today. You can download a copy from Sourceforge.

The main new features are:

• a new Facebook plugin. This is needed because Facebook have made large changes to their API. Many of the features of the old PodHawk Facebook feature have ceased working or will shortly do so. Details here. If you use the old Facebook feature, you should switch to the new plugin, and change the settings for your Facebook application, as soon as possible.
• a new URL rewriting plugin, which will automatically rewrite the URLs of your site pages so that they are more “human readable”, and will adjust the links on your web pages to match.
• a revised Ping plugin. I have removed pinging services which no longer accept automated pings, and included a facility for adding your new post to your Delicious bookmarks.
• an autosave feature on recording page 2. This saves the posting text and title every 30 seconds, so that you never risk losing your work when your session expires. You can switch the feature on and off from the settings page.
• also on recording page 2, there is a new box in which you can enter a short summary of your posting. This is used eg in the “description” metatag in the head section of your web page and in your Delicious bookmarks.
• improved interfacing with the Disqus commenting system.
• a facility for putting QR barcodes beneath your posts. Users with Smart phones can download your podcast simply by scanning the bar code with their phone. Details here.
• a Flash file uploader on the images page, so that you can upload multiple images at the same time.
• PodHawk now downloads certain Javascript files (jquery, swfobject) from Google instead of from your site. This should improve speed and reliability.
• an improved menu system in the admin pages.

Because it was urgent to make the new Facebook plugin available, I have not had time to rewrite the interface between PodHawk and the JW player. PodHawk appears to handle the latest JW player (version 5.4) fine, but does not yet exploit its ability to use html5 tags on devices like iPhones which cannot use Flash. I will do this for the next release.

I have started work on PodHawk 1.71. Apart from a few bug fixes, I have so far programmed :

• a Flash uploader for the images manager. This will allow multiple image uploads.
• an autosave feature for recording page 2. This will automatically save the posting title and text every 20 seconds, so that you will never again lose work when your session times out.
• some changes to the way that PodHawk interfaces with the Disqus commenting system. These will load Disqus comments asynchronously so that they do not delay the rest of the page. They should also ensure that comments continue to be associated with the right post, even if users use search-engine friendly urls to access your posts.
• A feature to display a QR barcode below postings to allow users to download the audio or video file direct to their iPhone or other Smart Phone

I would be grateful for your comments as users on one point however. As you know, PodHawk (like Loudblog before it) contains a facility which allows listeners to upload audio comments as short mp3 files. To use this feature, you need to enable it for each post on recording page 2. The trouble is that it is insecure. There is very little to prevent a user from uploading and running a malicious script. I could develop ways of improving security (eg storing audio comments outside the document root) but I wonder if it is worth it. I have never seen a PodHawk site which allows audio comments. It might be best to remove the feature completely. What do you think?