May be I should tell to you that the preg_replace /e option issue is on the way to be fixed.
What's the /e option issue
It is fully explained in this page, but basically the
/e option is added at the end of the regular expression to tell to function
preg_replace it must call to a function with every result of the search.
The problem appears when it is used to format or validate data sent by user to be displayed in a page. In that case it can be used to inject PHP code. A fast fix is to substitute
preg_replace_callback. Another fix is to use other algorithms or code to do the work.
What I'm doing to fix it
I'm doing a simple update to the Gesbit core to fix it. In some cases I've updated some third party libraries that fixes this issue by themselves. In other cases I've modified several core lines. This last cases I'm doing the "fast fix" I talked previously.
I didn't test all them so may be they don't work properly at the moment. If you find any issue, please tell me.
As promised, I've just uploaded version 2.0.1.
Changes are described in the previous post, and are mostly aesthetics.
You can download it from the downloading page.
So, here we are again.
About six years after release the 2.0, here we are again working on the Gesbit web blog manager. If you follow the SVN repository, you see some small improvements, including the new version of the default gbSimple theme, much more HTML5, and a new English language available. All these changes will be released soon as version 2.0.1 (actually it should be version 1.10.1, but David did messed up with the version stuff).
Also, there are a lot of stuff planned, enough to call it version 3.0.0. Main core will be rewriten with new internal API wich will include more data base manager support (i.e. Interbase, Oracle and more), as well as a public API that should make it easy to integrate Gesbit with other web-based applications. But as I've said this is a long-term planned stuff.
At the moment, version 2.0.1 (WIP) is available at SVN TRUNK (You can download a snapshot), and soon will be available for download.