My previous post was typed in a bit of a hurry (was it that obvious?) and could probably have done with a few more sarcasm tags, though I think I still have a valid, if small, point. It surprised me that these well-maintained projects seem to be content to run with what I would consider to be errors. Though they do run, otherwise nobody would be using them. For what it’s worth, SilverStripe and I have made up and it’s all going swimmingly at present. Thanks to everyone who commented with recommendations; I’ll try and follow some of them up when I get time.

One comment did ask me to define what I meant when I refer to a “lightweight” CMS – basically, I was looking for something that will allow me to create a hierarchy of pages that consist roughly of a title and content. Nothing fancy. I don’t need multiple content types, complex user management, discussion forums, built-in wikis, etc. It’s the sort of thing I could have coded up in a couple of days using any number of frameworks, but I figured there’d be something off the shelf that’d do what I was after.

Another commenter questioned why I cared about coding standards warnings seemingly more than avoiding SQL injection and XSS and CSRF protection – I don’t, those are absolute hard requirements for any application. I’d put avoiding the coding standards warnings somewhere above “nice to have”, but those warnings are indications that something is being done in a way which is either less than ideal (such as using non-static methods in a static context, a la Concrete5), or deprecated (such as using the ereg functions).

My next post shall try and be a little more constructive, as I release some code.