Bug

Since a couple of weeks people using WP Mollom got hit by some spam. On friday, Bert took the problem to Twitter, which caught my attention. Of course, we want to get rid of all the spam and so I notified Dries.

Over the weekend, Dries did some research in the logfiles and noticed some disturbing patterns concerning feedback sent from WordPress blogs using the plugin. Most moderated messages got reported as ‘profanity’ rather then ‘spam’. That led, with the much appreciated help of Pascal, to the discovery of a nasty bug in the feedback functions of the plugin.

It seems that spam was reported as ‘profanity’ and ‘unwanted’ as ‘spam’. The feedback qualifiers got totally messed up in a conditional block… and accustomed with the code as I got, I probably read over it a thousand times without really noticing the error. Through sending the wrong qualifiers, the Mollom servers can not interpret correctly what is spam or not for your blog. This has, of couse, a serious impact on the performance of Mollom.

Given the nature and the severity of the error, I corrected it and put version 0.6.2 with *only* this bugfix up for release on WordPress Extend. So, if you’re running version 0.6.1 or lower, you should download the fixed version as soon as possible.

So, I wrapped up version 0.5.2 of WP Mollom today. This release is all about fixing several bugs.

• fixed: passing $comment instead of the direct input from $_POST to the show_captcha() and check_captcha() functions.
• improved: implemented wpdb->prepare() in vunerable queries
• improved: mollom_activate() function now more robust
• changed: mollom_author_ip() reflects changes in the API documentation. This is to catch up on the abuse of proxies by spammers. If your host uses a reverse proxy and you know the ip(‘s), just enter them in the dashboard. The plugin takes care of the rest.

I tried to make the plugin compatible with the WP OpenID plugin over the past weeks. But no dice. Stable version 2.1.9 of WP OpenID doesn’t deal with extra fields added to the HTTP POST by other plugins when a request is send to wp-comments-post.php. This causes WP Mollom’s CAPTCHA form and subsequent checks to malfunction.

The good news is that Will Norris of WP OpenID is aware of the problem. The development version does contain a fix for this problem and is actually compatible with WP Mollom. You can check out a copy from the DiSo Project’s Google Code repository if you really want OpenID and Mollom support on your site.

As always: refer to the documentation regarding all the in’s and out’s.

Hmpf, ubuntu op mijn desktop hier thuis geïnstalleerd. Vijf minuten duurde het vooraleer bug #38181 het zaakje terug naar af stuurde. Totale lock-up en verplichte reboot.

Blijkbaar is het probleem al twee maanden gekend, dus nog voor de release van Dapper. Wat ik wel jammer vind. Er zullen altijd wel fouten zijn, maar dit vind ik wel een vrij grote. Als je als nieuwbakken gebruiker Ubuntu van voor het eerst uitprobeert, dan laat zo’n bug géén goede indruk na. Nu ja, dan maar een zwart scherm als screensaver genomen…

Firefox heeft zo zijn goede kanten. Maar er is ook een duistere zijde. Getuige daarvan volgende bug die onlangs werd gemeld. Even naar beneden scrollen en de eerste commentaar lezen…

This privacy flaw has caused my fiancé and I to break-up after having dated for 5 years. Basically, we share one computer but under separate Windows XP user accounts. We both use Mozilla Firefox — well, he used to use it more than I do but now we don’t really use it.

Pijnlijk… Eens zien hoe snel ze dit gaan oplossen!