Wordpress

I just released WP Mollom 0.7.1. Here’s the changelog:

• fixed: all plugin panels are now shown in the new WP 2.7 administration interface menu
• fixed: non-western character sets are now handled properly in the captcha form
• fixed: handles threaded comments properly
• fixed: multiple records in the manage module not correctly processed
• improved: extra – non standard – fields added to the comment form don’t get dropped
• improved: revamped the administration panel
• improved: various smaller code improvements
• added: the plugin is now compatible with the new plugin uninstall features in WordPress 2.7
• added: the ‘quality’ of ‘spaminess’ of a comment is now logged and shown as an extra indicator

Wishing all the best in 2009!

Yes. WordPress 2.7 is out. Your favorite blogging tool has gotten a serious overhaul: a totally new administration panel, loads of bugfixes and lots of new features.

The plugin API has been extended: you should now use a seperate file to store all uninstallation logic instead of relying on the deactivate callback, options should be registered with WP (mandatory in near future versions) and the submenu structure onto which you can hook your own settings is revamped.

If you haven’t already noticed, WP Mollom 0.7.0 has some minor issues with 2.7. Most notably, The management panel disappears. Between boxing my stuff, frantic phonecalls and spending countless hours commuting through Flanders, I’m trying to get the plugin up to speed.

Translating WordPress has always been very easy through gettext and tools like poedit. The availability of a whole range of languages and dialects that can be used to replace the standard English messages in WordPress is one of the factors that has contributed to the success of the CMS.

Of course, this support for translation is also available for plugins and themes. Since language shouldn’t be a barrier, I’ve been building support for translations into WP Mollom over the past weeks. The idea is that one can download a translation libary (a .mo file with all the translated strings in his language) and install it without a hussle.

So, today I tested the whole translation support fairly thoroughly and, well, there’s this rub. If I install the plugin using the local MAMP installation on my iBook G4, all is fine. The plugin gets translated in Dutch nicely. But if I try to enable the translation on line, on this blog and the testblog running on this domain, it doesn’t budge. Everything in the on line WordPress setups get translated fine… except for the plugin. I’ve tried switching off all the plugins, veryfing and re-veryfing paths, code, translation files,… and I still don’t see what’s really causing this.

So, I would like some help and see if other people are experiencing the same problem. If you are in for a challenge and you use translation support, dowload the development version of the plugin and give it a go. Just drop the wp-mollom/ folder in the plugins/ folder and make sure you have translation support on your WordPress installation activated.

Drop me a line if you have suggestion! Thanks!

• Jon Burgerman – pens are my friends – coooool!
• YouTube – Sarah Palin, Tina Fey on SNL – I can see Russia from my house!
• CSS Systems –
• QuirksMode – for all your browser quirks –
• 6 Tips for Localizing Your WordPress Plugin · Pressed Words –
• Top 5 Free Linux Games –
• Groundhopping – A pictorial documentation of Belgian football grounds
• YouTube – A day in the life of a Portal Turret –
• YouTube – Portal Turret-Speak –
• 23 awesome license plates for computer geeks –
• Penny Arcade! – The Origin Of The CD-Keys, Part Two –
• Dear United States, we apologize for the following items. Love, Canada – A truly Canadian apology for all the “wrongs” they have done towards the U.S

Welja, ik ben natuurlijk nieuwsgierig naar de mate waarin mijn plugin wordt geïnstalleerd en opgepikt. En natuurlijk durf ik dan al eens rond te googlen. Dus gooide ik even wp-mollom als trefwoord door Google.

Wat mij opviel in het lijstje was dit:

Inderdaad, een open directory bij Clopin. Blijkbaar heeft Clopin niet alleen de plugin op zijn blog gegooid, maar ineens de volledige wp-mollom/ folder inclusief screenshots. Via die toegang is het een koud kunstje om zijn plugins/ folder uit te lezen. En uit die informatie kan ik meteen een aantal dingen afleiden.

• Clopin maakt – uiteraard -gebruik van WordPress.
• Ik weet nu welke plugins Clopin op zijn WordPress blog heeft draaien.
• Aan de hand van de data waarop de files en folders werden aangemaakt zie ik of er oudere en nieuwere plugins tussen staan.
• Ik ken nu niet alleen de actieve plugins – waaronder de plugins die in alle stilte hun werk doen -, maar ook alle, waartussen wel eens oudere, vergeten versies zitten, inactieve plugins.
• Ik weet meteen ook het model webserver en eventuele modules waarop Clopin.be draait.

Het spreekt voor zich dat dit vrij interessante informatie is voor kwaadwillige hackers. Door veiligheidslekken in oudere plugins uit te buiten, kunnen die wel eens lelijk huis houden. Niet dat ik daarmee iets nieuws vertel, maar ik vind het een mooie aanleiding om dit probleem even aan te kaarten. Ook anderen bloggers tonen eveneens voor Jan, Pier en Pol welke plugins ze op hun blog hebben draaien. Google indexeert die volledige folder trouwens. En nog een pak meer.

Anderen zijn voorzienig geweest en schermen de boel volledig. Probeer maar eens met die laatste google zoekopdracht dezelfde informatie te achterhalen en naar hun plugins/ folder te surfen.

Wat kan je hieraan doen?

Wel, je kan verschillende strategieën gebruiken. De meest eenvoudige is een – al dan niet lege – index.php file in de folder te droppen waardoor je de inhoud van de folder onzichtbaar wordt. Of je, als je wat avontuurlijk bent aangelegd, een .htaccess file aanmaken die toegang tot de folder blokkeert. Let wel op dat je de boel niet te hard dicht timmert waardoor je blog kapot gaat.

Lees meteen ook even dit artikel met 3 eenvoudige tips om je WordPress website te beveiligen. (via bram.us)

O ja, ik ben zelf een tweetal jaar geleden het slachtoffer geweest van een hacker. Ik heb de tips in kwestie toen al toegepast. Geen overbodige luxe dus.

I just tagged version 0.6.1 of WP Mollom in the WordPress Extend repository. Which means in a few moments, you’ll be able to download the latest installment of my plugin.

So, what has changed? Well, this is a bugfix release which means no new features. Here’s the changelog:

• Fixed: division by 0 error on line 317
• Fixed: if ‘unsure’ but captcha was filled in correctly, HTML attributes in comment content would sometimes be eaten by kses
• Improved: the mollom function got an overhaul to reflect the september 15 version of the Mollom API documentation
• Changed: mollom statistics are now hooked in edit-comments.php instead of plugins.php
• Added: _mollom_retrieve_server_list() function now handles all getServerList calls

Although almost all basic functions are up and running now, there’s still a long road ahead. Today, I’m happy with what I’ve accomplished technically so far, but such things as usability, performance, flexibility,… still need more work. For instance, there’s still no WordPress MU version, i8n support is still missing, the backend needs more simplifying and much more.

But then again, if spam annoys you as much as the mosquitos in my room did me last night, then this is the plugin for you. Download the package, drop wp-mollom.php in your plugins folder, register with mollom.com to get your keys, just configure them in the plugin and you’re all packed with some serious spam stoppage power.

Happy blogging!

• Mijn Drupal workflow: enkele tips voor het opzetten van een Drupal site – Sken.be over zijn Drupal werkwijze
• SitePen Blog » Supercharge Your MAMP Environment –
• Enable TinyMCE for editing CCK text fields | drupal.org –
• 5 reasons to avoid iPhone 3G –
• PitsLamp — Fotografie & webdesign – Collega Filip Bunkens gaat zelfstandig!
• WordPress Plugin Repository – A better search through Google against the WordPress Plugin Repository

Voor zij die allerlei problemen hebben met inloggen na de upgrade naar WordPress 2.6: gewoon je cookiecache – of de specifiek cookies van WordPress – in je browser ledigen. En dan nog eens proberen om opnieuw in te loggen.

Wat is nu de oorzaak van dit probleem? Ryan Boren’s artikel SSL and Cookies in WordPress 2.6 legt het mooi uit. De beveiliging van het adminpaneel is in 2.6 verder opgedreven. Naast klassieke HTTP laat WordPress nu ook toe om te werken via HTTPS (HTTP over SSL) wat een stuk veiliger is. Technische details daar gelaten, liet WordPress vroeger 1 cookie achter die aangaf of je ingelogd was of niet. In de nieuwe versie ligt het anders: nu worden er 3 cookies gebruikt waarmee WordPress nagaat of je bent ingelogd en al dan niet gemachtigd om het adminpaneel te gebruiken.

Het is duidelijk dat bepaalde browsers na de upgrade halsstarrig vasthouden aan de oude pre-2.6 cookie in hun cache. Dat zorgt voor een loginprobleem. Door je cache manueel te legen zal WordPress automatisch 3 nieuwe cookies plaatsen wanneer je opnieuw probeert in te loggen.

It took me the better part of June to prepare a new version of Mollom. But today I released version 0.5.0. You can download the package here.

So, a lot has changed since version 0.4.0…

• I rewrote the SQL after this suggestion on Pressed Words. Mollom now uses it’s own table to store all it’s data instead of fumbling with the WordPress data model.
• I fixed the incompatibility issues with WordPress OpenID plugin.
• Improved the error handling.
• Status messages are now a lot more verbose
• Added the mollom_moderate_comment($comment_id) tag for use in templates and themes. This allows direct moderation of a comment without first having to go to the dashboard.
• … a lot more!

So download, go forth and protect your blog against those vile spammers through Mollom!

These two weren’t the best friends over the past couple of weeks. Since someone notified me they weren’t compatible, it took some time to figure out what was going wrong. My initial suspects was an icky way of dealing with the action hooks. Either by my plugin or WP OpenID. But after extensive testing, I concluded that the order in which the action hooks call the different plugin functions, wasn’t problem.

I identified the problem as the comment data getting lost somewhere along the way. I tested the OpenID plugin and the transition to the Mollom plugin. In the end, I could narrow the problem down to odd behaviour of global variables in WordPress. Let’s take a look at this bit of code:

<br> function dosomething($ds_comment) {<br> global $ds_comment;<br> print_r($ds_comment);<br> return $ds_comment;<br> }<br> add_action('preprocess_comment', 'dosomething');<br>

For brevity’s sake, I ommitted the obligatory WordPress plugin header. But if you add it, put this bit in a seperate file, upload it to your plugins/ folder and activate. Now you can test if yourself. The idea is that the array containing the commentdata is shown in your browser just before putting it in the database (notice that your browser doesn’t redirect to the original page, but that’s not the issue here). In reality, you’ll get a blanco page. Meaning the array $ds_comment is in fact empty. Further on, you’ll just pass empty variables and in the end save an empty record to your database. The comment got lost into cyberoblivion. Not very nice.

Now. Just comment out or remove the global $ds_comment; bit and try again. Now, if you submit a new comment, the data will be output to the browser nicely.

Conclusion: If you make the very same variable that was passed as an argument through the function, global, the data just gets lost. Very odd. Now, if you create a new, empty, global variable within the function and assign the data from $ds_comment to it, there is no problem whatsoever.

I wonder how this could happen…

Ow. Making a lot of variables global, especially those with sensitive data, is not really best practice. There are more gracious ways of passing data around like OO programming design or paying attention to correct function reuse. In a future incarnation, I’ll try to reduce the amount of globals I use. For now, I just want the damn thing to behave like it should. 😉