Archive for the 'WordPress' Category

WordPress 2.3.3 Security Release

Published
by
Tyler
on February 5, 2008
in Internet, Open Source, Personal and WordPress
. Comments Tags: , , , , , , , .

WordPress version 2.3.3 has been released. This release, like the previous one, addresses an urgent security vulnerability that was found in the WordPress XML-RPC implementation. The flaw could allow any valid user on your blog to edit posts made by other users on your blog.

WordPress 2.3.3 also fixes some other minor bugs. If you don’t care about those minor bug fixes and just want to patch your blog against the XML-RPC vulnerability, you can download a fixed copy of xmlrpc.php and copy it to your WordPress installation directory, replacing the existing xmlrpc.php file.

You’re probably better off just downloading WordPress 2.3.3 and doing the full upgrade.

Popularity: 10% [?]

WordPress 2.3.2 Urgent Security Release

Published
by
Tyler
on December 29, 2007
in Internet, Open Source and WordPress
. Comments Tags: , , , , , , , .

The WordPress folks have released WordPress 2.3.2, describing it as an urgent security release. This latest version fixes a bug that can be exploited to display your draft posts. Some changes have also been made to prevent certain error messages from giving away more information about your database than they need to. I would strongly advise that WordPress users install 2.3.2 ASAP.

WordPress 2.3.2 includes a new feature to allow you to customize the error page that’s displayed when WordPress can’t connect to your database. You can see the full list of changes between 2.3.1 and 2.3.2, you can also see which bugs are fixed in WordPress 2.3.2.

Head over to the 2.3.2 announcement post on the Dev Blog for the full story on WordPress 2.3.2. If you don’t care about any of that, you can just head straight to the download.

Popularity: 13% [?]

Unwakeable: The Future And WordPress 2.3

Published
by
Tyler
on October 9, 2007
in Internet, Noteworthy, Open Source, PHP, Personal, Unwakeable and WordPress
. Comments Tags: , , , , , , , , .

I’ve waited far too long to post an update on Unwakeable 2.0 and it’s status, so here it is, almost. First, I’d like to address the issues with the current Unwakeable release (version 1.2.1) and WordPress 2.3. There’s a few issues, although most of them are fairly minor.

1. Tags: Unwakeable 1.2.1 does not support the new tagging system in WordPress 2.3. If you’re using the new tagging system, your tags will not be displayed. Ultimate Tag Warrior still works just fine with Unwakeable 1.2.1 and WordPress 2.3.

2. Prototype: Livesearch (and probably rolling archives) don’t work with WordPress 2.3. I really have no idea why, it’s probably a combination of a few things. One major contributor is probably the fact that WordPress 2.3 likes jQuery instead of Prototype, and Unwakeable relies heavily on Prototype for it’s ajax effects, such as livesearch, rolling archives, and live commenting. I only use livesearch, so I can’t say for certain if rolling archives and live commenting were truly broken. All I know is Firefox CPU usage skyrockets when loading this site when livesearch is enabled.

3. Archives Page: The archives page is slightly broken, it displays an error similar to this at the top:

WordPress database error: [Table 'tlongren_wordpress.wp_categories' doesn't exist]

That happens because Unwakeable 1.2.1 doesn’t know about the new taxonomy schema in WordPress 2.3. WordPress 2.3 does away with three tables, categories, post2cat, and link2cat. Those tables are replaced by three new tables that, when combined, offer much greater flexibility in handling post categories and blogroll categories. I think this new schema handles tags as well.

4.Tag Archives: This may be unique to this site, I haven’t tested, but whenever you try to visit a tag archive (my unwakeable tag archive for example), a 404 is received. Obviously, it should display all the posts with the given tag. Can anyone using Unwakeable 1.2.x confirm this is also broken on their WordPress 2.3 site?

5. Unknowns: There’s probably lots of broken things I’m not aware of. K2 Sidebar Modules may very well be one of them. I really doubt they work 100% because they make some use of categories. If you’ve got anything I’ve missed, please let me know about it so I can make sure it’s working in Unwakeable 2.0. One thing that DOES work that I entirely expected to be broken are the category archives. I was ready for all sorts of errors when trying to view a category archive, like the Unwakeable category archive, but they display exactly as they did with WordPress 2.2.x. Please let me know if you’re aware of any other incompatibilities between Unwakeable 1.2.x and WordPress 2.3.
Continue reading ‘Unwakeable: The Future And WordPress 2.3′

Popularity: 18% [?]

WordPress Theme: Unwakeable 1.2.1

Published
by
Tyler
on September 4, 2007
in Internet, Noteworthy, PHP, Personal, Security, Unwakeable and WordPress
. Comments Tags: , , , , , , , .

I hadn’t planned on releasing another version of Unwakeable in the 1.x series, yet here it is. The release of Unwakeable 1.2.1 was prompted after the discovery of a cross-site scripting (XSS) vulnerability in the Unwakeable search functions.

The vulnerability makes it possible for people to run malicious code that could, for example, steal all the cookies from your domain. You can download Unwakeable 1.2.1 from the official Unwakeable page. There are no new features in Unwakeable 1.2.1. The only difference between 1.2 and 1.2.1 is the fix for the XSS vulnerability.

If you’re already using version 1.2 and don’t want to bother upgrading, I’ve put together a post describing the steps to take to patch the vulnerability in Unwakeable 1.2.

I apologize for the inconvenience and please let me know if you have any issues with Unwakeable 1.2.1.

Popularity: 20% [?]

Unwakeable XSS Vulnerability

Published
by
Tyler
on September 3, 2007
in Internet, Noteworthy, PHP, Personal, Security, Unwakeable and WordPress
. Comments Tags: , , , , , , , .

It was brought to my attention a couple days ago that Unwakeable 1.2 contains a cross-site scripting (XSS) vulnerability in the search piece. To test to see if you’re vulnerable, search for this on your Unwakeable site:

<script>alert('XSS Vulnerability!');</script>

If you see a javascript popup after searching, you’re vulnerable to attack and should follow the steps below to fix the vulnerability in Unwakeable 1.2. I’ve already taken steps to fix this vulnerability in Unwakeable 2.0, which will be released shortly.

To fix your installation of Unwakeable 1.2 you need to edit three files: serchform.php, theloop.php, and header.php.

1. searchform.php

First, open searchform.php and change this piece on line 8:

<form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>">

to this:

<form method="get" id="searchform" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">

2. theloop.php

Next, open theloop.php and change this piece on line 42:

printf(__('Search Results for \\'%s\\'','k2_domain'), $s);

to this:

printf(__('Search Results for \\'%s\\'','k2_domain'), htmlspecialchars($s));

3. header.php

Finally, open header.php and change this code on line 6:

Search for <?php echo $s;

to this:

Search for <?php echo htmlspecialchars($s);

That’s it, once you’ve made those three changes you should no longer be vulnerable to this cross-site scripting attack. To make sure, just perform the search I mentioned above. It should no longer produce a javascript pop-up.

You can find out more about this vulnerability at blogsecurity.net. They have a tool called WordPress Scanner that will scan your WordPress installations for security problems.

Let me know if this fix doesn’t work for any of you.

Popularity: 16% [?]

Unwakeable and Vacation

Published
by
Tyler
on August 2, 2007
in Internet, PHP, Personal, Unwakeable and WordPress
. Comments Tags: , , , , , , , , , .

Ashley and I both managed to get a week off work for vacation this last week. We spent the week (7/21/2007 - 7/28/2007) in Northport, Michigan with the Davis family, that’s Ashley’s mothers side. I can’t even begin to explain how nice it was to have a week off work. We both had a great time in Michigan, except for the visit to Mackinac Island. I could not believe the number of people on that island, way too many for me to deal with.

We stayed the entire week at Northport Bay Retreat, a gigantic property that’s owned by Mike Anton (Anton & Co). Anton owns another property on Spider Lake, also in Michigan, that we’re hoping to get for the next reunion. We actually tried to get the Spider Lake location for this reunion but weren’t able to. The Spider Lake location is a much better fit for our group than the Northport Bay location, for multiple reasons that I won’t go in to here. Ash and I took a few pictures while in Michigan, but not nearly as many as I would have liked.

I did a little work on Unwakeable 2.0 while we were in Michigan. I’ve continued work on 2.0 since returning and have it very close to being ready for release. Unwakeable 2.0 will include some new styling options. For example, you can choose custom colors to use in the header and you can also customize sidebars. Unwakeable 2.0 includes the ability to choose from no sidebar, a single sidebar, or dual sidebars. Unwakeable 2.0 can also be set to fixed or flexible width. Flexible width will let Unwakeable adjust itself to fill most of the browser window.

I’ve also built sidebar modules for Gregarious, WP-PostRatings, and WP-PostViews. This will allow you to use those plugins in your dynamic sidebar provided you have the plugins installed and activated. Also, support for the LMB^Box Comment Quicktags plugin is included. All you have to do is download and activate the plugin and it will automatically start working with Unwakeable.

I expect I’ll be releasing Unwakeable 2.0 within 2 weeks, need to get some more testing done before releasing it to the wild though. Please note that Unwakeable 2.0 can only be used with WordPress 2.1 or later. If you’re using WordPress 2.0, Unwakeable will not work.

Popularity: 12% [?]

cheap xbox 360 games - buy from zavvi
cheap xbox 360 games - zavvi

mobile phones - Web Design - Debt - Loans - Loan - Credit Card Consolidation
Search Engine Optimisation - Mobile Phone - Bike Insurance - Landlords Insurance - Search Engine Marketing - Mobile Phone