BTEV Wordpress Plugin Page

Michael Dale

BTEV now has a WordPress plugin page

BTEV 0.3

Michael Dale

Version 0.3 of Bluetrait Event Viewer for Wordpress is now out.


You can download it here.


This version tracks more events (and allows you to override wp_login to track failed logins too).


Tested on Wordpress 2.0.9 and 2.1.2

Wordpress Event Viewer

Michael Dale

I'm in the process of writing an event viewer (similar to the one in bluetrait) plugin for Wordpress.


Should be out sometime next month.




EDIT: An alpha version can be downloaded from here

WordPress.com Golden Ticket

Michael Dale

A long time ago in a galaxy far, far away you entered your email address on http://wordpress.com/ to get a blog.

We're now inviting small groups to use WordPress.com and your email address was selected today!

So yeah I thought I should give it a try, here. I don't plan on moving to it, but I will see how it runs (and hey, it's free bandwidth!).

EDIT: I've also got an invite, if anyone is interested.

Using wordpress

Michael Dale

If I were to use wordpress, I'd use this.

Much faster.

Wordpress 1.5

Michael Dale

Wordpress 1.5 has been released and can be downloaded here

WordPress 1.2.2 is available

Michael Dale

[quote]

WordPress 1.2.2 is now officially available for download. This release fixes a few bugs and security issues and is recommended for all 1.2 users. There have only been minor changes since the last release, so if you’re upgrading from any 1.2 version you can follow the normal upgrade instructions.

Here’s a few of the things we’ve addressed in this release:

* Login problems
* A security fix for a specific IIS/PHP combination
* Last-modified header bug
* An issue with the way site moves were handled
* Email encoding issues

Sorry this took longer to get out than some people thought it should, a couple of issues came up at the same time and we wanted to roll everything into one release so you wouldn’t have to upgrade multiple times. If you have any problems please let us know in the support forums.
[/quote]

The download can be found here: http://wordpress.org/download/

Wordpress 1.2.1

Michael Dale

This release of Wordpress is principally a bug fix and security release. This version fixes the problems talked about here (http://blog.dalegroup.net/archive/blog/newsid/149) and also a few other problems. The full run down can be found here:
http://wordpress.org/development/2004/10/wp-121/

It is highly recommended that you upgrade to this version asap.

[quote]Upgrading from 1.2 is very easy. Your existing templates and plugins should work just fine; all you need to do is overwrite the wp-* files and folders. To upgrade:

1. Download 1.2.1
2. Unzip
3. Upload the new files to your site, taking care not to overwrite anything you may have modified like index.php
[/quote]

To download the latest version see this link: http://wordpress.org/download/

XSS Security Holes in WordPress

Michael Dale

Security vulnerabilities have been found in WordPress that allows users to enter code into the site through certain urls (whose content is not checked).

Examples:
http://[victim]/wp-login.php?redirect_to=[code]
http://[victim]/wp-login.php?mode=bookmarklet&text=[code]
http://[victim]/wp-login.php?mode=bookmarklet&popupurl=[code]
http://[victim]/wp-login.php?mode=bookmarklet&popuptitle=[code]
http://[victim]/admin-header.php?redirect=1&redirect_url=%22;[code]//
http://[victim]/bookmarklet.php?popuptitle=[code]
http://[victim]/bookmarklet.php?popupurl=[code]]
http://[victim]/bookmarklet.php?content=[code]
http://[victim]/bookmarklet.php?post_title=[code]
http://[victim]/categories.php?action=edit&cat_ID=[code]
http://[victim]/edit.php?s=[code]
http://[victim]/edit-comments.php?s=[code]
http://[victim]/edit-comments.php?mode=[code]

XSS (cross-site scripting) holes are common in many php scripts and Wordpress isn't the only effected blogging tool. LiveJournal and Blogger are also vulnerable.

Athlough this is a somewhat large security issue wordpress users shouldn't be too worried, all scripts have bugs.

The Wordpress team are working on a 1.2.1 release to fix these issues. So look out for it.

Related links:
http://wordpress.org/support/4/13818
http://wordpress.org/support/7/13856
http://news.netcraft.com/archives/2004/09/30/security_holes_in_wordpress_blogging_tool.html
http://secunia.com/advisories/12683/

Wordpress now has a bit of dale in it.

Michael Dale

I'm one for gloating, so I thought I'd try and raise ye old ego a bit more (as you do ;)). Anyway as you may (or probably may not) know I hacked apart wordpress to leach some of its sending trackback function and found a very small bug. The bug being if you ran wordpress on a non standard port (i.e anything other than 80) then people would be unable to send a trackback to that site. Wordpress ignored the fact that someone may have enter a port number into the trackback url. Only a small bug.
So I emailed the good matt ( http://www.photomatt.net ) about the problem and included a fix for it. Less than 24 hours later wordpress is patched and the latest nightly build includes this small fix.

It's just cool that anyone can help add/fix things to open source software. So praise open source (and wordpress for being so).

w00t

/end ego boosting post ;)

no I'll never like wordpress, shutup! :S