1 week into the month…

..and the bots are going crazy:
-bash-3.2# cat /var/log/secure | grep "Failed password" | wc -l
72595

72 thousand invalid password attempts (most of those are against root, although theres a lot for <random 5 character usernames>).

Thats 10,000 a day, about one every 10 seconds..

Revision Control 2.0 Beta

The time has come for a Beta release of Revision Control 2.0. Would also like to announce that I’ve Cracked the 20k downloads on a plugin! currently its standing at 233,337.

Download 2.0-beta Now. Download POT file for Translations

Things to note of this release:

  • Fully rewritten from scratch
  • Better support for multiple post types
  • 100% api usage, less chance of breaking something
  • Revisioning of Categories and Tags (Well, Any taxonomy really!) – One limitation, It doesn’t restore this, thats for the next Revision :)
  • WordPress 2.9+ only.

Compatibility with older releases: I’ve not 100% tested backwards compatibility, That will come this next week, For new users, you’ll have no problems, for existing users, you should be warned that your settings may not be remembered, more testing needs to happen to verify that it works in 100% of cases.

If you’d like to submit a Translation of this plugin, or encounter a bug just send it along to wordpress@dd32.id.au

Thank you to all,
Dion

EDIT: Release Date: 24th Jan 2010 – approximately.
EDIT2: Updated the POT and .zip locations, There were a few translation issues.

Nearly there… Revision Control 2.0

Revision Control 2.0 is nearly here.

A quick list of changes:

  • Fully rewritten from scratch, Will require WordPress 2.9+
  • Better support for custom post types (Will make much more sense with 3.0!)
  • Support for Revisioning of Taxonomy data ( Doesnt restore at present, Mearly revisions it)
  • Many small bugs removed from previous versions

Features in the pipeline (2.1?)

  • Restoring of Taxonomy Revision Data
  • Support for Metadata revisioning (Custom fields, Post thumbnail, etc)
  • Delete all revisions from Admin UI (Or potentially, cleanup so theres only 5 revisions for each post for example)

This seems like a small list, but for a small plugin, its actually a rather large ammount of work to get through.. If you feel like testing it out, Please do, You can download it from here: http://downloads.wordpress.org/plugin/revision-control.zip

Some of those 2.1 features may be in 2.0, It depends on how much time i have amongst other things in life, and how much testing is required.

Translators: Sorry, But i dont have a list of your email addresses to contact you directly.. I’ll be setting up a GlotPress installation for this sort of thing i think :) Feel free to take the langs provided and update them.. I may remove the old ones entirely shortly..

To those of you using some of my other plugins which have been lacking in updates, Most will be recieving a rewrite this year, hopefully in the coming months – But i do not have the time to give any definites here, Some will not be touched. Add From Server is the next on the list however!

A Call to Arms

WordPress 2.9 was just released, And several users have run into a bug. Surprising? Not really. Theres one simple reason for this, While thousands of people Test each and every WordPress release, These users are not You.

I’d like to use this as an example to all here, Why WordPress needs your help. No, I’m not talking about Coding help specifically, I’m talking about Testing. WordPress requires that users test the product throughout the development period.

WordPress is an open source application written by hundreds of contributors. While those hundreds probably use the Development version of WordPress every day, They do not use the same webhost as you, nor do they have the same theme, nor do they have the same requirements, They use different functions of WordPress than you.

During The beta and RC stages, thousands of people download and test, These testers are end users like you, In order to prevent these bugs getting into a released product, It requires that users actually take part in the developement of WordPress and report the bugs encountered.

Testing WordPress is not just something that Developers should do. If you use WordPress and enjoy using it, Please take some time once every few months to test WordPress, Its announced on the Dev blog when Beta’s are available, On a default install of WordPress, The Dashboard should have a RSS feed mentioning the releases too.

So please, For 3.0, When a Beta is released (Theres generally ~2-3 weeks of beta, with 2-3 beta’s from my quick recolection) Install it on your website, It doesnt have to be your main one, it can be in a subdirectory (ie. your usual one at http://my-site.com/ and the test at http://my-site.com/testing/), and test that things works ok for you, and your plugins, This does take an hour out of your time, and i realise not everyone can afford it, But it may spare you 2-3 hours of your time, when after a release, a bug that affects you is found, that a Developer had not noticed.

WordPress requires your input, Whilst I agree there are some downfalls in reporting bugs sometimes (Please do not flame me with related messages here, I’m not after that, This is mearly a request for more contributions) overall, your contributions would be greatly appreciated by all.

In order to make it easier to test Beta’s and nightly versions, Westi wrote this great plugin It allows you to use the inbuilt upgrader to upgrade to a beta, to make it easier for you, to be involved with the project you love using.

How to do it right! (Part 0)

And another series is born.

How to do it RIGHT.

My writing skills are severely lacking, And so is my ability to explain things sometimes,  and i’ve not contributed much back into the developing community of recent.. So this has spawned my new idea..

The series will be aimed at explaining how to achieve things in WordPress in a up to date manner, Aimed more at Theme Functions.php and Plugins rather than a Theme perspective.

So, To those few who are currently subscribed, Please comment with any ideas of what you’d like to see me write about, I’ll be starting off with some rather basic postings, but aim to keep the technical level around mid-range, with more advanced topics covered as well.

It is likely that i’ll repeat what is said in a few other blogs, but i hope to write it in a more understandable, and future proof manner, without the ancient hold-overs which I’ve seen over the past year..

My other thought was writing a sample plugin, and using that as the basis for the entire series, or maybe thats a different series, To build a semi-complex system, from the ground up, to solve a problem, and looking at the steps needed to solve it.. Any suggestions for plugins? I have something in mind, specifically, solve those problems some people think “Just can be done with WordPress”.

You’re doing it wrong #2

 

Welcome to part #2, If you missed #1, go check it out.

As i mentioned in the last posting, This time wp125 is featured again, No, Please dont get me wrong, i’m not just targeting certain plugins here, It’s merely the plugins which I use, which i have to modify  and/or cleanup for whatever reason, I’ve chosen WP125 to be used for this project, so here i am cleaning up some code. Also featured in the 2nd part of this posting, is TDO Mini Forms.

Who has ever seen an error message like this one?

Notice: Undefined index: wp125action in G:\www\nrtt\wp\wp-content\plugins\wp125\adminmenus.php on line 9
Notice: Undefined index: wp125action in G:\www\nrtt\wp\wp-content\plugins\wp125\adminmenus.php on line 13
Notice: Undefined index: wp125action in G:\www\nrtt\wp\wp-content\plugins\wp125\adminmenus.php on line 22
Notice: Undefined index: wp125action in G:\www\nrtt\wp\wp-content\plugins\wp125\adminmenus.php on line 26

I’m willing to bet  a lot of people would’ve seen this one time or another, It comes down to a very very VERY lazy developer in my opinion, Simply because its best programming practice to never actually hit this case..

The code which is causing this:

function wp125_write_managemenu() {
…<snip>…
//Handle deactivations
if ($_GET['wp125action'] == “deactivate”) {

Doesnt look too harmful really, now does it? Thats because, By itself, Its not harmful at all other than an annoying message, The harmful part, is where similar code is used, and its merely assumed that certain array items exist, The issue arises that it can make bugs slip by unnoticed..

So, Whats the correct way? Simply check that the Array item exists before comparing it against something else.

The simplest method would be:

if ( isset($_GET['wp125action']) && ($_GET['wp125action'] == "deactivate") {

Or alternatively, If you never want to fire when the array item is empty:

 if ( !empty($_GET['wp125action']) && ($_GET['wp125action'] == "deactivate") {

Now, that wasnt too hard was it? Much cleaner, reduces warnings, and potentially reduces the risk of bugs.

Once again, All changes made are available as a Diff, This diff also includes the changes made in par #1, This has been written as of version 1.3.6.

Now, Onto the second plugin, TDO Mini Forms, This isnt actually a half bad plugin overall,  However, The code can be a bit messy for lack of a better word thanks to the many many many options and defines it uses.

Most of the issues i’ve got with this plugin, boils down to mis-use of constants, for example:

Notice Use of undefined constant TDOMF_OPTION_WIDGET_MAX_HEIGHT - assumed 'TDOMF_OPTION_WIDGET_MAX_HEIGHT' in G:\www\nrtt\wp\wp-content\plugins\tdo-mini-forms\admin\tdomf-options.php on line 604

Upon actually looking through he code, The Define was used in many places, but never actually defined. However, TDOMF_OPTION_WIDGET_MAX_WIDTH, and TDOMF_OPTION_WIDGET_MAX_LENGTH were, But guess what, The latter was never actually used, other than during option creation.. It’s a simple typo really.. But a quick fix never the less.

The main thing that has been bugging me with this plugin however, are these splattered around:

Notice: Use of undefined constant REQUEST_URI - assumed 'REQUEST_URI' in G:\www\nrtt\wp\wp-content\plugins\tdo-mini-forms\admin\tdomf-form-options.php on line 15

It looks like the plugin is expecting some form of register_globals for  the $_SERVER items to be enabled, Well, Do i have news for you… Its not! To many programmers that  may have sounded like the actual problem, But the problem is actually a coding flaw.. (as expected)

if(preg_match('/tdomf_show_form_menu/',$_SERVER[REQUEST_URI])) {

May not see something wrong with that, But, You should. $_SERVER contains an array element called ‘REQUEST_URI’, which is what the author intended to access, But instead, what they have asked for, Is the $_SERVER array element whose name is within the REQUEST_URI definition.. PHP is smart enough to convert that REQUEST_URI into a string, and so the code works as expected, for now.. But it’s still sloppy, Adding 2 apostrophe’s into the mix fixes everything.. Quick and simple really..

if(preg_match(‘/tdomf_show_form_menu/’,$_SERVER['REQUEST_URI'])) {

And the final piece of the puzzle for this posting:

Notice: Trying to get property of non-object in G:\www\nrtt\wp\wp-content\plugins\tdo-mini-forms\admin\tdomf-edit-post-panel.php on line 36

Another common type of warning produced by PHP, Very similar to the first Array item above:

function tdomf_edit_post_panel_admin_head() {
   global $post;
   // don't show on new post/page
   if($post->ID > 0) {

Now, This wouldnt be all that bad really.. If it wasnt for this code:

add_action( 'admin_head', 'tdomf_edit_post_panel_admin_head' );

The end result, much like I explained in Post #1, Is that running code designed for a SINGLE page on EVERY page load, is not a good thing to do, eventually you’ll hit a road bump like this one..

While the most appropriate fix for this, would be to simply only hook the function to run on the post edit page, Due to this plugins insisting to be backwards compatible at one stage or another utilising the latest hook names is not always possible, So merely adding an is_object() call in there can silence and fix everything quickly:

function tdomf_edit_post_panel_admin_head() {
 global $post;
 // don't show on new post/page
 if(is_object($post) && $post->ID > 0) {

I should however note, That this plugin includes compat code for WordPress < 2.5, Whilst, It utilises WordPress 2.8 functionalities now. Plugin Authors: Keep an eye on your obsolete code, it increases complexity, and will eventually end up causing a bug. My methodology is to only support the latest WordPress release.. It’s not worth your time developing for users not upgrading their version of WordPress. Yes, You’re going to have people complain the plugin isnt compatible, but in reality, you’re doing them a favour, If they dont upgrade WordPress, they’ll have other bugs.. Your plugin not working is the least of their worries (Or should be) .

Thats it for now, TDO Mini Forms also contains many MANY uses of undefined variables, eg:

Notice: Undefined variable: edit in G:\www\nrtt\wp\wp-content\plugins\tdo-mini-forms\include\tdomf-form.php on line 387

But the plugin is too large for me to want to go in and fix everything,  what has impacted me the most has been fixed, i’ll leave it as that.

Until next time, The changes made to TDO Mini Forms is available as a Diff, as of version 0.13.5. Apologies for the Diff here,I’m having issues with Line endings, Tortoise SVN isn’t respecting its own setting – You’ll have to patch a local copy and set it to ignore line ending changes..

 

EDIT: Fixed typo’s and lack of English. Sorry, I need a new computer, this T key hardly ever works when i want it to..