Monthly Archives: August 2008

Breadcrumb NavXT 2.2/3.0 Beta 2

Posted by in WordPress > Plugins

Due to some very drastic changes in the API and administrative interface, the next Breadcrumb NavXT version will be tagged 3.0 rather than 2.2. The newly rewritten administrative interface takes advantage of modern WordPress plugin methods. In this version the number of database queries have been reduced significantly. This significantly increases the speed of Breadcrumb NavXT for users of the administrative interface. A sidebar widget is built in to the plugin making it possible to add in a breadcrumb trail without modifying a single PHP file. When using the Tabular NavXT plugin, on the Breadcrumb NavXT admin page, as well as others, after clicking “Save Changes” to submit the form the user is returned to the tab they were on (rather than reload on the general tab).

Breadcrumb NavXT 3.0 is in a feature lock beginning immediately. All features that are not in Beta 2 will be pushed back to 3.1 for introduction. With the new heavily object based plug-in introduction of most features is much simpler than before. Additionally, when directly accessing the class, object oriented programming techniques can be used to easily extend it in a very clean manner. Two weeks will be allowed for translators to make new, up-to-date translations and for bugs to be reported and fixed. That means the release date will be around the 12th of September.

Download Breadcrumb NavXT 3.0 Beta 2.

-John Havlik

[end of transmission, stay tuned]

Breadcrumb NavXT 2.2 Beta 1

Posted by in WordPress > Plugins

After a few months of development, the first beta for Breadcrumb NavXT 2.2 is ready. Take note that not everything is done yet. Even though the administrative interface is updated to take advantage of the new options and such, it will be rewritten before the final version is out. This beta test round is primarily a test of the new core. Most bugs in it have already been worked out, but not all setups have been tested. Note that this may require PHP5, if you are having problems with PHP4, try to upgrade your PHP version first. Please report bugs in the comments section of this post.

Administrative interface wise, changes between Beta 1 and Beta 2 (will probably be out next weekend) are nearly all under the hood. The administrative interface is going to get rewritten so that it is aligned with the new way of doing things in WordPress verses the legacy 2.0 methods currently in use.

Edit: Seems that I made a commit to the wrong place last night, thus Beta 1 is currently broken. (8-29-2008)

Download Breadcrumb NavXT 2.2 Beta 1.

-John Havlik

[end of transmission, stay tuned]

WordPress 2.7 Dashboard Changes

Posted by in WordPress

So while working on the administrative interface for Breadcrumb NavXT 2.2 I did a quick SVN checkout and found this:

The plugins page for WordPress 2.7-hemorrhage

The plugins page for WordPress 2.7-hemorrhage

Kind of a big change again. It does affect the administrative interface for Breadcrumb NavXT. It looks like they fixed it in the SVN version today (8-21-2008). Unfortunately, the administrative interface is causing some problems. Other than that, and globals being silly, things are almost ready for beta testing. Look for something interesting early next week.

-John Havlik

[end of transmission, stay tuned]

Tagged:
Updated:

PHP4 Support Ended

Posted by in Announcements

Starting immediately, PHP4 environments will not be supported for any of my projects. If you are still running PHP4, please upgrade to PHP5. Most web hosts offer concurrent PHP4 and PHP5 support, inquire about upgrading to PHP5.

-John Havlik

[end of transmission, stay tuned]

Klikvp.com Exploite

Posted by in Enemy of the Spammers

Even though things are updated regularly on this blog, an iframe based exploit was discovered today. Unlike the previous iframe attack, which came through a SQL injection, this one involved modified theme files. Unlike the previous googlerank.info iframe attack, this one’s payload does not appear to be malicious, rather it is spammy.

There are a few things that point to some level of sophistication in the injection. First off, the code was injected into the end of the header.php file, only on the active theme. Typically, a script kiddy will not bother figuring out which theme is in use and instead will carpet bomb the place with malicious code. Secondly, the modification date on the file matches the last time the header was uploaded from the testbed. No, the testbed’s code was not compromised. This points to a possible Windows exploit (yes the Weblogs.us server still runs on Windows, unfortunately.) as any changes should have caused the modification date and time to update. Finally, rather than having the iframe hidden via CSS, there is a container div which is hidden instead, making it more difficult to have a general CSS rule to expose the iframe.

< div style="display:none" >< iframe src="http://klikvp.com/css/go.php?sid=1" frameborder="0" height="1" width="1" > < iframe > < div >

That is the offending code. Spaces were added to prevent execution. Klikvp is the same as Klikvip which is a known spammer. The tricky sucker is using a wrapping div now. The good news is that WordPress Exploit Scanner will find this, so keeping it around and periodically scanning is a good thing to do. It doesn’t offer dashboard notifications like Iframe-b-gone does but it scans files and other things that Iframe-b-gone does not.

-John Havlik

[end of transmission, stay tuned]