Breadcrumb NavXT 2.2 Beta 1

Posted by in WordPress > Plugins

After a few months of development, the first beta for Breadcrumb NavXT 2.2 is ready. Take note that not everything is done yet. Even though the administrative interface is updated to take advantage of the new options and such, it will be rewritten before the final version is out. This beta test round is primarily a test of the new core. Most bugs in it have already been worked out, but not all setups have been tested. Note that this may require PHP5, if you are having problems with PHP4, try to upgrade your PHP version first. Please report bugs in the comments section of this post.

Administrative interface wise, changes between Beta 1 and Beta 2 (will probably be out next weekend) are nearly all under the hood. The administrative interface is going to get rewritten so that it is aligned with the new way of doing things in WordPress verses the legacy 2.0 methods currently in use.

Edit: Seems that I made a commit to the wrong place last night, thus Beta 1 is currently broken. (8-29-2008)

Download Breadcrumb NavXT 2.2 Beta 1.

-John Havlik

[end of transmission, stay tuned]

WordPress 2.7 Dashboard Changes

Posted by in WordPress

So while working on the administrative interface for Breadcrumb NavXT 2.2 I did a quick SVN checkout and found this:

The plugins page for WordPress 2.7-hemorrhage

The plugins page for WordPress 2.7-hemorrhage

Kind of a big change again. It does affect the administrative interface for Breadcrumb NavXT. It looks like they fixed it in the SVN version today (8-21-2008). Unfortunately, the administrative interface is causing some problems. Other than that, and globals being silly, things are almost ready for beta testing. Look for something interesting early next week.

-John Havlik

[end of transmission, stay tuned]

Tagged:
Updated:

PHP4 Support Ended

Posted by in Announcements

Starting immediately, PHP4 environments will not be supported for any of my projects. If you are still running PHP4, please upgrade to PHP5. Most web hosts offer concurrent PHP4 and PHP5 support, inquire about upgrading to PHP5.

-John Havlik

[end of transmission, stay tuned]

Klikvp.com Exploite

Posted by in Enemy of the Spammers

Even though things are updated regularly on this blog, an iframe based exploit was discovered today. Unlike the previous iframe attack, which came through a SQL injection, this one involved modified theme files. Unlike the previous googlerank.info iframe attack, this one’s payload does not appear to be malicious, rather it is spammy.

There are a few things that point to some level of sophistication in the injection. First off, the code was injected into the end of the header.php file, only on the active theme. Typically, a script kiddy will not bother figuring out which theme is in use and instead will carpet bomb the place with malicious code. Secondly, the modification date on the file matches the last time the header was uploaded from the testbed. No, the testbed’s code was not compromised. This points to a possible Windows exploit (yes the Weblogs.us server still runs on Windows, unfortunately.) as any changes should have caused the modification date and time to update. Finally, rather than having the iframe hidden via CSS, there is a container div which is hidden instead, making it more difficult to have a general CSS rule to expose the iframe.

< div style="display:none" >< iframe src="http://klikvp.com/css/go.php?sid=1" frameborder="0" height="1" width="1" > < iframe > < div >

That is the offending code. Spaces were added to prevent execution. Klikvp is the same as Klikvip which is a known spammer. The tricky sucker is using a wrapping div now. The good news is that WordPress Exploit Scanner will find this, so keeping it around and periodically scanning is a good thing to do. It doesn’t offer dashboard notifications like Iframe-b-gone does but it scans files and other things that Iframe-b-gone does not.

-John Havlik

[end of transmission, stay tuned]

A Major Shift

Posted by in WordPress > Plugins

As stated before Breadcrumb NavXT 2.2 will be vastly different from 2.1, especially API wise. Work is underway on the core, which when stabilized, will allow work on the administrative interface to take place. This is the second major rewriting of the plug-in done in the last year. Previously, the modifications to the core were made to aid in adding features, and enhance modification to it. However, there where some shortcomings which should be overcome by the new more object oriented approach. So far this is the short list of what is changing:

  • Anchor templates – akin to the WordPress’ custom permalink template, this allows more flexibility (i.e. allows users to set the rel element among other things).
  • Streamlining of the options – options depreciated due to the use of anchor templates, ones that now are already set in WordPress (e.g. the static frontpage option), and ones that were depreciated due to structural changes. The current short list of depreciated options include:
    • URL Title Prefix – obsolete due to anchor templates
    • URL Title Suffix – obsolete due to anchor templates
    • Static Front Page – depreciated in 2.1.3 due to ability to automatically determine this thanks to the WordPress setting “Front page displays” under Settings > Reading.
    • Current Item URL Title – obsolete due to anchor templates
    • Archive by Date Format – reassigned, delimits between a hierarchical date archiving (multiple breadcrumbs in the trail), or the old method following the format specified in the WordPress setting “Date Format” under Settings > General.
  • Deeper WordPress integration – not just with the removal of duplicated options, extensive use of filters should alleviate problems with plugins such as Polyglot and qTranslate (Previous support was via “hacks”.).
  • Reorganization of the Administrative interface – Not only are the options streamlined, option names are more obvious, and grouped in a more appropriate manner. The interface is also tabbed into several virtual pages thanks to some JavaScript magic. This considerably shortens the apparent size of the options page.
  • New Classes – A breadcrumb class and a breadcrumb trail class combine to make the plugin as a whole much more flexible. Unfortunately, this means directly accessing the class does change between 2.1 and 2.2 and thus will require attention from users who directly access the class.

Additionally, a WordPress sidebar widget plugin will be shipped with 2.2.0. This will remove the need for some users to ever touch a theme file, as long as their theme supports sidebar widgets. By this weekend the new core on SVN will be usable, as the bugs are worked out the administrative interface will receive the attention it needs. Around August 8th a Beta will be available, for this much change it is of the utmost importance that some serious testing is done before a formal release is made. If you would like to help test, stay tuned for a post announcing the beta, and report back on your experience.

-John Havlik

[end of transmission, stay tuned]