vBulletin Tagging

I have a role to write articles, someone else has a role to look over it and edit and deem as feasible for reading, but what does the role I have mean?

Meta: Words or phrases marked in italic will be explained in future posts.

You have a role of doing something wherever you are at or at whichever position you are, those roles are pre-defined and involve certain things that you can do and cannot do, some times we do break rules, however with software we usually cannot.

Likewise with WordPress there are some roles that are pre-defined and have certain capabilities that you…

You may have already heard that sites running out-of-date versions of WordPress have been under attack (Lorelle, Weblog Tools Collection, WordPress Dev Blog). Of course, sites running the latest version of the software seem to be safe, which once again takes us back to what I said over a year ago: Upgrade or else! I haven’t seen complete details yet about how this new worm works, but reports say that part of the hack is to create a new Administrator level account, and then try to hide the existence of that account (via javascript) when you view your list of…

Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!

Update your WordPress blog before you continue reading this post. That’s how critical this issue is.

Things You Need to Know Now

Here is what you need to know right now, constantly updated with news as we get it.

UPDATE NOW! Reports are that this attack impacts ALL versions of WordPress up to 2.8.3 and 2.8.4, the most recent release.
Report from WordPress…

We are pleased to announce Invision Power Board 3.0.3 has been released.

This is a maintenance release for IP.Board 3 and addresses various bugs and adds in some enhancements to existing features. Also, IP.Blog, IP.Gallery, and IP.Downloads have received a maintenance update.

Major Changes Since 3.0.2

Among many dozens of smaller bugs fixed, the following large changes and fixes have been made in the 3.0.3 release:

New option for dealing with members marked as spam: Unapprove posts, clear profile data and ban user
Ability to mark members as spammers from the Manage Validating Queue in the ACP
Added ability to edit status and about…

Stats – Stats – Stats.  They can drive everything for your WordPress site.  They can help you understand how visitors move around your site; how they got there in the first place; what are the most popular posts they are visiting; what browser and OS they are using. The list can go on and on.

I have spent a lot of time over the last few months looking for just the right plug-in to track stats on my WindowsObserver.com website and I think I may have hit the mother lode with my most recent discovery.

CyStats is written by Michael Weingaertner and…

Hi,the last ~2 hours phpbb.com showed an error message about too many connections made to the database. We apologise for this downtime, it was caused by locked threads from another sites database hosted on the same database server as phpbb.com.Thanks,Meik.

There’s a new WordPress cache plugin in town, and it’s called W3 Total Cache. This plugin is one of the contestants in the 2009 Weblog Tools Collection Plugin Competition.

The W3 Total Cache plugin (W3TC for short) is an advanced cache plugin, and you can only have one of those on your site at once. So if you’re currently using WP Super Cache, you’ll have to disable that first before enabling W3TC. [side note: I tried to find a good link for information about the advanced-cache functionality, but I came up empty. we need a Codex page for that]

If you’ve used…

We are happy to announce our latest stable release Phorum-5.2.13.

It is a bug fix release over 5.2.12 fixing some issues found, adds some hooks and events to the event logging module.

Some deep change involves the html module:

The bundled HTML module has been deprecated and removed from the distribution. We have done this, because that module was, by nature, very susceptible to cross site scripting (XSS) attack issues. We have been patching that module over time to get rid of reported XSS issues, but recently one was discovered for which we did not see a reliable way to…

I’ve managed to scrape up some defines/constants for use in vBulletin’s config file (config.php)

This forces all userinfo queries to include avatar information.
define(’AVATAR_ON_NAVBAR’, 1);

This bypasses the file checks, e.g that install.php one you get after installation. This is potential security risk, shouldn’t be enabled in production.
define(’BYPASS_FILE_CHECK’, 1);

This defines whether vBulletin is in demo mode or not.
define(’DEMO_MODE’, 1);

Our famous saviour for when modifications go bad…. thank you hooks
define(’DISABLE_HOOKS’, 1);

This forces all the hooks to be used, however, the above overrides this.
define(’FORCE_HOOKS’, 1);

This disables mail being sent out from your server.
define(’DISABLE_MAIL’, 1);

Sends pasword as raw…

New Plugins

WP Less

LESS adds variables, mixins, inheritance and a lot of usefull functions to speed up, organize and improve CSS productivity. It detects all LESS stylesheets and compile them on the fly, considering cache and last modified time of the *.less files.

PictoBrowser

It can show Picasa and Flickr galleries with the help of PictoBrowser in WordPress.

Merge Tags

A simple plugin that lets you combine tags (and other post terms).

UnAsked

The plugin allows your users to ask / answer questions on your site.

Updated Plugins

GD Press Tools

GD Press Tools is a collection of various administration, seo, maintenance and security related tools. This tools…

If you are a WordPress developer or designer or have been messing around in the world of WordPress for any period of time, you have by no doubt heard of WordPress hooks. Hooks are a set of custom written functions that can be added to existing functions in the WordPress core to increase, improve or remove functionality. WordPress plugins make extensive use of hooks to latch onto various portions of the WordPress themes or to the admin interface in order to provide the additional functionality or to perform certain actions in certain parts of the code. If you are looking…

vBulletin.com Blog Entry: Widget Programming
Author: Edwin Brown
Published: 14th August 2009 05:01 AM

<div>Widget Programming

Introduction
This is intended for reasonably experienced PHP programmers with some experience in vBulletin programming. You should have at least a basic understand of the vB templating system and phrasing. If you don’t, I strongly recommend you do some homework before trying to program a widget. I will use as an example the static html widget.

It’s very early to be writing this, I know. I can’t say exactly when alpha testing will start on the CMS system, which will be part of the suite. Soon, but…

vBulletin.com Blog Entry: Widget Programming
Author: Edwin Brown
Published: 14th August 2009 05:01 AM

<div>Widget Programming

Introduction
This is intended for reasonably experienced PHP programmers with some experience in vBulletin programming. You should have at least a basic understand of the vB templating system and phrasing. If you don’t, I strongly recommend you do some homework before trying to program a widget. I will use as an example the static html widget.

It’s very early to be writing this, I know. I can’t say exactly when alpha testing will start on the CMS system, which will be part of the suite. Soon, but…

If you don’t know by now, WordPress 2.8.4 has hit the public and it addresses a mild but hugely annoying issue. There was no advanced warning regarding the vulnerability but it was quickly patched in the core of WordPress for the next release. Unfortunately, word quickly spread and in fact, even my site WPTavern.com was affected by the problem as I received an email letting me know what my new password was even though I didn’t request one. Here are the details regarding the annoyance:

a specially crafted URL could be requested that would allow an attacker to bypass a security…

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available…