Rob Miller wrote an excellent article on the use of wp_error in WordPress plugins… http://robm.me.uk/2006/06/11/wp_error/ I’d suggest suggest that every WordPress hacker/plugin author, that is not familiar with this realtively unknown bit of wordpress lore, should go and read it! If...
I posted this over on the WP-Hackers list, but maybe I can get some help from my own readers… (Thanks btw It’s nice to see that, after only three short months, I already have a number of regular readers. I hope...
WordPress 2.03 is a critical security release. It eliminates the HTTP Referrer check and replaces it with a nonce system. What is a referrer check? Well, it is an attempt to confirm that an administrative action is being taken by an...
Has anyone else noticed that you can publish posts and not yet have them appear on the website? If you choose “Edit Timestamp” and set the date to a time/date in the future before you hit publish, can you make your...
The 0.2 had some debugging left in it and a verification didn’t work. Thus version 0.3. It can be downloaded in the same place: http://www.thecodecave.com/downloads/plugins/wp-contract-form.zip Changes ————————– 0.3 REQUIRED RELEASE Removed debugging messages When Website was blank, Email was highlighted. When...
Updated to version 0.2 – Please download again. Well, I’ve written my second WordPress Plugin. Well – Not really. This was more of a hack… See Ryan Duff has a plugin that allows a person to dynamically insert contact forms into...
With all of the recent talk about WordPress security and Nonces, I’ve decided to create a plugin that enhances the security. It is meant to both provide an easy way for some users to disable the referer check without giving away...
In June of 2001, Peter Watkins defined the term Cross Site Request Forgery – pronounced Sea Surf. He keeps that discussion here: http://www.tux.org/~peterw/csrf.txt I’d posted a copy of this text localy on my site and now I’ve now found I have...
We’ll see where it goes… http://trac.wordpress.org/ticket/2666 Ticket #2666 WordPress shouldn’t use URI instead of URL just because URI is geeky cool. ——————————————————————————– Priority: normal Reporter: SilverPaladin Severity: minor Assigned to: anonymous Component: General Status: new Version: 2.1 Resolution: Milestone: Keywords: URL...
Well, if you’re visiting my site after my major blunder in the discussion about WP security, please feel free to leave a comment! (No Images Please! 🙂 ) Sigh, yes during a public discussion of Word press security on a public...