Kaizeku Ban

The upcoming WordPress 2.6 introduces new user defined constant for specific critical system directory settings. This new improvement may seem like a small “change” but on plugin developer context it can be an impending disaster.

The upcoming WordPress 2.6 introduces new user defined constant for specific critical system directory settings. This new improvement may seem like a small “change” but on plugin developer context it can be an impending disaster.

wp-config & wp-load files

Most plugin depend on “absolute path” to wordpress system file (wp-config.php). So the problem is there.

Lester-chan (GaMerZ) has this to say regarding the new WordPress 2.6 constant change.

The constant only get loaded when you load WP. Plugins will have problem finding wp-config.php or wp-blog-header.php from the plugin file.

might be broken in WP 2.6

require_once('../../../wp-config.php');

Long story, short

Below is my workaround for quick plugin activation setup. Its not the best solution as it involved the dirty “write-permission”, it need improvement. If you intent to uses it, there is few preliminary step to be set first:- ↓

Read the rest of this entry

wordpress goro spam injection patch

Since early 2007 I been monitoring this famous WordPress spam injection that only target high PR wordpress blogs like Al gore, blake ross, bluehost CEO to name a few.

PHP create_function()

The new variant from wordpress.net.in & qwetro.com used the “anonymous PHP create_function” to append their spam links on their victim blog. Below is quick patch to disabled the mischievous “create_function” injection on wp_head.

The below code will look for “�lambda_n” function inside wp_head wp_filters array and remove the action hook silently. I assume that any sane developer will never used this unstable PHP function.

/**
 * Remove create_function action hook
 * append on wordpress wp_head filters
 *
 * @author Avice De'véreux <ck@kaizeku.com>
 * @copyright Copyright (c) 2006 Avice De'véreux
 * @version 1.0
 * @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public License
 * @link http://blog.kaizeku.com/wordpress/goro-spam-injection-wp-head-patch/
 */
function remove_create_function_action()
{ global $wp_filter;

	$action_ref	= 'wp_head';
	$filter 	= $wp_filter[$action_ref];
	$_lambda	= array();

	foreach(range(1,10) as $priority){

		if (isset($filter[$priority]))
		{
			foreach($filter[$priority] as $registered_filter ){

				$callback = (string) $registered_filter['function'];

				if ( preg_match("/lambda/", $callback) ) {
		 	 		$_lambda[$priority][] = $callback;
				}
			}

		}
	}

	if ( count($_lambda) >= 0 ){

		foreach($_lambda as $priority => $callback) {
			if ( has_filter($action_ref,$callback) ){
				remove_filter($action_ref, $callback, $priority, 1);
			}
		}
	}
}

add_action('init','remove_create_function_action');

Read the rest of this entry

Wordpress Designer theme guide on implementing plugins for public release.

A good theme designer should avoid the need to relies on third party plugins.

Is plugin deactivated

Unfortunately, some WordPress theme out there has a “major pending headache” for plugin dependencies breakdown sydrome. Because of this un-friendly trends there is bound shit to happen when the specific plugin is not maintain properly or on certain case of a sudden WordPress upgrade render the plugin useless (this happen a lot when previous WP 2.3 release).

To make it worse some ignorant-end-user decide “not to” upgrade their WordPress blog because their favorites theme’s has this specific plugins that will only work with previous vulnerability WordPress version & thus the never ending quotes war begin.

Read the rest of this entry

Track what you use, share it with others.

This is shortcode plugin (WP 2.5.x) for showing your Wakoopa most used software (via JSONP). demo.

Download

• WP Wakoopa Shortcode 1.0 121 hits
• Alternative download at wp-wakoopa.googlecode

Installation

1. Download, extract & upload the zip file content to WordPress Plugins directory /wp-content/plugins/.
2. Go to your WordPress Admin Dashboard → Plugins menu.
3. Activate “WP Wakoopa Shortcode”

Read the rest of this entry

Chopper is my new plot device cum place holder for padding

This are the third release for this year. I like the new color scheme. Its much lighter, less gray & no “birdy”. The birdy kind of hurts my eyes (some people thinks it a mayflies).

So I happily replaced the base64 stalker birdy with Tonī Tonī Choppā トニートニー・チョッパー (from One Piece series).

Chopper is my new plot device cum place holder for padding. You can see him in action somewhere between the main journal and “about me” block.

Read the rest of this entry

Wp-iStalker Cross browser CSS & Scripts Guide.

If you are frustrated that certain WPI version (i.e., public & beta) doesn’t support MSIE. I intentionally did that (just) to annoyed Microhoo and the rest of MSIE users (that is 70% of internet population).

Cross Browser Autoload

Before you stalked me, WPI WordPress theme has a build in function for auto-loading cross browser stylesheet and script files. This function is available since our first release.

How to load Browser specific CSS & Scripts?

We asume you are using the crappy broken MSIE 6 browser running on Windows XP.
When WPI theme load it will look for specific stylesheet & script files like below list.

• stylesheet → /themes/wp-istalker/css/ ↓
  1. ie.css
  2. ie-6.css
  3. winxp.css
• javascript → /themes/wp-istalker/scripts/ ↓
  1. ie.js
  2. ie-6.js
  3. winxp.js

If any of the files exists, It will queue the specific files and append it to the master file then proceed with minified → crunch → combine → gzip or deflate (if the ua allowed it) and send it to the browser as a single file. Walla
Read the rest of this entry