WordPress 2.5 Vulnerability Requires WordPress 2.5.1 Upgrade
Posted by Snap! on April 27th, 2008
As you may have noticed, we are missing a few blog posts (nothing significant) and some comments as a result of a recent database issue which is being investigated. Just so you are warned, multi-author WordPress install such as our own site should not be running version 2.5 for the reason we all have come to know as CVE 2008 1930. Upgrading to version 2.5.1 now will save you a lot of hassle, trust me us this.
We believe a recent attack on our site due to that WordPress vulnerability was responsible for the issues we encountered lately. We assure you that we have taken all the steps necessary to rectify it. Although the BBPress powered WP News Forum was linked, we were able to restore all the fields and posts without any loss of data.
Here are some symptoms and diagnosis for the issue:
http://wordpress.org/support/topic/172004
http://wordpress.org/support/topic/168964
We will post a detailed step by step correction process once we confirm the issue was indeed related. Although having a backup of your database from pre-2.5 might help, we feel it can be accomplished without any backup.
Sunny has a post detailing some WordPress 2.5 troubleshooting tips!
Tagged: Tutorials, Web Tools, WordPress, WordPress 2.5, wpSnap News, wpsnap
Share // 2 Feedbacks
Related Posts:
How to Widgetize a Theme in 3 Easy Steps!
Posted by Snap! on August 6th, 2007
We were contacted earlier by Karen, a user of wpSnap who was trying to widgetize a non-widget theme from a couple years ago. The theme in question was from the pre-sidebar widget days and there are many good themes on this site that fall in that category. So rather than providing a fix to each theme individually, we decided to write a short and easy tutorial for one and all.
Here’s what you might need in addition to access to your WP Admin panel, you need to have access to your server via FTP to add a functions.php file to your theme folder if it does not exist. So let’s get started:
1) If you open your sidebar.php file or any other file where your sidebar elements like categories, archives, blogroll or whatever else that people fancy reside, you will notice it is invariably in an unordered list format. Usually it will be as below:
<ul>
<li>
<h3>Categories</h3>
<ul class=”categories”>
<?php wp_list_cats(’sort_column=name&hide_empty=0′); ?>
</ul><h3>Archives</h3>
<ul class=”archives”>
<?php get_archives(’monthly’,”,”,’<li>’,'</li>’,”); ?>
</ul>
</li>
</ul>
Your default sidebar need not necessarily have this very code, it could be anything, it could even be a JavaScript as in the case with the Japanese Cherry Blossom theme that triggered this post. Also, it’s not a must to have h2 as the heading, although that is what the widget sidebar uses. We will fix that in the CSS so let’s not worry about it for now.
2) You need to just add two lines of code to this mark up, one at the top and one at the bottom of the list as shown below:
<ul>
<?php if ( function_exists(’dynamic_sidebar’) && dynamic_sidebar() ) : else : ?>
<li>
<h3>Categories</h3>
<ul class=”categories”>
<?php wp_list_cats(’sort_column=name&hide_empty=0′); ?>
</ul><h3>Archives</h3>
<ul class=”archives”>
<?php get_archives(’monthly’,”,”,’<li>’,'</li>’,”); ?>
</ul>
</li>
<?php endif; ?>
</ul>
3) Open functions.php if you have one in the theme, if not, create a file, call it functions.php and add this line to it:
<?php
if (function_exists(’register_sidebars’)) register_sidebars(1, array(’before_widget’ => ”,’after_widget’ => ”));
?>
Note how I highlighted the 1 in the above code, it indicates the number of widget boxes in the whole theme. Since in the above example, we created only one dynamic sidebar, we will leave it at 1.
One last step that is seldom needed is in cases where h2 is not used in the default unordered list as heading. Say h3 was used as in our example, the easiest hack to address this would be to open style.css and look for styling for h3, copy and paste it right below (or above) the h3 styling and call it h2 instead. For example, say you find the following code for h3 in style.css:
h3{
color: #FFFFFF;
font-size: 1.15em;
font-weight: normal;
}
Copy paste and make it h2 like below:
h2{
color: #FFFFFF;
font-size: 1.15em;
font-weight: normal;
}h3{
color: #FFFFFF;
font-size: 1.15em;
font-weight: normal;
}
That is pretty much it, the theme is now widget ready.
Additional Usage and Styling
Say you need 2 widget bars now, simply follow the same example as above, but when you create widgets, make sure it’s as below:
<?php if ( function_exists(’dynamic_sidebar’) && dynamic_sidebar(1) ) : else : ?>
Unordered list
<?php endif; ?><?php if ( function_exists(’dynamic_sidebar’) && dynamic_sidebar(2) ) : else : ?>
Another unordered list
<?php endif; ?>
then in the functions file, change the 1 to 2 as below:
<?php
if (function_exists(’register_sidebars’)) register_sidebars(2, array(’before_widget’ => ”,’after_widget’ => ”));
?>
You can take it one step further and add a specific styling before and after the widget as shown below (I’ve used <em> as an example where x is the number of widgetized sidebar lists):
<?php
if (function_exists(’register_sidebars’)) register_sidebars(x, array(’before_widget’ => ‘<em>‘,’after_widget’ => ‘</em>‘));
?>
Specific fix for Japanese Cherry Blossom Theme
Karen wanted the 3rd bottom column to be widgetized. We open sidebar.php and find this as the 3rd column/block elements:
<div class=”block”>
<h3>In Other News</h3>
<ul class=”counts”>
<script type=”text/javascript” src=”http://del.icio.us/feeds/js/krisandapril?extended;count=1″></script>
<noscript><a href=”http://del.icio.us/krisandapril”>my del.icio.us</a></noscript>
</div>
Right away I can tell there is an issue, the open unordered list <ul> is not closed with a </ul>, so we add it like below (although this step is unnecessary):
<div class=”block”>
<h3>In Other News</h3>
<ul class=”counts”>
<script type=”text/javascript” src=”http://del.icio.us/feeds/js/krisandapril?extended;count=1″></script>
<noscript><a href=”http://del.icio.us/krisandapril”>my del.icio.us</a></noscript>
</div>
</ul>
Next we gut out the del.icio.us Java, so we end with this:
<div class=”block”>
<h3>In Other News</h3>
<ul class=”counts”></ul>
Then we add the famous dynamic sidebar call like below:
<div class=”block”>
<h3>In Other News</h3>
<ul class=”counts”>
<?php if ( function_exists(’dynamic_sidebar’) && dynamic_sidebar() ) : else : ?><?php endif; ?>
</ul>
and add the following code to the empty functions.php file that came with the theme.
<?php
if (function_exists(’register_sidebars’)) register_sidebars(1, array(’before_widget’ => ”,’after_widget’ => ”));
?>
The style.css for this theme shows that both h2 and h3 are styled alike, so all you will need then is the sidebar widget plugin and you are good to go.
Hope this helps!
Tagged: CMS, Copyrights and Licenses, Dark Helium, Dot Dot Dot, How to widgetize, Keyboard Shortcuts, PimpDaBlog, Tips, Tutorials, Web Design, WordPress Plugins, WordPress Tutorials, WordPress plugins, wpsnap
Share // 7 Feedbacks
Related Posts:
Think Color
Posted by Snap! on August 3rd, 2007
We often find seasoned bloggers using clean templates with little or no color and hardly any imagery. Colors and graphics do make a theme visually appealing, however they do conflict with the content if not used carefully. All themes cannot be plain and generic though, so for those of you who love colors and are constantly looking for inspiration, here are a few resources (which some of you might be familiar with) to jazz up your themes!
COLOUR lovers is a resource that monitors and influences color trends by providing not only color galleries, but a palette of the trendiest colors in the blogosphere based on a variety of genres. It would serve as a good reference guide for web design, architectural specifications, interiors, product design, ad campaigns, magazines, etc. You can also suggest a website of your choice for an add. It’s cool and contemporary, and one of the hottest sites for color resources.
Color Combos offers a variety of irresistible features such as:
Combo Tester: Extracts colors from websites, gives complimentary color options, gives text color options, and you can even try your own template with different header, sidebar, footer color and text options.
Color Library: For color combination ideas
Articles: On colors, color meaning and application.
Daily color scheme (Beta) provides you one inspirational and usable easy color scheme a day. If you do not want to use the colorpicker or the eyedropper tool, this site is for you. As of now, you cannot make a search to get instant color information of a site that is not listed in their archives. The enhanced search feature will definitely make it a steal.
The ColorBurn widget features a new color palette every day with 4 colors, along with its hexadecimal values. Each daily palette has the option to change your background from black to white and back again. Previous palettes are saved for one week.
Color Schemer Studio is a professional color matching application for anyone from hobbyists to advanced professionals. Mix, match, darken, lighten, and add your own color combinations to the gallery.
Tagged: Artistic tools, Bittbox, Colors, Colour lovers, Design Inspiration, Dot Dot Dot, Graphics, Hearts, Keyboard Shortcuts, PimpDaBlog, Plugins, RSS Feeds, Resources, Tips, Tricks, Tutorials, Web Design, WordPress Themes, color burn, color combos, color schemer studio, daily color schemes, wpsnap
Share // 1 Feedback
Related Posts:
