Since some WP release, the comment author’s link in comments is broken – it has ‘ external nofollow’ attached straight to the href attribute (which breaks the link).

I assume that the problem is caused by Google Analytics, namely the “track outgoing clicks” feature (as recalled, might be inaccurate feature name). “Track outgoing links” adds some JavaScript code to all outgoing links, and that script has tick characters like this one ‘ which, incidentally, are also used for delimiting the values of comment anchor tags.

To fix:
Read the rest of this entry »

Yesterday I had a look at mod.email.php – the Email module of ExpressionEngine CMS.

It appears that it is very easy to use ExpressionEngine’s contact form (which uses Email module) to send emails to arbitrary addresses – simply put, send spam using someone’s EE.

And here’s why:

• recipients hidden field is passed to the client; it is encrypted, but with access to the mod.email.php code, it is a matter of several minutes to write your own email-encoding function which will produce a completely valid recipients field
• there’s also XID field, which seems to be unique for each page load

Spamming algorithm is clear, so I won’t elaborate. (I could have missed some session variables, though – didn’t check them.)

This information is valid as of ExpressionEngine 1.6.6, but nothing in the change-logs indicates that this mechanism was modified in the newer versions of EE.

Update: I’ve tested, and this vulnerability does exist. The simplest prevention measure is to enable Captcha for Contact Form.

I’ve notified the developers.

Some things to be aware of when enhancing Drupal site with FLV video playing/conversion features.

• Setup wizard for the free JW FLV Media Player (and the JW FLV Media Player itself)
• Flash Video in Drupal 5: A complete multimedia tutorial to the flashvideo module
• actual flashvideo module page on drupal.org

As an update to WordPress anti-spam plugins, I highly recommend Spam Karma 2. For a time, it seems to be the ultimate protection. I turned off all the other anti-spam plugins (including Aksimet), and everything’s just perfect! SK2 gathers up to a thousand spam comments/trackbacks during a single week on this blog, and I never had a complaint from blog visitors on their inability to add a comment (though some did have to fill in captcha to post a comment with links).

And SK2 still works under WP 2.5! (SK 2.3 was released to support WP 2.1)

Kudos to Dave!

It would be a pity if this excellent plugin is abandoned and stops functioning in one of the upcoming WP releases.

Update: SpamKarma is now GPL (at google code).

This post provides several links which would be useful for the beginning Drupal developers, or developers deciding which CMS to use as the base for their next project. Also, strengths of Drupal are highlighted.

Intensively working with Drupal during the past two weeks, I find it to be an excellent tool, and also much more than a YACMS.

Now I think that Drupal is also a framework – providing invisible to developer caching, session handling, access control, theming, localization, and more. The minimal effort required to extend already huge Drupal functionality is to write your own module – and, if done right, your module will immediately benefit from all the bonuses Drupal provides.

But Drupal also really shines as a CMS! You can start with a free design theme, and without any PHP knowledge have your custom portal built within a week – with your own hands, if you desire! (Note: “within a week” is true, but only if you already know what exactly you should be doing; learning time is short, but it’s not within that same week.)

What makes Drupal so powerful? I’d say that beautiful core and numerous modules.

What Drupal has to offer?
Read the rest of this entry »

Is that only me, or WordPress is really leaning towards the Drupal ideology?

Here’s what I mean:

• user levels were changed to user roles – just like in Drupal
• now, instead of categories and just recently introduced tags, the word ‘taxonomy’ is used – which is a Drupal slang
• ‘widgets’ work just like ‘blocks’ in Drupal – even style IDs are assigned the same way, e.g. id=”widget subscribe_to_comments_widget”
• (add here the similarity you found yourself)

I wonder, what will be next. PHPTemplate support, as default theming engine?
Or no-backwards-compatibility policy?
Or, best for WP users, advanced Drupal-like caching and throttling techniques?

drupaldojo.com – at the moment of writing, has 42 video-lessons (screencasts) of developing with Drupal.

Drupal technical introduction
It’s quite old, but as it describes core functionality, it should be still actual.

Please comment if you know of any other good high-quality technical Drupal introductions/descriptions.

ExpressionEngine (EE) by EllisLab (see dislaimer). EE is available both as free and as paid-for: free has somewhat limited functionality, but enough to start the simple news site or blog. ExpressionEngine is suitable both for content-centric and news-centric (blog-like) projects, though in my opinion it’s more geared towards news/blog-like sites.
Read the rest of this entry »

Today I moved my blog and gallery into MySQL5 databases from an elderly MySQL4. Also, both WP and gallery are now updated to the latest versions. Soon I’ll change the WP and G2 themes – for the lighter, less cluttered – and will remove some ads… and will also add some others instead

Update generally went well, except for the message I got on the main page:

Sorry, but you are looking for something that isn’t here.

It was quite easy to figure out that new WP conflicts with an elderly “Sideblog” plugin – so I had to deactivate that one, and will have to update all the active plugins to avoid some other less evident problems… (actually, just completed updating all the plugins… quite a time-eater, that was.)

Also, there will be a slight change to what and how I write. No other details for now – but stay tuned! All the changes with no exceptions are planned for the good of readers, and for the users’ benefits!