jemjabella

Wordpress Child Pages Page... or something

OK, back to srs business posts now...

One of my current top secret projects (it's not that exciting, I'm just helping someone convert their site to WordPress) involves creating pages with a list of child pages on 'em. Back in ye olde days I'd have done this manually (which meant every time a child page was added the parent had to be modified) or farted about with SQL queries but Modern Day WordPress seems to have a function for everything and so it's much simpler. So, without further ado...

Create the template:

<?php
/*
Template Name: Sub Page
*/
?>

<?php get_header(); ?>

<div id="content">

	<h2><?php the_title(); ?></h2>

<?php
	$children = wp_list_pages('title_li=&child_of='.$post->ID.'&echo=0');
	if ($children) {
?>
		<ul>
			<?php echo $children; ?>
		</ul>
<?php
	}

	if ($post->post_parent)
		echo '<a href="'. get_permalink($post->post_parent) .'">&laquo; Back to '. get_the_title($post->post_parent) .'</a>';
?>


</div>

<?php get_sidebar(); ?>

<?php get_footer(); ?>

Save it as subpage.php, upload it to your theme directory and then whenever you just want a list of sub (child) pages, select Sub Page from the Template dropdown on the right. Ner nerrr!

Tip: if you wanted a section intro instead of just a list of links, bung <?php if ( have_posts() ) { while ( have_posts() ) { the_post(); ?><?php the_content(); ?><?php } } ?> after the h2 title stuff.

24 Hours with Habari

So here we are, 24 hours after moving nearly 2 weeks worth of work (on and off) and it's still standing. I'm impressed. :) Anyway, given that I know my conversion is generating a lot of talk about Habari and interest amongst you guys I thought I'd collect together some of my initial thoughts. Let's start with the negative, because then we can end on a positive note...

• There is no comment mailing built in. I woke up to a near-empty inbox and spent 5 minutes trying to figure out where the world went to. Turns out, all your comments were hiding in here waiting for me.
• The feed is doing something wonky with some of my older posts. Three old book reviews are sat in there, despite being backdated in the blog.
• The Habari autop() function ends paragraph tags before <code>, treating it like a block-level element. It's an inline element.
• The Spam Checker plugin is not the greatest. I'll either be improving it or rolling my own.

With that said, these are easily outweighed by some of my favourite 'features':

• Theming was incredibly intuitive for me. I think if you know what a PHP include does, you should be able to very easily create your own theme after a quick glance at one of the available themes. (It didn't take long to code up this theme, although admittedly the design is from Scott.)
• The admin panel is FAST. I've had WP Dashboard crash Firefox more times than I care to recall. No such problem here.
• No MySQL connection errors yet. (If you remember, this was one of the problems I had with my first blog system.)
• The reception from the Habari community on twitter, in the comments on my previous entry and in the #habari channel has been fantastic.

Of course, this post wouldn't be complete without a spot of code...

To fix the autop() <code> bug, open /system/classes/format.php and change (line 117ish):

$regex = '/(<\s*(address|code|blockquote|div|h[1-6]|hr|p|pre|ul|ol|dl|table)[^>]*?'.'>.*?<\s*\/\s*\2\s*>)/ism';

to:

$regex = '/(<\s*(address|blockquote|div|h[1-6]|hr|p|pre|ul|ol|dl|table)[^>]*?'.'>.*?<\s*\/\s*\2\s*>)/ism';

(Interestingly, I googled this to see if anyone else had brought it up and noticed a previous version of autop without code, as above.)

I don't expect to have the time to make too many of these Habari posts, but look forward to seeing how the blog holds up.

SQL Injection Flaw in FanUpdate

A security issue has come to light in FanUpdate (2.2.1 specifically but likely affects previous versions). This only affects those who are still running with register_globals turned on (a very bad idea).

The problem — for those interested — lies in show-cat.php relying on an unsanitised $listingid. In an ideal world, show-cat.php should only be called by the script from another page where you define $listingid first. However, because there's nothing stopping direct loading of the file itself, show-cat.php can be accessed (on a server with register_globals on) with a malicious SQL query in the URL.

Quick Fix

Open show-cat.php and change: if (!isset($listingid)) { exit; }

to: if (!isset($listingid) && !is_numeric($listingid)) { exit; }

then change: $query = "SELECT * FROM ".$fu->getOpt('catoptions_table')." WHERE cat_id=$listingid LIMIT 1";

to: $query = "SELECT * FROM ".$fu->getOpt('catoptions_table')." WHERE cat_id=".(int)$listingid." LIMIT 1";

Important note: I am not responsible for any damage incurred by running this fix. I do not have any responsibility over FanUpdate. (Blah blah blah.) I'm only posting this because I know Jenny doesn't maintain the script now.

NinjaLinks Update: Version 1.1

As a distraction from working on my own site, cssbake, and all of the other projects I'm way overdue on, I've done a huuuuge round of bug-fixes on NinjaLinks. Version 1.1 is now available to download.

Overview of fixes

Key: 'M' minor changes - aesthetic or non-essential fix / 'N' normal changes - required bug fix / 'I' important changes - security fix (none this release)

• (M) Fix typo in config.php
• (M) Allow spaces and dashes in category names - manage_categories.php
• (M) Fix order of updates displayed - functions.php
• (M) Add ownername field - addlink.php / manage_links.php / updatelink.php
• (N) Remove strtolower from URLs (affecting UC links) in addlink.php / manage_links.php / updatelink.php
• (N) Turn off errors - functions.php (not necessary once live)
• (N) Undeclared variable error in manage_categories.php
• (N) Allow foreign chars in link names / owner names etc - addlink.php / functions.php / install.php / updatelink.php
• (N) Smoother install process - functions.php / install.php / header.php
• (N) Better install checking (if install file exists etc) - functions.php / header.php
• (N) Better error reporting - functions.php
• (N) Improved spam protection - config.php / functions.php / addlink.php / contact.php
• (N) Option to disallow duplicate links - config.php / addlink.php

Installing a fresh copy

Download the script, set up database, customise config.php and run install.php as normal (as covered on the NinjaLinks page). Delete install.php and update-1-1.1.php. You do not need to run update-1-1.1.php.

Upgrading from version 1

BACK UP YOUR EXISTING FILES AND DATABASE

Download the script, copy over your existing configuration settings into the new config.php (be sure to set the new options where appropriate). Customise your layout (header/footer/stylesheet) or copy over existing data from back-up. Delete install.php from the folder. Upload all of the new files, over-writing the existing ones (or, delete the files and re-upload fresh). Once uploaded, run update-1-1.1.php in your browser (at http://your-website.com/ninjalinks/update-1-1.1.php or whatever your URL is). Once completed, delete update-1-1.1.php.

Any problems with installation or upgrading should be posted in the tutorialtastic section at codegrrl.

Important note: the NinjaLinks install/update now forces UTF-8 character sets in the database to allow foreign characters. If your NinjaLinks database is shared with another script and you aren't sure if that uses UTF-8 or would the affect of setting it would be, be doubly-triply sure to make plenty of back-ups. That said, it's fairly common for scripts (such as the likes of WordPress, etc) to use UTF-8 anyway.

A Real Example of a Bad Web Developer

The long time readers amongst you may remember me reviewing a chap called Ronald Treitner (of designbytreitner.com) in February last year. The guy bases his entire reputation on the fact he validates his pages. However, I made it clear in my review of his website that validated or not, he still sucks epic balls as a designer and developer.

Shortly after my review, as well as fixing some of the newbie errors I pointed out, Mr Ronald Treitner published an article on "HOW TO SPOT BAD WEB SERVICES". He made some vague references to habits that I may or may not have had in an attempt to patch up his clearly damaged ego.

Given that I'm in the process of writing a new review, I went back through some of my old material to try and ensure I was covering new ground. (You guys need new things to learn, right?) Out of curiosity, I checked in on old Treitner, and found that he has in fact updated his article, and is now directly referencing me (under the heading "A Real Example of a Bad Web Developer"):

There is a person in the UK that has their own web site which is centered around blogging, it offers bad opinions on how things should be done only his way. Unlike other web sites that actually offer their services this dumbass only links to other sites, attempts to pick on others, and calls himself "Ultimately better than you." So here I am going to hold him to his own words and assume as far as web developers go he is the best.

He goes on to tell his readers (hahaha) that I'm giving fellow web developers a bad name, listing a zooming issue as the basis for his argument. I've no idea if he's referring to this layout or not as I couldn't replicate the issue (with text zooming both on and off), rendering his key point totally redundant. He continues to back up his "argument" with the fact that I offer no validation links (a totally useless practise that stopped being trendy about 5-6 years ago, and irrelevant as my pages validate 99.9% of the time with no effort whatsoever).

Apparently I'm a 'dumbass' and a 'dope' that offers no work of my own (obviously the links to my other projects are not sufficient, and my Bella~ scripts used by thousands and thousands of webmasters are a figment of our imagination) and, despite my claims to the contrary, my blog script is not my own:

he modeled his blog after an easy to maintain free script he probably got from another developer who offered his script free for others to use

...although I'm sure the likes of Amelie and Mat — who have both seen my code — would be willing to back me up.

Still talking about my blog, he claims:

He uses a very basic script for his blog, one you have to email him your comments and he adds in your comments if he feels like it.

...totally misunderstanding the basic premise of moderation-based blogging systems and their uncanny ability to, uh.. hold comments in moderation until approved? His insinuation that I only add comments "if I feel like it" grossly distorts the truth, which is that I only approve comments from people who use a real e-mail address. This in itself is backed up by the fact that there are many a hate-filled comment on my blog, although I admit it's the entertainment that keeps me publishing them.

He ends his argument referencing my decision last year to remove the contact form from my website, suggesting it's because I don't like people commenting on my site. Quite opposite, in fact, I actively encourage people to review me (although few seem willing to try, for some reason). Unfortunately, I had to remove the contact form due to the huge amount of support requests I was receiving, as a well respected developer and an expert on many subjects. How's that for an egotistical statement, eh? Of course, everyone knows I'm still reachable via e-mail (and my e-mail address couldn't be more obvious).

Of course, I don't need to answer Ronald Treitner's accusations, nor do I fear my reputation is at stake from a two-bit "web designer" with a bitter grudge against me. However, we all know that I cherish every opportunity to put misguided fools in their place, especially when they make the assumption that I am anything but a woman.

Your move, Mr Treitner.