Lester Chan's WordPress Plugins
Lester Chan's WordPress Plugins Development Blog
WP-DBManager 2.61 has been released and it fixes a security vulnerability which will allow user to download your wp-config.php. If you do not use the default backup folder path, you are not affected by this.
However, most users are affected and it is recommended that you upgrade WP-DBManager to 2.61.
WP-DBManager 2.62 will be out on Tuesday with added nonce security and auto-repair functionality.
Sorry for any inconvenience caused.
Download: WP-DBManager 2.61
(113 votes, average: 3.85 out of 5)I have created a new plugin, WP-ShowHide. It is a simple plugin (83 lines of codes including comments) with no configuration screen needed.
This new plugin came about when Hisham tweeted me about whether there is a “Show/Hide Press Release” WordPress plugin like what Engadget does when posting a Press Release.
I can’t seem to find it and decided to code one myself using WordPress ShortCode API. I made the plugin more generic rather than focusing on Press Releases, so you can have multiple Show/Hide content within a post.
I tested it on WordPress 3.1.1 but technically it should work with any version higher than WordPress 2.5 because ShortCode was introduced in WordPress 2.5.
WP-ShowHide Description
Allows you to embed content within your blog post via WordPress ShortCode API and toggling the visibility of the cotent via a link. By default the content is hidden and user will have to click on the “Show Content” link to toggle it. Similar to what Engadget is doing for their press releases.
Example usage:
[ showhide type="pressrelease" ]Press Release goes in here.[ /showhide ](Remove the spaces before and after the square brackets [].)
Download: WP-ShowHide 1.00
Documentation: WP-ShowHide
Demostration/Example Usage
Remove the spaces before and after the square brackets [].
Tag: [ showhide ][ /showhide ]
Tag: [ showhide type="links" more_text="Show Links (%s More Words)" less_text="Hide Links (%s More Words)" ][ /showhide ]
Tag: [ showhide type="visibility" hidden="no" more_text="Show Visibility Content (%s More Words)" less_text="Hide Visibility Content (%s More Words)" ][ /showhide ]
(77 votes, average: 4.14 out of 5)WP-PostViews 1.60 is released which fixes form submit issues on WPMU installation, and now there is a “Views” column on the Edit Posts page. Of course similar to WP-Polls and WP-PostRatings, I have updated readme.txt to be a proper readme now.
Download: WP-PostViews 1.60
(211 votes, average: 3.90 out of 5)I have released WP-PostRatings 1.61 which fixes a code injection via “HTTP Referrer” and affects users who are on WP-PostRatings 1.50 only. This is the same code injection fixed for WP-Polls few days back.
I have checked the rest of my plugins to ensure that the code is not in anymore of my plugins. Sorry for any inconvenienced cased.
Similar to WP-Polls, I also took this chance to port the readme.html to the proper readme.txt which WordPress.org is using and now you can see all the details of WP-PostRatings right from the plugins page itself regardless if it is from your WP-Admin or WordPress.org.
All users should upgrade now
Props to Dion Hulse aka dd32 for the report!
Download: WP-PostRatings 1.61
(260 votes, average: 4.00 out of 5)I have released WP-Polls 2.61 which fixes a code injection via “HTTP Referrer” and affects users who are on WP-Polls 2.60 only.
I also took this chance to port the readme.html to the proper readme.txt which WordPress.org is using and now you can see all the details of WP-Polls right from the plugins page itself regardless if it is from your WP-Admin or WordPress.org.
All users should upgrade now
Vulnerability discovered by + Props to:
Dweeks, Leon Juranic and Chad Lavoie of the Swiftwill Security Team (www.swiftwill.com)
Download: WP-Polls 2.61
(97 votes, average: 3.93 out of 5)