Code Injection Follow Up

I have release 2 security updates to WP-Polls and WP-PostRatings which basically removes a malicious code that allows code injection.

The malicious code is as follows:

if ($_SERVER['PHP_SELF'] == @links_add_base_url("/", $_SERVER['HTTP_REFERER']))
return;

The code itself does nothing, but hackers are spoofing the $_SERVER['HTTP_REFERER'] that allows arbitrary code injection and note the @ sign which surpress all errors and hence the error will not be displayed.

I am 100% sure based on the points below that the code was not added by me. I am beginning to believe that my account was hacked.

  • Personally, I have no idea what links_add_base_url() does and hence it is impossible for me to place it in my own plugin code.
  • I checked the commit date for the changeset of WP-PostRatings and the date/time is 11/04/10 22:10:13. Since I am on the GMT+8 zone, it is 6am for me. I do not wake up at 6am just to update my plugin.
  • The above changeset is for trunk. However in my readme.txt, I have state that the stable tag is 1.50 and hence the file is copied to /tags/1.50/ in this changeset, but if you note the time, it is 11/05/10 00:52:39. This is almost 3 hours after the trunk commit and it is almost 9am on my timezone and I will be in my office and my office’s computer does not have SVN copies of my plugin. So it is also not possible for me to commit that file
  • If you notice the same changeset, the file is being copied from trunk to tags/1.50 by SVN copy. I do not do a SVN copy for my plugins, normally I will just copy and paste the files using my Windows Explorer.
  • For WP-Polls, there is only 1 changeset as my stable tag is from trunk and the timestamp is 11/05/10 12:30:07. This is about 12 hours after the changeset of WP-PostRatings. On my timezone it is about 8.30pm and it is not possible for me to check-in because 8pm to 9pm is my dinner time and I always eat out.
  • For WP-WAP, there is almost 2 suspicious commit, here and here. As I do not develop WP-Wap anymore, there is no reason for me to commit something to it

I am going to review all my commits to the SVN to ensure that there are no more suspicious code being added.

1 Star2 Stars3 Stars4 Stars5 Stars (87 votes, average: 3.93 out of 5)

WP-PageNavi Updates

I have to go along with the web trend. My old WP-PageNavi style is outdated and I need to do something about it.

And hence, I modified the style to make it look like Digg (bottom of the page). You also can take a look at the bottom of this page to for an example.

This changes will be in WP-PageNavi 2.11. I have made it in such a way that every aspect of WP-PageNavi is customizable. The text that is displayed can be configured in WP-Admin -> Options -> PageNavi and the style can be configured via CSS in pagenavi-css.css

See the screenshots for more information, WP-PageNavi Screenshots.

1 Star2 Stars3 Stars4 Stars5 Stars (72 votes, average: 3.93 out of 5)

WordPress 3.8 Beta 1

Wow that was quick, WordPress 3.8 Beta 1 has been released and the final release is targeted for Thursday, 12th December 2013!

I am looking forward to the new admin UI!

  • The new admin design, especially the responsive aspect of it. Try it out on different devices and browsers, see how it goes, especially the more complex pages like widgets or seldom-looked-at-places like Press This. Color schemes, which you can change on your profile, have also been spruced up.
  • The dashboard homepage has been refreshed, poke and prod it.
  • Choosing themes under Appearance is completely different, try to break it however possible.
  • There’s a new default theme, Twenty Fourteen.
  • Over 250 issues closed already.

Download: WordPress 3.8 Beta 1

1 Star2 Stars3 Stars4 Stars5 Stars (69 votes, average: 3.93 out of 5)

Counterize II & Fire Stats

I just uninstalled Counterize II and FireStats from this site and I will track the hits via DreamHost Stats panel.

The reason being FireStats is taking too much database space. My whole database (without gzip) is about 35MB and now it is backed to 3.2MB, notice the great difference?

So I went to try out Counterize II hoping that it will be smaller, as it says on the website it has a new database structure which saves on the space, but after installing it, my sql queries went from 41 queries per page to 60+ queries per page.

I ended up not using both.

1 Star2 Stars3 Stars4 Stars5 Stars (29 votes, average: 3.93 out of 5)

All Good Things Must Come To An End

As you all know, I have been doing WordPress plugins and supporting it for the past 6 years. These 6 years of my life, I have been through my polytechnic education, my national service as well as my university education.

I just graduated from university in December 2009 and have been jobless for 2 months. However, things change for the better. I was offered a full-time job and will be starting work this coming Monday on the 1st February 2010.

I regret to say that I am not able to provide support for my plugins anymore due to my full-time job commitment. I will leave my WordPress plugins support forums open and let the community help one another.

However, I will still update my plugins when I can and you still can report bugs to me via email and I will try to fix it.

Thanks to everyone who posted a comment and being supportive. I really appreciate it =)

Thanks to Jeff who donated numerous time to me and posted it in Weblog Tools Collection

1 Star2 Stars3 Stars4 Stars5 Stars (705 votes, average: 3.92 out of 5)