This weeks guest was Andy Peatling of the BuddyPress.org Project. BuddyPress is a social networking plugin for WordPress which ads many of the features found on sites like Facebook to WordPress blogs in as few as 10 minutes. We discussed how BuddyPress came about, some of the ways its used, some tips on getting started, customizing it and most importantly the features it provides. In news, there were a few nice plugin releases/updates and as always quick update on the WordCamp schedule.

• PuSHPress: A PubSubHubbub Plugin For WordPress
• MySQL Profiler Plugin for WordPress
• WordCamp Schedule

The interview I did with Matt Mullenweg at WordCamp UK in Cardiff last year has finally made it on to WordPress.tv

In it,  Gurbir Singh of astrotalkuk interviews Matt and I.  We discuss the history of WordPress,  the open source philosophy behind it,  a little about our backgrounds, fame, and… astronomy.

Go watch the interview, it’s pretty cool.

Liane’s birthday dinner at the SLS Hotel in Los Angeles and a bar (name?) afterward.

After a good while (I can’t search my Twitter stream) on Chrome I’m switching back to Firefox as my primary browser, and actually uninstalled Chrome. Why? I was getting the “Oh snap” failure page all the time, even on Google’s own Youtube! The only support I was pointed to was this page, and when I followed the instructions there when I restarted Chrome everything was gone. The sentence “copy the relevant files from the “Backup User Data” folder to your new “User Data” folder.” is useless when you consider the folder has 50+ files to sort through and I wasn’t sure which one was causing my previous problems. So back to Firefox, and thanks to Xmarks all of my stuff is there. I’m also using this persona which is pretty sweet. The feature I missed most on Chrome was lame: the ability to click and hold a folder then release on a bookmark I wanted to open. On Chrome you have to click twice. It bugged me. Now back on Firefox I feel like the browser has a large head.

Toni Schneider, the CEO of Automattic, writes 5 reasons why your company should be distributed.

Comments form a very integral part of any blog to generate communication and spark discussions. As a WordPress blog user, managing comments and replying to them is very easy, however, what if you can manage and reply to comments from your desktop?

WP Comments Notifier is a open source application written in QT/C++ for Linux and Windows, which will allow you to manage new comments and reply to them from your desktop. In addition to that, it will also allow you to edit, spam or delete the comments.

This app will also display comments summary when you hover over the system tray icon and alert you whenever a new comment is posted to your blog. The app also works for WPMU blogs.

You can download the installer for Windows by visiting the app homepage and also find instructions on how to build the app from source on Linux machines.

Download WP Comments Notifier

The Turquoise Theme is a simple free WordPress Theme 980px wide with 3 Sidebars and an Option Page to populate the Footer. One Sidebar is on the right side optimized for Adsense 250px Ads. Two Sidebars are on top of the postings and below the Posting. Good for 468px Ads.

Smell the fresh cut grass and feel the butterflies flutter past your face… It’s summer year round with this eye-catching fixed width two-column design.

Two column, brown theme. Choose background colors, sidebar placement, and an optional adsense ready sidebar.

Share your music and videos, connect with fans, and let everyone know about your upcoming gigs with one of these music WordPress themes. Whether you’re a musician, DJ, or producer, one thing’s for sure — these widget-ready and Gravatar-enabled themes rock.

Okay, so in my post about Code Spelunking I mentioned about how working on a project can lead you to explore the code because you need to become more familiar with how the code works. But it can also lead you to explore the code to figure out why code doesn’t work. In this particular case, I spent many hours puzzling over why something didn’t work correctly, chasing down the root cause, and eventually finding a bug in the WordPress core. I documented the bug in Ticket #12394, provided a patch, and it was committed to core in Changeset [13561], which will be part of WordPress 3.0.

And how did I find this little buglet? As usual, it’s because I was doing something a little off the beaten track. I was working on some code which imports XML data into WordPress, on a scheduled basis (hourly, daily, weekly, etc). During testing, sometimes the images in the imported content would come through fine, and other times, they would be missing the src attribute, without which, there really isn’t an image, is there? So you’d view the post and there would be this big 300-pixel square hole with just the alt text where the image should have been.

At first, I didn’t know why it worked only some of the time. Then I saw the pattern that when I ran the code “manually” via a “Run now” button in my options screen, the images worked. But when the code ran via WP-Cron, they didn’t. At first, I thought it was a timing issue, and that maybe when the cron action hooks fired, maybe there was some piece of WordPress functionality that wasn’t loaded yet. But shunting my execution hook to run at a later point didn’t fix anything.

Next, I decided that one key difference when running manually versus running from cron was me — I was logged in as an admin. And, in fact, after some debugging, I determined that there was no user context at all when running from cron. When I modified the code to run as myself, the image tags came through cleanly. Well, I didn’t want to hard-code the program to always run as me, so I added a user selector to the options so that the owner of the posts could be set.

But then when I started testing again, with users of various roles, the problem cropped up again. In particular, it worked great for a user with the Editor role, but not for the Author role. Digging a little deeper into the differences between the two roles, the thing that jumped out at me is that Editors (and Admins) have the “unfiltered_html” capability.

You see, normally, when you write a post, it is sent through a series of filters which take your free-form writing, and turn it into cleaner HTML. One of these filters is called ‘kses‘ (which stands for ‘kses strips evil scripts’). This filter is especially important on multi-author blogs where you might not be able to give 100% trust to the other authors. Otherwise, one of them would be able to (for instance) put javascript in a post which would steal the cookie information from another user who reads the post. So it is the job of kses to ensure that only “safe” HTML is kept. This would also keep you from embedding things like YouTube videos, Java applets, and other fun useful things. So users with the unfiltered_html capability set in their profiles are able to post without this filtering.

This certainly seemed like a likely culprit, except for one thing: even when post content is filtered through kses, the HTML img tag is not filtered out. And neither is the src attribute on an image. That is specifically supposed to be allowed. An image is a perfectly normal thing to have in a post. So why, oh why, was my src attribute being stripped?

I started looking very closely at the kses library. It’s a rather hairy bit of code, full of complex regular expressions and state-machine logic. But when reverse-engineering how the attribute-cleaning bits work, I noticed something in one of the regular expressions: it was hardcoded to expect a space between the end of an attribute and the closing of a tag. In other words, it expected an image tag to look something like this:

<img width='400' height='300' src='people.jpg' />

But, since my data was coming from an XML source, there was no extraneous space. My image tags looked like this:

<img width='400' height='300' src='people.jpg'/>

Notice the subtle difference? There is no space between the final single-quote around 'people.jpg' and the /> which closes the tag. And because of the way the match was being done, kses was throwing away any attribute that abutted the tag-close in that fashion.

The next question was: was this (technically) a bug, or was kses just being strict about some rules of formatting? A quick search turned up the Empty Elements section of the XHTML spec, which covers the syntax for empty tags like img, br, and hr. The examples given there do not include a space before the end of the elements. Furthermore, this section points to the HTML Compatibility Guidelines, which show that adding a space is for compatibility with older HTML browsers. So, since the XHTML spec does not require the space, and WordPress is supposed to render XHTML code, the behavior in kses was definitely a bug, and not just bad manners. I quickly worked up a patch, submitted it on Trac, and brought it to the attention of the core team.

Fortunately, the WordPress system of filters allows you to alter just about anything on the fly, so I was able to “trick” the system into thinking that the posting user selected in my plugin had the unfiltered_html capability, even when they really didn’t. This allowed me to work around the bug while my plugin is running.

This bug was pretty minor in the grand scheme of things. Probably not many people had ever run into it. But after hours of puzzling over those broken image tags, it felt darned good to find it, and — more importantly — squash it. And after the release of WordPress 3.0, nobody will have to scratch their heads over it again. Yay me!

Related posts:

1. WordPress Code Spelunking
2. WordPress Webhooks Plugin
3. Easy Gravatars 1.2

For the past 8 months I have been receiving requests to update the Notify Unconfirmed Subscribers plugin, since it stopped working for users. Frankly, I never really found the time to do it, but as the requests piled up, I decided to set some time aside and update the plugin.

So if you have been having problems with NUS, update to the latest version (1.3.0) and the issues should be solved. Do let me know if you have any problems with the latest update.

A few notes:

• Support for Old FeedBurner accounts has been dropped in v1.3.0, please upgrade your account to a Google account before using NUS.
• NUS will only work on sites with cUrl support.
• Support for additional languages coming in future versions.

Note: I have not used WP_Http as there are problems with fsock and other http methods, it only works for cUrl right now. However, the plugin does contain a file which uses WP_Http which will be used in future versions.

You will get a dashboard notice to update the plugin, if you don’t you can download Notify Unconfirmed Subscribers v1.3.0 from here.

So, day one of WordCamp Ireland draws to a close, there is a dinner tonight but the talks and sessions are over for the day.

I briefly helped John Handelaar during his talk on WordPress MU, but my main talk was on WP Super Cache. Thank you Hanni, Jane and Sheri for recording the talk. Hopefully it’ll be available online next week. In the meantime here’s the OpenOffice slides of my talk.

I must extend a big thank you to Sabrina Dent and Katherine Nolan for organising a great day and to the sponsors who made the weekend possible.

Looking forward to the dinner tonight, and the rest of the conference tomorrow.

Update! I’ve added a few photos from Day 2. I was shattered tired though as I was up until 1.30am chatting with Donnacha!

Update 2! Sabrina has written a thoughtful post about WordCamp Ireland. I for one had a great time there and so did everyone I spoke to. I totally agree with her about child minding facilities. My son Adam had a whale of a time, and is still talking about it. (and for an almost three year old, that’s a very good sign!)

Oh, more photos on Pix.ie!

Related Posts

• No related posts

A day in LA spent looking at Fort Street carpets and vintage furniture around town, and then SOHO House for the Montblanc / Harvey Weinstein pre-Oscars dinner and party. (Stopped taking photos once the actual party started, didn’t want to get kicked out .)

Wordpress External Cron

Allows you to setup a cron to fetch any page on the server

PuSHPress

This plugin adds PubSubHubbub ( PuSH ) support to your WordPress powered site. The main difference between this plugin and others is that it includes the hub features of PuSH, built right in. This means the updates will be sent directly from WordPress to your PuSH subscribers.

Block Bad Queries

Protect WordPress Against Malicious URL Requests

Image Space Media

The ISM plugin optimizes your Wordpress blog for Image Space Media’s in-image advertising technology. With the ISM plugin, Wordpress users can seamlessly integrate Image Space Media’s in-image advertising solution into their website and generate ad revenue.

Easily navigate pages on dashboard

Display a folder tree of your pages that is easy to expand and contract on your Dashboard. Designed for people that use Wordpress as a content management system.

MySQL Profiler

WordPress is extremely flexible. However, flexibility generally brings about the issue of performance. WP MySQL Profiler is a simple plugin that assists in improving performance of themes and plugins.

Easy Review Builder for WordPress

Create attractive star ratings for reviews. Supports multiple rating categories and an optional auto-calculated summary

Dynamic “To Top”

Adds an automatic and dynamic “To Top” button to easily scroll long pages back to the top.

The Harvard Gazette is now on WordPress, with a beautiful magazine-style design. There’s a whole meme/argument going around a few blogs and Twitter saying WordPress isn’t a CMS. Who cares what you call it, look at the amazing sites you can create. (And manage content on.) Who woulda thunk it. I thought WordPress was only good for “just a blog” — what are these Harvard gonzos doing? Fie! I say.

The Harvard Gazette, which is Harvard’s official newspaper, has recently relaunched their site, and is now powered by WordPress:

Highlighting faculty research, administrative staff, students, and events – this is a great example of a complete site that you can build with WordPress. Congrats to the team at Harvard for building such as great site.

It’s also exactly in sync with the feedback we are hearing from the publishing community. Many of you have shared with us your exciting plans to take advantage of the flexibility and power of WordPress to build your next-generation full sites on this platform. It’s going to make for a very exciting next few months !

[ visit Harvard Gazette ]

WordPress.com User Accounts now auto-login to IntenseDebate blogs no matter where they’re hosted, any website in the world. Connect services like Facebook’s and Twitter’s always require at the very least a click or two, and in worst case can be a full login and several bounces to the origin site, which increases the friction of commenting and can actually decrease the number of comments you get. (Oh noes!) This is much smoother, and faster. Previously this was only available if you actually hosted on WP.com, now it’s for any website, anywhere.

WP.com is now Pubsubhubbub-enabled, and the code we used to do that is now available as a plugin as well. It took me 30 seconds to add to this blog using the dashboard “add plugin” functionality and searching for “pushpress.” I love it when we’re able to do these simultaneous releases, it falls in line well with WP.com’s goal of all its useful code being available to everyone, for example the custom CSS release.