echo "hey, it works" > /dev/null

You should never ever modify core files in WP. If you find you have to, file a ticket for a new hook or filter so your modifications can be a plugin — it makes things so much easier.

• Photo Matt » SecurityFocus SQL Injection Bogus

The security report may well be bogus, and Matt gives some reasonable advice for avoiding security issues, but I think this is a bit rich. Never ever. Emphasised. Okay, go and open a ticket, it will all be fine. I'm fairly sure that the WordPress terms of service (no, no, we're talking about the self-installed software, don't go looking at the WordPress.com terms of service) don't say anything about guaranteeing tickets are addressed in X days. Of course they don't, Automattic is not a support company for self-hosted installs unless you want to pay for "enterprise-level support for large-scale users".

As of this writing there are 944 open tickets, dating back to the start of 2005. Many of those are enhancements, some trivial, some critical. What's going to happen to your ticket? If it's a critical security or data loss issue, it may well get addressed immediately, as I'm sure the original SQL injection attack ticket would have been if there'd been more information, and if it actually exists. Those don't come up very often, and it's likely that it will take a while before your ticket gets addressed. Maybe I'm wrong, and requests for hooks or filters do get addressed immediately, but then you either have to be running out of the subversion trunk or wait for an upgrade anyway.

Now, I am absolutely not criticising the fact that there are lots of open tickets. That's the way things happen in open source software, and to a certain extent it shows the software is a success. But it is unreasonable to suggest that just because you've opened a ticket the problem will go away and you'll never have a reason to change core code.

While I moved my own blog to Habari a few months ago, I'd been resisting moving my very small number of clients over on the grounds that WordPress is more stable, there are more plugins, it's more well known. However, I was playing with the lazy-k gallery, bending it to my own needs, and that pushed me over the edge. It wasn't anything to do with lazy-k as such—it's a fine little tool—but it just became increasingly obvious as I wrestled that this would be so much easier in Habari from scratch. I was wrestling with WordPress, and I don't ...

[read more]

Over on wordpress.com,

... everyone’s free upload space has been increased 60x from 50mb to 3,000mb.

• Free Space to Three Gigabytes « WordPress.com
...

[read more]

Owen Winkler has responded to Jacob Santos' post outlining why he wouldn't move to Habari with a point-by-point attempt to change Jacob's mind. Owen was a long-time developer of WordPress and a founding member of the Habari team and so has much experience of both communities. I've only been involved with Habari for a short time, after paddling around the edges of WordPress for a little while, so my perspective is much more as an outsider. Jacob complains about the complex file and directory structure of Habari. I've hacked the core, worked on themes and plugins, from scratch and extending ...

[read more]

Thanks to concise advice from Owen Winkler (aka ringmaster), my test Habari install now has the same URLs as my existing WordPress blog. That means that when I move, all my links will still work. It would have been a pain to redo all my internal links, but those three sites out there in the wild web that link to me are really valuable ... For reference (lines wrapped for clarity): INSERT INTO habari__rewrite_rules (name, parse_regex, build_str, handler, action, priority, is_active, rule_class, description) VALUES ('display_entry', '%(?P<year>\\d{4})/ (?P<mon0>\\d{2})/ (?P<mday0>\\d{2})/ (?P<slug>[^/]+)[/]{0,1}$%i', '{$year}/{$mon0}/{$mday0}/{$slug}', 'UserThemeHandler', 'display_post', '8', '1', '0', ''); [Update: Don't copy ...

[read more]

Now that WordPress comes with tag support, you might have posts that you only want tagged and not categorised. To set that up in the Connections theme, you'll need to set up a category that you don't want displayed (I used 'Uncategorised' and no, I don't live in America, thank you), and edit post.php. If you enabled tags by following my instructions for enabling tags in Connections, you'll have some code like this: Posted by <?php the_author(); ?> under <?php the_category(' '); the_tags(', tagged ', ', ', ''); edit_post_link(' (edit)'); ?> The call to the function the_category()...

[read more]

When moving WordPress from one directory to another on the same server, you need to take into account two things. First, if you have any rewrite rules set up you need to rewrite them for the new location. Second, under Options you need to update the WordPress address (URL) and Blog address (URL) values to the new location.

I previously dismissed PHP's alternative syntax for control structures, but after spending some time working on themes for WordPress and Habari, I've come to realise that it's actually very useful from a readability point of view. The point is that if you have a mix of code and HTML, as themes do, then it can be very difficult to work out what control structure that lone dangling close brace is actually closing. By spelling it out with a endif, endwhile or endforeach the code is made just a little bit clearer. So, for templating, okay, I'll accept it. ...

[read more]

I've just upgraded to WordPress 2.3 and, while the process was pretty painless, for some reason tags weren't working, even after I added tag support to the theme using the_tags() in The Loop. The problem turned out to be that The Loop in the Connections theme uses deprecated function calls. To enable tagging in the Connections theme edit index.php and find the following code. <?php if ($posts) : foreach ($posts as $post) : start_wp(); ?> <div class="post"> <?php require('post.php'); ?> <?php comments_template(); // Get wp-comments.php template ?> </div> <?php endforeach; else: ?> <p><?php _e('Sorry, no posts matched your criteria.'); ...

[read more]

I was excited to learn recently that the Nokia N73 can speak AtomPub, and that a friend of mine owns one. I thought I'd try to make it talk to the new AtomPub implementation in WordPress, but reading through the N73 documentation I found that it only supports WSSE authentication, and WordPress only speaks HTTP Basic Authentication. I'd never heard of WSSE, but Mark Pilgrim has a good write up on XML.com, and the Ape has the ability to speak WSSE, so I thought I'd implement it in WordPress. Bear in mind that I'm not writing this from a ...

[read more]