WPMU Security – JS unfiltered in text widgets

Thumbs up to the WPMU team, emailed Donncha about this yesterday and he fixed it in a coupla hours:


If you’re on WordPress MU 1.3.3, you probably want to follow the fix in the link above.

Posted in Wordpress MU | 35 Comments

Rails Gracefully Degrading Javascript link_to for post / non-get methods

This works at least on Rails r8440. Just stick the code somewhere it gets loaded – I put it in vendor/plugins/graceful_link_to/init.rb

# graceful_link_to
# Jason Ling
# http://jason.lah.cc
# This hacks link_to to produce an alternative button_to that shows for users without javascript
# You need to include the prototype libraries and put at the bottom of your pages the following javascript
# javascript_tag "$$('.js_hide').invoke('hide'); $$('.js_show').invoke('show');"
ActionView::Helpers::UrlHelper.class_eval do
  def link_to_with_graceful(name, options = {}, html_options = {})
    return link_to_without_graceful(name, options, html_options) if !html_options[:method] || html_options[:method] == :get
    %Q(<div class="js_hide">#{button_to(name, options, html_options)}</div><span style="display: none;" class="js_show">#{link_to_without_graceful(name, options, html_options)}</span>)
  alias_method_chain :link_to, :graceful
Posted in Rails | 38 Comments

InvalidAuthToken? Forgery protection is incompatible with cached forms

Obviously, since caching forms = caching the auth token as well. Not only forms though, anything that results in a non-get request – AJAX links, delete/post/put links, etc etc.

Posted in Rails | 37 Comments

My entry music…

Shall be the Deftone’s ‘Shove It’!

Wish me luck that I won’t get beat up.

Posted in Uncategorized | 37 Comments

NX and Alt-Tab OMG

NoMachine NX is a fantastic piece of software. Let’s me remote desktop to my servers anytime anywhere and darn quick as well. But one thing that really got to me was the catching (or lack of) of the Alt-Tab keys etc. The client was catching alt-tab on my home computer, but not on my 2 work computers. It was one of those puzzles I was tearing my hair out trying to figure out.

Googling got me no where.

NX has no user forums. Just a scattering of information from loosely related mailing lists littered over the net.

Their website / knowledge base / documentation was of little use as well. Guess they need to earn their support subscriptions.

Then I stumbled across it. Ctrl-Alt-K.

Posted in Linux | 66 Comments

WordPress.com Theme Repository

Want to quickly populate your WPMU site with the themes from wordpress.com?

Here: http://svn.automattic.com/wpcom-themes/

You might need to make some small changes to get it working on your site: I had to create an empty avatar_by_id function and put it in my wp-config.php file.

You might also want to replace all reference to wordpress.com with references to your site.

References: R R

Posted in Themes, Wordpress MU | 56 Comments

Theme Toolkit for WordPress MU

Ozh’s Theme Toolkit allows theme authors to easily incorporate an admin menu in their themes to facilitate user customisation. It does not work too well out of the box with WordPress MU, displaying some undesirable behaviour like the menus persisting to appear despite the user having chosen another theme. This version has been modified to work with WordPress MU and has been tested on the r542 nightly.

Simply replace the existing themetoolkit.php with the one in the archive in all your themes (or use symbolic links if you want).


Posted in Themes, Wordpress MU | 62 Comments

Kubrick’s (WordPress’ default theme) footer alignment error

Sometimes, the footer’s alignment is off by 1px. This is due to a CSS wordaround for non-standard IE compatibility as such:

#footer {
padding: 0 0 0 1px;
margin: 0 auto;
width: 760px;
clear: both;

To fix it, just add below:

#page > #footer {
padding: 0;

This will be ignored by IE until they get their standards in order and hopefully by then there won’t be a need for the first workaround. So it’s pretty future proof.

Posted in Themes, Wordpress | 57 Comments

Jason’s Customciser :: Customise your themes!

I wrote this plugin for my WordPress MU site and am releasing it as GPL with the hope that some might find it useful. It allows your users to customise any theme on your site, changing images and colours in the CSS. It's still pretty raw but I do have plans to make it much prettier in the future.



  • Download and unzip package, copy Jason_Customciser.php into your plugins directory (/wp-inst/wp-content/plugins).


  • Plugins need to be enabled for your site.




  • If you are able to install Pear's HTML_CSS 1.0.0RC2 package, you can look for the line that says //Everything below this line may be deleted if you are able to install PEAR's HTML_CSS and delete everything below it.


Q: If someone customises a theme, will everyone else using the theme be affected?
A: No. Each user’s customisation will affect only his/her own theme. In future versions, we might allow users to ‘share’ their customisations.

Q: How does it work?
A: Briefly: When the plugin is run, it scans through the currently used theme and parses the CSS. It identifies images and colours and stores them as options that the user can change. It then injects these changes back into the theme.

Posted in Wordpress MU plugins | 194 Comments

Widgets as an ‘mu-plugin’ on WordPress MU

The widgets code has been released for public consumption as a WordPress plugin and appears to work out of the box for WordPress MU. However, this would still require a user to ‘activate’ the plugin before use as opposed to on wordpress.com where the plugin is enabled site-wide. This is relatively simple to achieve and involves the following steps:

  1. Copy the widgets directory and everything in it to /wp-inst/wp-content/mu-plugins/.
  2. Download widgets.txt, rename it to widgets.php, and copy it to /wp-inst/wp-content/mu-plugins/ (not in the widgets directory).
Posted in Widgets, Wordpress MU | 101 Comments