BB-Cumulus takes your forum tags for a spin

bbpress logoWP-Cumulus has been ported to quite a few other platforms. I keep bumping into it, often on sites not running WordPress. I’ve given up trying to post about all of these spin-off projects, but this one feels a little special. Gautam Gupta has created a bbPress version. As far as I’m aware this is the first port to another Automattic project (I’m still waiting for a wordpress.com ‘port’, come on Matt ;) ).

So, if you want your forum tags to fly like your blog tags, head over to http://bbpress.org/plugins/topic/bb-cumulus/ for the download.

Help me test WP-Cumulus unicode support

The one feature I’ve always wanted to add to WP-Cumulus is true unicode support. Flash player 9 made this impossible because it needed to have the font characters embedded into the movie, and unicode fonts are simply too big for that. But with Flash 10, Adobe has introduced new ways of handling text, and those now allow for non-embedded text to be animated quite smoothly. There’s also no longer any need to specify an exact font name, you can simply tell the player to get a sans-serif font. Flash player 10 is on over 93% of computers now, so it starts to make sense to use it to finally add this long-awaited feature to WP-Cumulus.
More Help me test WP-Cumulus unicode support

WP-Cumulus updated to address yet another security issue

danger signA few weeks ago I rushed out an update to fix a potentially dangerous Cross-Site Scripting (XSS) vulnerability in WP-Cumulus. With the PHP part of the plugin shielded from ‘outside use’, I was hoping no more issues would pop up. Still, I’m glad MustLive alerted me to another issue that uses the Flash movie itself. The exploit worked by calling the SWF file directly, and supplying link with javascript. I’m not quite sure how dangerous this is, but I’ve modified the movie so it only executes regular links.

Please update your copy of WP-Cumulus to 1.23 asap. For most users it should only take two clicks.

The should not affect how WP-Cumulus works on WordPress blogs. But there have been a number of ports and other projects that use the Flash movie. I urge the authors of those projects to examine the new Flash movie, and see if it still works in/with their product. The exploit is not unique to WordPress, and they may need to modify the security check to fit their project.

WP-Cumulus is now a team effort

team effort tshirtOver the last few months, I’ve not been able to dedicate as much time to the WP-Cumulus project as I’d hoped to. Freelance work has been keeping me pretty busy, and I’ve had to deal with acute issues rather than be able to focus on new features. That’s why I decided to look for help. Just around that time, Luke Morton launched a spin-off version of the plugin that implemented something I’d been meaning to work on too. I contacted Luke and I’m very happy he’s agreed to help develop WP-Cumulus from now on.

Some of the things we’ll be working on are pretty major. We’ll finally move to SWFObject 2.x, look into internationalization (both for the plugin and the Flash movie) and make improvements to the admin screen. We hope to be able to release a true 2.0 version sometime this year.

WP-Cumulus 1.22 fixes a security hole, please upgrade!

danger signYesterday, Thomas Scholz alerted me to a security weakness in WP-Cumulus. He noticed XSS hacking attempts targeted at wp-cumulus.php that could, in rare cases allow malicious code to be executed. This issue has been fixed in version 1.22, and I strongly recommend you upgrade straight away. It’s better to be safe than sorry, and the attack has already been seen ‘in the wild’.

WP-Cumulus can be downloaded here, but chances are your blog will notify you of the new version and allow you to upgrade automatically.

Tagnetic Poetry 1.0 adds shortcode support

Tagnetic Poetry has been discontinued.

I guess it was about time I updated my Tagnetic Poetry plugin. WP-Cumulus’ lesser known brother now has shortcode support, as well as several other improvements. It’s not as mature as Cumulus, but it’s definitely stable enough to deserve a 1.0 version number.

The Flash movie now has support for the ‘xmlpath’ flashvar that WP-Cumulus has supported for a while now. This affects you only if you’re attempting to use it outside of the context of WordPress, but is very handy if you do. Putting more than one instance of the plugin on a page should also no longer cause issues, and several other little issues were fixed.
More Tagnetic Poetry 1.0 adds shortcode support

WP-Cumulus ported to MediaWiki and ReloadCMS

Wikipedia logoIt’s getting hard to keep track of all the projects that are based on my little WordPress plugin. The most recent two are ports to MediaWiki and ReloadCMS. The latter is documented (in Russian) on opensoft.110mb.com and maintained by Victor Nabatov. My Russian is pretty poor, but I can see Cumulus tumbling about on the sidebar, so I guess it works :)

The MediaWiki port is listed as being beta, but the demonstration works beautifully. If I understand correctly it displays the categories on your wiki using ‘my’ Flash movie. Now if only they’d install it on Wikipedia… that would be so cool ;).

Cumulus as a Flex component

WP-Cumulus flex componentA while ago I was asked to do a Flex version of WP-Cumulus. Because I don’t know the first thing about Flex, I failed miserably :). But the fun thing about open source software is that anyone with the right skills can pick things up and create the version they need. Carlos Carvalha did just that and did a Flex version for use with Drupal. If Flex is your thing, you can download the files from Carlos’ page. Because this is a ‘modified version’ of my WordPress plugin, it is automatically licensed under GPL, and is thus free for you to use.

Carlos’ blog is pretty interesting btw. Definitely the first blog theme I’ve seen that’s built entirely in Flash.

Finally, a new WP-Cumulus update

It’s been a while since I released the last version of WP-Cumulus. I’ve been very busy with client work, but there were a few important little fixes and features I wanted to release. The most requested of those probably is that the Flash movie now supports the ‘target’ attribute. I’ve also made the XML path (from which the XML file is loaded) configurable. Both these features are of use only to people not using WordPress, but they were requested so frequently that I decided to add them in.
More Finally, a new WP-Cumulus update

Template Tag Shortcodes plugin adds lots of flexbility to WordPress

Justin Tadlock just released a brilliant WordPress plugin that lets you call template tags (the stuff theme developers use to display things) inside posts and pages as shortcodes. This allows you to do things like displaying your blogroll on a page instead of the sidebar. Or add a list of authors inside that post you just wrote to thank them. By installing this plugin you get 40 new shortcodes that should keep you occupied for a long time :).