My thoughts on Flash and the iPad

There’s been a lot of controversy over Apple’s decision to ban Flash (and Java for that matter) from the iPhone since the day it was released. Now, with the iPad about to hit retail, there’s been more debate on whether this was a technical decision or not, and whether it’s a severe limitation for the devices, or a blessing. Being both a Flash developer, an iPhone OS user an open source advocate, I thought I’d weigh in on the conversation.

Before I get started though, let me point out that I’m not a fan of Flash. I think it’s a real shame that there’s no open, official standard that lets web designers do the things Flash can. Adobe has the web in an awkward stranglehold right now, and I’d love to see that change. But the reality is that Flash is an integral part of the web today.
More My thoughts on Flash and the iPad

How to show each post’s date in WordPress

clockThe templating system in WordPress is very flexible, and there’s rarely something you can’t do or that doesn’t work as you’d expect. A notable exception however is the_date. Its purpose is simple enough. It displays the current post’s date of creation. But on pages with more than one post (such as on many blog home pages), something weird happens. If a number of posts on any given page were created on the same date, the_date will only show that date for the first of those posts.

In the early days of blogging, posts were usually listed by date, much like a regular, paper diary. In the old default theme that comes with WordPress a big date title is used to separate posts into days. That’s what the_date was created to do, and so it makes sense it only displays the same date once. In most modern themes however, people like the date to be among the meta data for each article, so the_date falls short.
More How to show each post’s date in WordPress

Help me test WP-Cumulus unicode support

The one feature I’ve always wanted to add to WP-Cumulus is true unicode support. Flash player 9 made this impossible because it needed to have the font characters embedded into the movie, and unicode fonts are simply too big for that. But with Flash 10, Adobe has introduced new ways of handling text, and those now allow for non-embedded text to be animated quite smoothly. There’s also no longer any need to specify an exact font name, you can simply tell the player to get a sans-serif font. Flash player 10 is on over 93% of computers now, so it starts to make sense to use it to finally add this long-awaited feature to WP-Cumulus.
More Help me test WP-Cumulus unicode support

WP-Cumulus updated to address yet another security issue

danger signA few weeks ago I rushed out an update to fix a potentially dangerous Cross-Site Scripting (XSS) vulnerability in WP-Cumulus. With the PHP part of the plugin shielded from ‘outside use’, I was hoping no more issues would pop up. Still, I’m glad MustLive alerted me to another issue that uses the Flash movie itself. The exploit worked by calling the SWF file directly, and supplying link with javascript. I’m not quite sure how dangerous this is, but I’ve modified the movie so it only executes regular links.

Please update your copy of WP-Cumulus to 1.23 asap. For most users it should only take two clicks.

The should not affect how WP-Cumulus works on WordPress blogs. But there have been a number of ports and other projects that use the Flash movie. I urge the authors of those projects to examine the new Flash movie, and see if it still works in/with their product. The exploit is not unique to WordPress, and they may need to modify the security check to fit their project.

WP-Cumulus is now a team effort

team effort tshirtOver the last few months, I’ve not been able to dedicate as much time to the WP-Cumulus project as I’d hoped to. Freelance work has been keeping me pretty busy, and I’ve had to deal with acute issues rather than be able to focus on new features. That’s why I decided to look for help. Just around that time, Luke Morton launched a spin-off version of the plugin that implemented something I’d been meaning to work on too. I contacted Luke and I’m very happy he’s agreed to help develop WP-Cumulus from now on.

Some of the things we’ll be working on are pretty major. We’ll finally move to SWFObject 2.x, look into internationalization (both for the plugin and the Flash movie) and make improvements to the admin screen. We hope to be able to release a true 2.0 version sometime this year.

WP-Cumulus 1.22 fixes a security hole, please upgrade!

danger signYesterday, Thomas Scholz alerted me to a security weakness in WP-Cumulus. He noticed XSS hacking attempts targeted at wp-cumulus.php that could, in rare cases allow malicious code to be executed. This issue has been fixed in version 1.22, and I strongly recommend you upgrade straight away. It’s better to be safe than sorry, and the attack has already been seen ‘in the wild’.

WP-Cumulus can be downloaded here, but chances are your blog will notify you of the new version and allow you to upgrade automatically.

The top 5 WP-Cumulus hacks

Every once in a while a user asks me how to change something in WP-Cumulus that fits his or her specific needs. If enough people ask for the same thing (*), it’ll probably be in the next release, but sometimes the modification is so specific to a certain website or project that it makes sense to simply hack it in. Here are the five most common of those, in no particular order.
More The top 5 WP-Cumulus hacks

Obfuscate email addresses using PHP

If you want to include an email link in a WordPress template, or any other web page for that matter, its advisable to ‘obfuscate’ the address. Unfortunately, spammers scour the web to harvest email addresses, so if you simply place your address online, you’re very likely to get a some extra unwanted email. That’s where obfuscation comes in.
More Obfuscate email addresses using PHP