Yesterday, Thomas Scholz alerted me to a security weakness in WP-Cumulus. He noticed XSS hacking attempts targeted at wp-cumulus.php that could, in rare cases allow malicious code to be executed. This issue has been fixed in version 1.22, and I strongly recommend you upgrade straight away. It’s better to be safe than sorry, and the attack has already been seen ‘in the wild’.
WP-Cumulus can be downloaded here, but chances are your blog will notify you of the new version and allow you to upgrade automatically.
My latest pet project, snapatar.com is nearly ready to be launched. It’s been online for a few weeks now, and we’ve been fixing little bugs and adding features users have asked us about. The latest version, 0.9.5, adds two of those features.
More Snapatar 0.9.5 adds a self-timer and mirror mode
Twitter by it’s very nature is a very limited service. That’s what’s fun about it. Some people manage to be really clever and witty in 140 characters. But there’s only so much you can express in a tweet. The other main way to express your personality on Twitter is through your avatar image (or ‘profile picture’ as Twitter calls them).
Many of the people I follow have carefully designed avatars that they don’t change very often. But what if you could have your avatar be as current as your tweets. Showing you exactly the way you look today, doing what you’re doing right now? That’s where Snapatar comes in.
More Introducing Snapatar: Update your Twitter avatar from your webcam
I guess it was about time I updated my Tagnetic Poetry plugin. WP-Cumulus’ lesser known brother now has shortcode support, as well as several other improvements. It’s not as mature as Cumulus, but it’s definitely stable enough to deserve a 1.0 version number.
The Flash movie now has support for the ‘xmlpath’ flashvar that WP-Cumulus has supported for a while now. This affects you only if you’re attempting to use it outside of the context of WordPress, but is very handy if you do. Putting more than one instance of the plugin on a page should also no longer cause issues, and several other little issues were fixed.
More Tagnetic Poetry 1.0 adds shortcode support
Several users have contacted me about the same issue with WP-Cumulus this week. On non-English (and mostly European) language blogs some of the tags would display either very small or humongously big. This turned out to be caused by internationalization of numbers in the inline style sheets in WordPress’ tag cloud. I have no idea why this only popped up now, but the Flash movie wasn’t built to handle 9,55pt tags (instead of 9.55pt).
Version 1.17 fixes this issue, and adds a highlight color setting.
Oh, and Ryan Tomlinson has ported WP-Cumulus to BlogEngine.NET. More about his project here.
Yesterday’s 1.15 version of WP-Cumulus caused a serious issue for some users. If the plugin was set to display categories, and all of them contained the same number of posts, the color assignment algorithm would fail and tags would turn black. I was able to quickly fix this and while doing so I also decided to try and lower CPU usage.
More WP-Cumulus 1.16: A quick fix…
I’ve just uploaded a new version of WP-Cumulus. Version 1.03 attemps to fix compatibility issues, adds a widget, speed control and several other little things. See here for the changelog.
With the help of Mujahid (and several others), I’ve been able to track down the cause of the “it kills my blog” error. I turns out I was closing PHP’s output buffer once too often, which PHP version 5.2 and newer does not like very much. All should be well for these users with version 1.04. Can’t tell you how relieved I am.