Patched Digg Digg WordPress plugin

I was adding a Digg button to the company blog using the Digg Digg plugin when I found an issue that meant that the post ID was lost by the time it reached Digg’s description page.

It seemed that the plugin wasn’t escaping the = symbol in the URL which caused Digg to not understand the query. I added the following code to the construstURL function in dd.class.php file:

$url = str_replace('=', "%3D", $url);

Everything went through correctly, and so if you’re having a similar issue then you might want to check that you’re properly escaping the URL you’re passing to Digg, especially if it has parameters.

WordPress upgrades can be easy

I manage a couple of WordPress installations here and there. I obviously do everything on this blog, but on the other one I only really handle upgrades and changes to the underlying code. The style is done by a proper designer, and then entries are written by proper marketing people.

Before I had anything to do with the other blog the styles and modifications were simply placed into the existing default theme. This meant that every time there was a WordPress upgrade the changes got overwritten and the blog lost all branding. This meant that updates weren’t being applied quickly, which is a security problem.

When I took over the maintenance the first thing I did was to create a theme for the various CSS changes. The second thing I did was learn how to write a WordPress plugin to turn our code modifications into widgets. It may sound a bit complicated, but it’s not actually that hard if you know even the most basic PHP. The theme itself is just a zip file containing a few fairly standard PHP files and a stylesheet. The plugin is just a simple PHP file that (in this case) spits out some random sections of markup that we want, in the form of a widget that can be managed through WordPress itself.

Now when it comes to making an upgrade I have a test installation that I keep up-to-date with the current one (plugins, posts, comments, etc.) and I test it on there first. Today I upgraded the blog from the last 2.9 version to WordPress 3.0.1 and encountered absolutely no problems whatsoever. That’s how it should be! 🙂

WordPress Google Analyticator plugin

I use the Google Analyticator WordPress plugin by Spiral Web Consulting on my site because it saves me the bother of checking my stats on the actual Google Analytics page all the time.

Over the last couple of days I noticed that one of the searches bringing people to my site wasn’t showing up in the widget on my dashboard. After going to the Google Analytics page I discovered that the search term was <!– IE 8 quirks mode please –> and it wasn’t showing up because that’s what an HTML comment looks like.

I poked around the Google Analyticator code for a little while and discovered that the data was retrieved from Google and then just included in the output of the dashboard page in WordPress. This could lead to something as simple as search terms not showing up, or turning all of the text after a certain point bold (if a search term was <strong> for instance), or it could lead to particularly nasty people crafting a top search result containing a <script> tag and from there they could do some fairly nasty stuff.

I’ve created a very simple little patch to solve this problem. It basically involves running the data through PHP’s htmlspecialchars() function before it’s printed to the screen.

Download the patch.

EDIT
Google Analyticator 5.2.1 has been released to address this issue. Upgrade your installation! 🙂