Patched Simple Facebook Like for WordPress

I am adding a Facebook Like button to the blog posts at work and so I looked for a WordPress plugin. The highest rated one I found is called Simple Facebook Like by a guy named Huseyin Berberoglu.

I had a bit of a problem getting the button to go where I wanted because the iframe that gets added to the page doesn’t have an ID or a class for me to address it by. I modified the source to stick in a class quickly and easily and dropped a comment on the guy’s blog to see if he would add it as an option for the plugin so future versions wouldn’t overwrite my change, and then I decided that I would just do it myself.

So I created a patch that can be applied to version 1.0.1 to let you specify a class for the iframe so you can use CSS to move it around more easily.

WordPress upgrades can be easy

I manage a couple of WordPress installations here and there. I obviously do everything on this blog, but on the other one I only really handle upgrades and changes to the underlying code. The style is done by a proper designer, and then entries are written by proper marketing people.

Before I had anything to do with the other blog the styles and modifications were simply placed into the existing default theme. This meant that every time there was a WordPress upgrade the changes got overwritten and the blog lost all branding. This meant that updates weren’t being applied quickly, which is a security problem.

When I took over the maintenance the first thing I did was to create a theme for the various CSS changes. The second thing I did was learn how to write a WordPress plugin to turn our code modifications into widgets. It may sound a bit complicated, but it’s not actually that hard if you know even the most basic PHP. The theme itself is just a zip file containing a few fairly standard PHP files and a stylesheet. The plugin is just a simple PHP file that (in this case) spits out some random sections of markup that we want, in the form of a widget that can be managed through WordPress itself.

Now when it comes to making an upgrade I have a test installation that I keep up-to-date with the current one (plugins, posts, comments, etc.) and I test it on there first. Today I upgraded the blog from the last 2.9 version to WordPress 3.0.1 and encountered absolutely no problems whatsoever. That’s how it should be! 🙂

WordPress Google Analyticator plugin

I use the Google Analyticator WordPress plugin by Spiral Web Consulting on my site because it saves me the bother of checking my stats on the actual Google Analytics page all the time.

Over the last couple of days I noticed that one of the searches bringing people to my site wasn’t showing up in the widget on my dashboard. After going to the Google Analytics page I discovered that the search term was <!– IE 8 quirks mode please –> and it wasn’t showing up because that’s what an HTML comment looks like.

I poked around the Google Analyticator code for a little while and discovered that the data was retrieved from Google and then just included in the output of the dashboard page in WordPress. This could lead to something as simple as search terms not showing up, or turning all of the text after a certain point bold (if a search term was <strong> for instance), or it could lead to particularly nasty people crafting a top search result containing a <script> tag and from there they could do some fairly nasty stuff.

I’ve created a very simple little patch to solve this problem. It basically involves running the data through PHP’s htmlspecialchars() function before it’s printed to the screen.

Download the patch.

EDIT
Google Analyticator 5.2.1 has been released to address this issue. Upgrade your installation! 🙂