davidhouse

It’s $post->ID, not $post->id. Yes, that does matter. Also make sure that if you’re doing it from inside a function, that $post is declared as a global variable.

WordPress does not rely on magic_quotes_gpc. If it’s turned on, then all the slashes from $_GET, $_POST, $_COOKIE and $_SERVER are stripped. Then those four arrays have slashes added to them, regardless of whether magic_quotes_gpc is on or not. The net effect is that those four arrays get all their quotes escaped, regardless of php.ini settings.

The problem probably would happen when using wp-mail.php.

The trunk is for unstable, latest and greatest work. We don’t need an ‘unstable’ branch to hold the 1.6 stuff, that’s exactly what the trunk is for.

Don’t run the latest svn trunk unless you really know what you’re doing. Even then, don’t expect to get support for it at the forums.

More importantly, what’s the error you’re getting?

I’m 90% sure 1.5.1.2 will fix your blog. The problem with 1.5.1.1 was that it just accepted anything at all for the ‘cat’ parameter. This was then passed into a SQL query, and so by including some SQL in the ‘cat’ parameter, the hackers were able to display your username and password. Although the development blog said ‘if you’re running the default theme’ and you’ve stated you weren’t, I guess you’re running some derivative on the default theme that was still vunerable.

Anyway, in the future a good idea to protect yourself against a lot of hacks is to change your table prefix. This involved renaming your tables to something like arj_users, arj_posts, arj_comments and so on (instead of wp_users, wp_posts, wp_comments), then change the ‘tableprefix’ bit in your wp-config.php file.

The admin has nothing to do with what theme you’re using. 1.5.1.2 was a security fix that will make sure this doesn’t happen again.

Well, I guess you could have one .htaccess file in the root, but you’d have to change all the rules WP produces and it seems like a lot of error-prone work. Is it not acceptable to have two .htaccess files?

If we go ahead with this, don’t make the index.php completely empty, at least send out a 403 header.

Not to insult your intelligence, but this is how the link updates tracking works in WordPress (by the way, when I refer to a ‘setting’, I mean the row in wp_options table with that option_name).

• When the file wp-admin/update-links.php is included, it will send a HTTP request off to api.pingomatic.com to pull a list of when each link has been updated, and populates the link_updated column in wp_links.
• When get_links_list() is called, it iterates through the list of link categories
• With each one, get_links() is called
• This checks if the setting links_recently_updated_time is set
• If it is, a column recently_updated will be returned from the database query inside get_links(), which indicates whether the link’s link_updated field + links_recently_updated_time is later than now()
• get_links() then proceeds on to output the list of links. If the show_updated field of the link category which the current link belongs to is true and if the link’s recently_updated field (see previous point) is true, then whatever’s in the setting links_recently_updated_prepend is output before the link, and links_recently_updated_append is output after the link. Also, if show_updated is true, then a string indicating that the link has recently been updated will be shown.

So, the things to check:

• wp_options->use_linksupdate is true
• wp_options->links_recently_updated_time is > 0 (the default is 120, this represents how many minutes ago we call ‘recent’)
• wp_options->links_recently_updated_prepend and wp_options->links_recently_updated_append are what you want to prepend and append to updated links.
• Your host allows remote fsockopen calls. If not, the HTTP request in wp-admin/update-links.php will fail.

This is surely possible with or without WordPress. Like dougal said, if you can’t trust an author, don’t make them an author.

We don’t need a conditional in the CSS itself, just the file that includes it:
if (file_exists('layout.css'))
echo '<link rel="stylesheet" type="text/css" href="layout.css" />';
else
echo '<link rel="stylesheet" type="text/css" href="wp-layout.css" />';

So what permalink structure do you have set up there to enable this? Just /%postname%/ I’m guessing?

Wow… this plugin really is gaining some momentum! You all should also check out my documentation, which is where news on this plugin will appear.
Thanks ??

It should be the name of your blog at the top.

There’s my problem: updating admin-footer and wp-admin.css but not admin-header ?? I’m a CVS man myself, I update one file at a time and don’t download many nightlies.

About editing: wrap the text you deleted in a del tag and the text you added in an ins one.