Simple:Press Forum Security And Bug Fix Update (3.1.2)

Once again it’s a bit quick but a reported security problem and some much needed bug fixes have made the release of another update necessary. This is a recommended upgrade for all users of any version 3 forum plugin.

Regarding the security scare - we believe we have covered this but research will continue. If we find a little more work is needed then we will release a small upgrade (files only) in due course.

Several of the more annoying bugs have been fixed, notably the error log filling with errors resulting from RSS feeds and the ‘fatal error’ when someone got the math wrong on a new registration!

And for all those users out there of the ‘All In One SEO Pack’ you will be pleased to know that we now support it’s ‘page title’ setting for the browser title bar.

Hopefully this version will prove stable and we can now move on to some exciting new development for a future 3.2!

Join the forum discussion on this post - (10) Posts

Simple:Press Forum Version 3.1.1 Already

I am obviously saddened by the fact that several people had some problems with the initial 3.1 install. It’s one of those cases where, not having an army of testers to call upon coupled with the sheer scope of the plugin, it is too easy to miss some little combination here or sequence of events there….!

So apologies to those effected but hopefully those issues should now be resolved in 3.1.1.

There is an upgrade pack available containing just the changed files which, hopefully, makes the upgrade a little easier.

Join the forum discussion on this post - (10) Posts

Simple:Press Forum V3.1 New Features

As I said in the last post, Version 3.1 of Simple:Press Forum is largely about optimisation and bug fixes but new features are much more fun to work on and the list of user requests never gets shorter! Here are just a few of the more important or interesting features coming in 3.1 (in no particular order):

• Move a Post to a new Topic: often requested and finally coded up. Both this and the Move Topic to Different Forum tool now use Ajax calls to speed the process.
• New Template Tag to notify users of new Private Messages: which includes a link to their Inbox.
• ‘nofollow’ and ‘target’ filter options on links in posts: added as optional post filters.
• View Admins New Post Queue: using an Ajax call, the admins post queue of unread or posts needing approval is now available from any view. You can approve, mark as read, delete and, new for 3.1, both approve and go to to post in one action
• ‘Add New Topic’ button: now available on the posts (topic) view alongside the ‘Reply to Post’.
• Edit Forum and Topic ’slugs’: for those occasions where you may want to change them.
• Post Admin Tool Icons: have been moved to the left hand side for those annoying times when someone posts something with reams of formatting or a long url with no spaces and the tools disappear off of the right hand side!
• Admin Options panels now use jQuery: less new javascript required for loading.
• The Admins New Post Queue now Optional: an important one for those users who do not use it - you can now officially turn it off.
• Right-to-left language support in the TinyMCE editor: now turned on.
• New Template Tags to return members Avatar: enables using the forum avatars outside of the forum itself.
• Improved Security: as always, anywhere where security from attack can be improved will be and more work has taken place in this forthcoming update

Is that the full list? Maybe not but these are the main items.

Simple:Press Forum V3.1 Getting Close

While I would much prefer to leave it a little longer before releasing yet another update to Simple:Press Forum, 3.1 is going to be one I have to recommend all users upgrading to when it is released. While there are a few new features (mainly requested items) and quite a number of bug fixes as would be expected, the real goal we set ourselves for 3.1 was optimisation. And on that score it has been a very satisfying development.

It may look more or less the same on the surface but under the hood a lot has changed. The first target were database queries as the forum consumes a large number. The good news is that these have been reduced considerably - in some key areas by as much as 85%. But no page displays have been left out. Major cuts in the database calls have been made everywhere and existing queries re-crafted and consolidated.

The second major goal was to take a long hard look at user data handling. The integration with WP user registrations is essential but some aspects of core WP user handling is not ideal and 3.1 sees the introduction of a new table for user forum specific data which has again enabled us to reduce queries and overhead.

The final goal was to build on the permissions structures introduced in 3.0 and to increase overall performance in what is a tricky data area to manipulate. This too has benefited from an increase in performance and query usage and much more key data is now being cached during page load.

As to new features? More on those later when we have a definitive list.

SPF - The AHAH 404 and Fatal Catchable Error Problems

I have today released a patch that, fingers crosssed, resolves both of the above issues. (The 'AHAH 404' error that a very small number of people have experienced - and the 'Fatal Catchable Error' a few have seen with the 'now reading' plugin and using the new 'upload media' page of WP 2.5.

While on the subject of WP2.5, there is a bug in the WP admin CSS and the patch also has a fix for that.

If you are experiencing NONE of these problems then there is no need to install the patch as it adds no new features or fixes any other known bugs.

Podcasted

Was pleasantly surprised by an email this morning informing me that one of my plugins was the featured ‘plugin of the week’ - or maybe month - on a WordPress based podcast run by Dave Moyer. My Admin Drop Down Menu plugin got a rave review on the first WordCast and it was a nice thing to hear. It’s odd how this stuff get’s about. One day your sitting there writing something and a little later people are talking about it around the other side of the world! Amazing times.

Thanks for choosing it guys and I wish your venture a fruitful future.

Simple Forum 2.1 Security Alert

There has been a rush in the last week of a hack being widely posted that can cause user credentials to be made available via a SQL Injection. It is stated on these sites that this applies to Version 2.1. This is, actually, the same exploit that was mentioned in this post last October 15th.

It appears that some users of the plugin, whilst apparently running a 2.1 version, are running an earlier ‘beta’ that was offered prior to the final version. As was stated last October, it was very important to take the correct and final release to ensure this exploit was not a threat.

Please check the build number of the version you are currently using. ANY BUILD PRIOR TO 237 must be considered ‘at risk’. Build 237 is the currently available build of 2.1 and has been for a long time. Please note that this security exploit is real and applies to all versions prior to 2.1. Updates should be applied as soon as possible.

There s no need to include the ‘patches’ as the full build already has those applied.

[UPDATE: The Version and Build number can be found in the version strip at the very bottom of the forum page display]

Simple Forum 3: New Name, New Features, New Look

It’s had a long gestation period but it’s finally code complete and starting limited exposure as beta testing gets underway. It also has a new name. Starting with version 3.0 the plugin will be renamed Simple:Press Forum. This is to ensure it it not confused with the standalone commercial package of the same name.

The majority of feature requests - and there were far too many to include them all - have been put in place, especially those that were requested by many users. The list is long and this post will only touch the surface. So - roughly in order of demand:

• ‘Pretty/SEO’ Friendly Permalinks. And the good news - should also be able to display links with the old url structure.
• Private Messaging - the second most regular request.
• Powerful User Group and Permission structure. Fine control over who can see and do what.
• New ‘QuickLinks’ dropdown on the Search Bar displaying recent and unread posts
• Bulk Moderate Posts needing approval and read new posts in one place
• Login Form bought into current page view
• Mass Deletion tool for the removal of old topics
• Many ‘Custom’ options: Up to three custom icons in login bar; set custom icons for all Groups and Forums; Use a graphic in place of page title; Create a special ‘editor’ message
• Redirect RSS Feeds to external services (i.e., FeedBurner)
• ‘Pluggable’ page rendering code allowing replacement functions and custom code routines
• TinyMCE V3 with much improved text handling and formatting
• Optional Image File Uploading (only using TinyMCE editor)
• Improved Notification, Messaging and form validations
• EMail Overrides and create text of New User Email
• Democracy Polls plugin support
• Images as Thumbnails that expand

There is also a long list of smaller features and improvements that include: Increased use of Ajax - On-line Popup Help in all Admin Panels - First and Last Post entries link to their posts - New Members taken to Profile - Online/Offline Status displayed - Location and Registration date added to user profiles - Members can no longer post as Guests - Admin Tabs ’sticky’ after save - Improved Signature display - Check for Updates - Report suspect posts to Admin - Profanity Filter - New Install and Upgrade Procedure - New Template Tags (Statistics, recent Posts) - Options to colour alternate rows differently - Post Permalink popup - Admin Option to edit Time/Date stamp - many, many small bug fixes, cleanups and optimisations…

I am now using the first Beta of Version 3 at my support forum.

The Simple Forum Name Game

Before getting to the name a quick update to all those people who have been asking about the status of Simple Forum Version 3. Yes - it’s a little on the late side. I had hoped to release before the end of January. But the good news is that it is code complete and the number of bugs or problems we are finding with the new code are declining swiftly. I very much expect to have it running my support forum in the next couple of days - at the latest the weekend - which is one of the best tests it can have.

So - back to the name. A few weeks ago I was sent a link to Simple Forum. Stunned, I was, to discover that there is actually a commercial web forum software package that goes by the same name as my humble WordPress plugin. I debated whether I should change the name of mine and then basically forgot about it again. Until this week, when a security vulnerability notice was posted against this other product and some people immediately figured they were talking about mine. Even one of the sites who raised the notice put a comment on my plugin page with the foreboding message ‘Beware’! This was plain stupidity of course and showed an amazing lack of judgement. But it is there and I responded to it and the guy went very quiet.

But it bought back into focus the question of whether I should or should not change the name. And to be totally honest - I just can’t make up my mind.
Maybe I will. Then again… maybe I won’t. But if anyone has any good ideas - do please email them to me.

Popup Image Gallery - Past It’s Sell By Date

As from the start of this year I am removing the ‘Popup Image Gallery’ from my available WP plugin list. This was the first plugin I ever wrote at a time when I was new to WordPress, to php and even to CSS. It has many flaws and is showing it;s age and the strain!

I have a lot of ideas for a replacement and know exactly what I would like to do with it. The main obstacle is simply time. But maybe one day…