Learning the World

WordPress MU 2.8.1 was just released, and I came across a few bugs while kicking the tires on my MU development site:

• #1037 After upgrade, upgrade banner doesn’t disappear (fixed)
• #1048 WPMU 2.8.1 improperly escaping titles of newly created blogs
• #1049 Editing Blog Settings as Admin fails (fixed)

#1049 was fixed within four minutes of me posting the ticket, which is pretty darn cool.

I also encountered an issue with the Admin-SSL plugin and 2.8.1 that sets up an infinite rerewrite of the blog delete URL; I haven’t had a chance to track it down yet, but the author is working on an update of the plugin to get it working properly with 2.8.

Marketing Pilgrim’s posted their list of the most useful plugins for new bloggers. Of the plugins on this list, I can personally recommend Akismet; no blog should launch with out it. A lot of my friends in the hobby game blogosphere use CommentLuv. I’ve taken advantage of it while posting comments, but have never installed it on one of my own blogs.

NextGEN Gallery, the popular image gallery plugin for WordPress, has a new version out. v1.2.0 includes a couple of tweaks and bug fixes, but the big thing to note is that it no longer includes the JW Image Rotator, which is the Flash image manipulation tool that allows NextGEN to generate slide shows.

It was removed to avoid licensing conflicts, but no fears — it still works with NextGEN, but now site admins (like me) need to go grab a copy of JW Image Rotator when they install/upgrade the plugin. This won’t affect your site or blog at Lafayette; I’ll be sure to include the file when we do the upgrade here.

I’ve had great luck using NextGEN Gallery in my WordPress MU pilot install at work, but we have run into a few MU-specific hiccups with the flash file uploader and the location of the file image rotater. This led me to suggest some site-wide configuration options for the plugin in the WordPress support forums:

http://wordpress.org/support/topic/251863?replies=1

Here’s what I suggested:

The Default Image Rotator location

The plugin attempts to guess the default location for the imagerotator.swf file based on the assumption that the plugin is installed as part of a standard WordPress installation. This makes the path something like:

http://www.example.com/username/wp-content/plugins/nextgen-gallery/imagerotator.swf

Unfortunately, in a WordPress MU install, the plugin is not located in the user’s directory; instead it’s in the main plugins directory. e.g.:

http://www.example.com/wp-content/plugins/nextgen-gallery/imagerotator.swf

It’d be great to have a global option that allows me to specify what the default path should be for all of the NextGEN galleries on the WordPress MU install.

Global “Disable Flash Uploader” option

The Flash uploader has been problematic on and off for a while. While 2.7 got it working on non-secure sites, there’s a known issue with Flash and https that prevents it from working in sites secured with https.

NextGEN allows users to disable the Flash uploader on a per-site basis, which is helpful, but I’d love a global option that would allow me to disable the Flash uploader site-wide.

If these options sound helpful to you, please drop by the forums and add your voice to the conversation.

“You are in a maze of tiny, twisty passages, all a like”.

That line shows up in Zork and its variants when you get lost in a labyrinth, and it’s how I feel right now trying to puzzle through the best way (or hell, ANY way of securing WordPress Mu in directory mode).

What I’m trying to do is this:

• I want to enable secure logins and admin pages (so that these pages are protected via SSL and have https addresses).

I’ve got a WordPress Mu install setup in directory mode, e.g.:

• The main blog is at wordpress.foo.edu.
• The daughter blogs will appear in subdirectory format, e.g. wordpress.foo.edu/bar

In normal WordPress, this goal can be accomplished by setting two constants in the config file:

• define('FORCE_SSL_LOGIN', true);

• define('FORCE_SSL_ADMIN', true);

Another option is to make use of the Admin-SSL plugin:

• Admin-SSL: http://www.kerrins.co.uk/blog/admin-ssl/

With WordPress Mu, it seems things are a bit trickier. Ok, a lot trickier.

Both methods will protect the main blog at wordpress.foo.edu, I get nothing but 404s when I try and access any of the daughter blog admin pages at wordpress.foo.edu/bar/wp-admin. Traffic is successfully redirected to https, but the server simply spits out a 404 page, saying there’s nothing there to load.

This is the same thing that happens when you, ahem, forget to include the htaccess file with the various mod_rewrite commands that allow for clean urls in WordPress, so my assumption was I’d just need some more mod_rewrite magic to get WordPress to properly serve these pages.

This led me on a mad chase to try and figure out the best way to do that. Instructions in the following post seem like they should work:

• SSL/LDAP/password security questions

And yet not. More 404s. More headaches. It could just be that I’ve been working on this too long, and need to let it simmer overnight. It seems to me that there must be a way to use mod_rewrite to force Wordpress Mu to resolve these https addressses the same as it does http, but I’m just not seeing it.

My guess is that this all would work just fine using the subdomain method, but we really want to use the directory one.

So yes. There’s a maze. With tiny twisty passages. And they are all alike. Time to hit the reset button, and tackle it with new eyes tomorrow. In the mean time, if anyone has any bright ideas, please let me know.

Update: 2/2/2009

You knew it was going to be something small and obscure right? And you new it was going to be something that prevent the .htaccess file from firing, right?

When last I wrote on Friday, sub-blogs failed to load whenever you tried to access an https-enabled page. I couldn’t help having this gut feeling that my issue had NOTHING to do with .htaccess/mod_rewrite and everything to do with a server configuration issue.

On Sunday, I did some experiments, and I discovered that when I tried to load an SSL-enabled daughter blog, the htaccess file was never even executed.  I tested this by purposefully breaking the htaccess file so it would cause a server error; when I loaded https://wordpress.foo.edu”, I got a “page not found” not a “you idiot, you broke the server” error.

So I switched gears and started looking at issues with httpd.conf and ssl.conf. That’s when I came across the very nifty “Installing WordPress Mu” ebook [pdf], where I saw this bit of advice: 

Permalinks do not work or Can’t find subblogs in subfolder install
If everything looks like it installed okay, but when you start clicking on links and you get 404’s or server errors, you need to do a little Apache configuration. Even if you have mod_rewrite enabled, and the htaccess file is there, on some setups the web account is set to not let these settings through. You’ll need to go to terminal mode and edit the httpd.conf file. See back on page 5, and while you’re in there, look for the directive of your virtual host, find this line “AllowOverride None” and change it to “AllowOverride FileInfo Options”. With no quotes.

Sounds familiar … doesn’t it?

So I look at the wordpress entry in httpd.conf and see that yeah, AllowOverride is configured as “AllowOverride FileInfo Option”. But ssl.conf? THAT was set to “AllowOverride None” As a result, WordPress MU worked just fine on regular pages, but failed on secure ones.

Changing ssl.conf so that AllowOverride was set to “AllowOverride FileInfo Options” fixed the problem. Apache, htaccess and Wordpress are on speaking terms again, login/admin traffic is automagically routed to https, and the freaking page LOADS.

[sigh]. It’s only obvious in hindsight.

After talking with a faculty member and brainstorming how classes might use WordPress MU, one of the must-have tools we’ve decided we need is an author list. While we anticipate that we’ll have a number of one-person blogs if/when WordPress Mu is in production, there will also be goodly amount of multi-author blogs for classes, student organizations, etc.

We identified two needs:

• Hyperlink an author’s name to a page with all of their posts on the site.
• Include a widget listing all of the authors (with links to their individual posts)

After doing some research this morning, I’ve come up with a few solutions.

1. Linking to author names & listing authors through WP functions: The “Author Templates” page of the WordPress Codex lists a number of useful functions that can be used as part of the Loop to link to individual author pages as well as displaying post counts and author lists. 
   • The specific function is “the_author_posts_link()”, and it inserts the author’s name with a hyperlink to his/her “author” page, which lists everything they’ve written.
   • You can also use “wp_list_authors()” to list all the authors associated with the blog.
   • These options require you to modify the theme’s template file(s). 
2. Listing Authors with the Authors Widget: “Authors Widget” allows you to add a sidebar widget that lists all of the authors associated with the blog with links to their individual author pages (there’s also an optional link for their RSS feeds).

As I alluded to yesterday, Firefox 3 on the Mac won’t accepted formatted text from other applications (most notably word). While this does mean that users don’t have to deal with the Word<->Firefox 3  extraneous code problem, also means that every document that gets cut and pasted into Firefox 3 is going to come in without any sort of formatting. This is a pain for folks who were used to this functionality in Firefox 2, and I expect that we’ll see more and more complaints about this as Firefox 3 achieves deeper penetration on campus.

There’s a report on this bug in Bugzilla; please vote for it. 

• Clipboard and drag-and-drop don’t interoperate with formatted text (e.g. HTML) on OS X

There’s also a good conversation about the issue, including possible workarounds, at MacRumors.com:

• Copy and Paste removes formatting – why?

Note that Safari on the Mac does not have this problem, but I’ve found Safari support in TinyMCE and CKEditor flaky at best (e.g. when cutting and pasting from Word into Safari using TinyMCE 2.x in Drupal, the resulting text will have random spaces removed from between words).

Update 11/7/2008

The patch that fixes this problem has been committed, so hopefully we’ll see this in production soon!

Firefox 3 for Windows has changed the way it handles copy and pasting text from other applications, such as Word, which in turn is causing extra code to show up in posts to a variety of web apps, including Moodle, Drupal, and WordPress. Firefox 3 for Mac has its own issues (namely it won’t copy/paste rich text from Word at all).

This Moodle Tracker report offers one scenario where the problem pops up. I encountered it earlier in the semester as well, and unfortunately the best workaround I had at the time was to tell folks to use IE to do cutting and pasting if they wanted to preserve their formatting (or copy/pasting into Notepad before pasting into Firefox 3 if they didn’t.

The extra code is style data that Firefox 2 omitted, but Firefox 3 includes:

<!– /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:”"; margin:0in; margin-bottom:.0001pt;
mso-pagination:widow-orphan; font-size:12.0pt; font-family:”Times New
Roman”; mso-fareast-font-family:”Times New Roman”;} span.EmailStyle15
{mso-style-type:personal; mso-style-noshow:yes;
mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial;
mso-ascii-font-family:Arial; mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial; color:windowtext;} @page Section1
{size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;}
div.Section1 {page:Section1;} –> 

Digging around on the web, I found a post (”Pasting from Word in Firefox 3 Doesn’t Remove Meta/Style Tags”) that explains the problem:

The problem is due to that Firefox 3.0 is presenting itself to MS Word as a XML client and the content pasted in the editor has new format different to this one pasted in Firefox 2.0. That is why the regular expressions used by the editor’s Paste From Word filters are not stripping the new MS Word XML formatting. 

I can’t find anything in Bugzilla that speaks to this (my guess is that it would be viewed as a feature rather than a bug).  

My understanding is that there’s always extraneous code coming over from Word, but that the various WYSIWYG editors (TinyMCE, CKEditor) endeavor to strip out said code. The problem, aside from the fact that Firefox 3 has changed the way it does copy and paste, is that the editors haven’t caught up with the changes. I found posts for both editors discussing how to deal with this.

On the CKEditor site, there’s a tracker report about improving the editor itself:

• Ticket #2291: Simple copy & paste from Word document – extra code not stripped

WordPress Magazine is a new webzine focusing on WordPress; its inaugural issue looks at how to change the popular blogging software’s physical appearance by developing custom themes. There’s not a huge amount of content here yet, but I’ll be keeping an eye on it to see how it evolves.

In looking at WordPress Mu as a possible lightweight CMS for campus organizations and departments, I’ve found myself on a quest … a quest to figure out if/how WordPress can display an inline list of posts from a given WordPress category.

So what do I mean by that? Well, consider this actual use example from the “Research Tools” database I ported over to Drupal for a recent Library redesign project. The original database contained a number of records relating to research tools (journals, indexes, etc.) relating to a particular subject area. These records were assigned to categories like “Africana Studies: Major Research Tools” and “Africana Studies: Other Research Tools”. The original database then dynamically served up lists of these research tools on a single “Africana Studies” themed web page.

Continue Reading »