Browsed by
Category: Development

Is WordPress automatic install / upgrade compatible with a SVN deployment of WordPress?

Is WordPress automatic install / upgrade compatible with a SVN deployment of WordPress?

Picture of a Windows desktop featuring a mouse pointer

Question: Is the built-in WordPress automatic install / upgrade process compatible with a SVN deployment of WordPress?

Short answer: Yes.

Ever since WordPress came out with the automatic upgrade functionality in 2.7 I’ve hesitated to use it since the majority of our client installs are deployed using Subversion (svn) and I wasn’t sure how it would react with the .svn directories.

Today I finally decided to figure it out, and found that the WordPress team coded their upgrading functions exactly correctly (as far as not overwriting or deleting .svn directories goes). In addition, their script correctly removes old and unneeded files that might be present.

First, check to make sure that our svn checkout is clean:

$ svn st

Next, we begin the automatic upgrade process.

Step 1: Click the WordPress 2.8.5 “Please update now.” link:
Step 2: Backup your files as suggested – http://codex.wordpress.org/WordPress_Backups
Step 3: Enter your FTP connection details and click the Proceed button
Step 4: Wait while the files are downloaded and unzipped. This can take a minute or two, so be patient.

Now we can check to see what files were changed:

$ svn st
M wp-app.php
M xmlrpc.php
M wp-includes/post-template.php
M wp-includes/version.php
M wp-includes/theme.php
M wp-includes/comment-template.php
M wp-includes/bookmark-template.php
M wp-includes/media.php
M wp-includes/formatting.php
M wp-includes/author-template.php
! wp-includes/images/swf.png
! wp-includes/images/audio.png
! wp-includes/images/zip.png
! wp-includes/images/html.png
! wp-includes/images/doc.png
! wp-includes/images/video.png
! wp-includes/images/pdf.png
! wp-includes/images/js.png
! wp-includes/images/exe.png
! wp-includes/images/text.png
! wp-includes/images/default.png
! wp-includes/images/tar.png
! wp-includes/images/css.png
M wp-includes/rewrite.php
M wp-includes/general-template.php
M wp-includes/capabilities.php
M wp-includes/classes.php
M wp-includes/category-template.php
? wp-content/plugins/hello.php
M wp-content/plugins/akismet/akismet.php
M wp-content/plugins/akismet/readme.txt
M wp-trackback.php
M readme.html
M wp-admin/includes/post.php
M wp-admin/includes/update-core.php
M wp-admin/post.php
! wp-admin/js/forms.js
! wp-admin/js/upload.js
M wp-admin/edit-attachment-rows.php
! wp-admin/import/btt.php
! wp-admin/import/jkw.php
M wp-admin/import/wordpress.php
! wp-admin/edit-form.php
! wp-admin/link-import.php
! wp-admin/images/media-button-gallery.gif
! wp-admin/images/tail.gif
! wp-admin/images/gear.png
! wp-admin/images/comment-stalk-classic.gif
! wp-admin/images/media-buttons.gif
! wp-admin/images/comment-stalk-rtl.gif
! wp-admin/images/tab.png
! wp-admin/images/comment-stalk-fresh.gif
! wp-admin/images/comment-pill.gif
! wp-admin/css/press-this-ie-rtl.css
! wp-admin/css/press-this-ie.css
! wp-admin/css/upload-rtl.css
M wp-admin/install.php
M wp-admin/page.php

Notice that some old files have been removed and others have been modified. (See http://codex.wordpress.org/Files_Automatically_Replaced_by_Core_Upgrade for details on all the old files that the automatic upgrader removes).

Next we schedule old files to be removed from svn:

$ svn st | grep ! | sed 's/! *//' | xargs svn rm;

Next we commit the modified files and the removed files:

$ svn ci -m "Upgrading to the latest version of WordPress 2.8.5"

That’s it. The WordPress automatic upgrade process does not interfere with .svn directories, and is therefore compatible with maintaining a deploy from Subversion workflow.

How to disallow browsing of .svn directories on your server

How to disallow browsing of .svn directories on your server

If you deploy projects live out of Subversion repositories to public web servers, here’s a good tip for denying access to the .svn directories to keep people from snooping around your files.

Edit your global Apache config file (httpd.conf) or .htaccess file to include the following directive:


# Disallow any .svn directory browsing
<directory ~ "\.svn">
Order allow,deny
Deny from all
</directory>

This will tell apache to not serve up any directories that are called .svn.

How to: Get rid of widows in your WordPress posts with Widon’t plugin

How to: Get rid of widows in your WordPress posts with Widon’t plugin

I was just working on making some updates to the backend WordPress code for the Principia Pilot website (http://principiapilot.org/) and noticed widows in some of the stories.

Widows are the typographic term for a single word on a line at the end of a paragraph. I thought about the solution to this problem (basically add a non-breaking space before the last word of a paragraph) and then realized probably someone had written a plugin to do exactly this.

I tried two different plugins and like this one the best because it doesn’t overwrite the rest of the excellent WordPress typographic niceties like converting straight quotes to curly quotes:

Widon’t Download latest version here

How to: Automatically add a default set of Custom Fields to each post in WordPress

How to: Automatically add a default set of Custom Fields to each post in WordPress

PrincipiaPilot.org screenshot showing Custom Fields being used in a template

One of the neat things about WordPress is how easy it is to add custom metadata to a given page or post that you can then use in a template to display structured information. I’ve been using this technique for a while now to extend the basic WordPress elements of title, body, excerpt, etc and allow the creation of easily editable information-rich content.

Before now I’ve used the built-in WordPress Custom Field functionality in the Add New screen where you select previously created custom fields from a drop-down list that is limited to only showing 30 items. This is quite cumbersome as you have select each field you want to add to the entry and enter the value, click the Add Custom Field button, then repeat for however many custom fields you want to use. Needless to say, this can be frustrating to have to remember to do every time, especially for non-technical clients.

The Old Way:

Selecting a Custom Field (the old way)

During a recent site conversion to WordPress that involves 4-6 custom fields for each post, we finally decided that there must be a better way, and ended up finding a WordPress plugin that is so good that it should probably be added to WordPress core, it is so highly useful. The plugin is called Custom Field Template and is developed by Hiroaki Miyashita.

The New Way:

Custom Field Template WordPress plugin screenshot

Using a simple set of options to define the template you want to use is easy. After downloading and activating the plugin, go to Settings > Custom Field Template to define your template. One is provided for you to show you the possible template values. You can set up two separate custom field template designs.

This is the code used to generate the Custom Field Template form shown in the screenshot above:

Template Instruction

<strong>Story Template Metadata Instructions <em>(All fields are optional)</em></strong><br /><br />
1. Use this form to enter metadata about this story.<br />
2. Each item will get assigned to the correct Custom Field for use in the display template.<br />
3. Click the <strong>Save</strong> button to save the values.<br />
<br />

Template Content

[summary_deck]
type = textarea
rows = 3
cols = 50
label = Summary Deck:

[byline_writer_name]
type = text
size = 35
label = Byline Writer Name:

[byline_writer_title]
type = text
size = 35
label = Byline Writer Title:

[byline_writer_picture_url]
type = text
size = 54
label = Byline Writer Picture URL:

[lead_photo_caption]
type = textarea
rows = 3
cols = 50
label = Lead Photo Caption:

[lead_photo_credit]
type = text
size = 35
label = Lead Photo Credit:

[lead_photo_url]
type = text
size = 54
label = Lead Photo URL:

Then set this setting to true by checking the box to make the form look prettier:
Custom Field Template WordPress plugin setting

Next, I tweaked the Admin CSS settings to right-justify the labels:

#cft dl { clear:both; margin:0; padding:0; width:100%; }
#cft dt { float:left; font-weight:bold; margin:0; padding: 0 8px 0 0; text-align:right; width: 20%; }
#cft dt .hideKey { visibility:hidden; }
#cft dd { float:left; margin:0; text-align:left; width:70%; }
#cft dd p.label { font-weight:bold; margin:0; }
#cft_instruction { margin:10px; }

Click Update Options to save the settings and then go to Posts > Add New to see the form in action. You may need to go back and forth a couple of times to get your text field sizes just right and to put them in the right order you want them in.

Using the Custom Fields in a template

So how do these values get displayed on your page?

Simply edit your template PHP file to look for custom field values and then display them where you want them if they’re present.

This is how I do it for the Principia Pilot site. This code goes at the top of the template for single.php

<?php
// Retrieve custom meta values from post if they're present
$byline_writer_name = htmlspecialchars(get_post_meta($post->ID, "byline_writer_name", true));
$byline_writer_title = htmlspecialchars(get_post_meta($post->ID, "byline_writer_title", true));
$byline_writer_picture_url = htmlspecialchars(get_post_meta($post->ID, "byline_writer_picture_url", true));
$lead_photo_url = htmlspecialchars(get_post_meta($post->ID, "lead_photo_url", true));
$lead_photo_credit = htmlspecialchars(get_post_meta($post->ID, "lead_photo_credit", true));
$lead_photo_caption = htmlspecialchars(get_post_meta($post->ID, "lead_photo_caption", true));
$summary_deck = wptexturize(get_post_meta($post->ID, "summary_deck", true));
?>

Now each of the possible Custom Fields are available as PHP variables that can be checked for content.

This code example shows the “summary deck” being displayed on the page if it has been entered on the create content screen:

<?php
// Show summary deck if we have one
if ($summary_deck != "") {
    echo '<h3 class="summary-deck">' . $summary_deck . '</h3>';
}
?>

Using this excellent plugin, you can set up select lists, radio buttons, check boxes and more to help you populate your Custom Fields more easily if you prefer that to using simple text fields. You can also specify default values to use for the custom fields so you don’t have to type them in every time.

Plugin Default Template Options

These are the default options included by the plugin:
[Plan]
type = text
size = 35
label = Where are you going to go?

[Plan]
type = textfield
size = 35
hideKey = true

[Favorite Fruits]
type = checkbox
value = apple # orange # banana # grape
default = orange # grape

[Miles Walked]
type = radio
value = 0-9 # 10-19 # 20+
default = 10-19
clearButton = true

[Temper Level]
type = select
value = High # Medium # Low
default = Low

[Hidden Thought]
type = textarea
rows = 4
cols = 40
tinyMCE = true
mediaButton = true

Which displays a form that looks like this:
Custom Field Template WordPress plugin screenshot - Default form options

Summary

This plugin addresses a key need when using Custom Meta Fields in a WordPress custom template design — making it as easy as possible to enter values time after time on multiple pages or posts. There are a bunch of other neat options this plugin offers to make the authoring experience even easier. This is now on my “must install” list of essential WordPress plugins.

Please support Open Source by donating to the plugin author

If you use this and like it, I highly recommend sending a nice donation to the plugin author to help support ongoing development and to say thanks. This plugin will save you and your clients a lot of time and frustration. Thanks Hiroaki!


Requirements

Requires WordPress 2.1 or higher.

Click here to download Custom Field Template plugin from WordPress.org

How to file a DBA (Doing Business As / Registration of Fictitious Name) in Missouri for $7.00

How to file a DBA (Doing Business As / Registration of Fictitious Name) in Missouri for $7.00

Grilling
Now we’re cookin! 🙂

It’s surprisingly simple to get a Fictitious Name registered in Missouri, and it only happens to cost $7.00.

Simply click here: Missouri Registration of Fictitious Name and then fill out two simple online forms (takes about 1 minute), submit your credit card info for $7.00 and you’ll get an immediate confirmation of your name and PDF invoice and registration documents to download.

Very handy if you’re applying to something like the iPhone Developer Program and they need to see documentation… 🙂

Formula Sensei - iPhone formula calculator
Formula Sensei - iPhone formula calculator
Mac OS X voices for using with the ‘say’ command

Mac OS X voices for using with the ‘say’ command

A neat trick if you have a Mac OS X machine is to do this (make sure your speakers are turned on):

  1. Open Terminal.app
  2. Type in at the command line: say hello world

This will make your computer say “hello world” in the default voice (Victoria).

Here is a list of the other voices you can also use:

Female Voices

  • $ say -v Agnes "hello world"
  • $ say -v Kathy "hello world"
  • $ say -v Princess "hello world"
  • $ say -v Vicki "hello world"
  • $ say -v Victoria "hello world"

Male Voices

  • $ say -v Bruce "hello world"
  • $ say -v Fred "hello world"
  • $ say -v Junior "hello world"
  • $ say -v Ralph "hello world"

Novelty Voices

  • $ say -v Albert "hello world"
  • $ say -v "Bad News" "hello world"
  • $ say -v Bahh "hello world"
  • $ say -v Bells "hello world"
  • $ say -v Boing "hello world"
  • $ say -v Bubbles "hello world"
  • $ say -v Cellos "hello world"
  • $ say -v Deranged "hello world"
  • $ say -v "Good News" "hello world"
  • $ say -v Hysterical "hello world"
  • $ say -v "Pipe Organ" "hello world"
  • $ say -v Trinoids "hello world"
  • $ say -v Whisper "hello world"
  • $ say -v Zarvox "hello world"

Have fun. You can now add voices to your monitoring applications, or freak people out if they don’t know about this cool trick.

To learn about all of the functionality of the say program, type in man say in Terminal to learn more, or click here to view the online man page for say.

Why you should upgrade your WordPress installation to version 2.6 (just released) today

Why you should upgrade your WordPress installation to version 2.6 (just released) today

WordPress 2.6 is Available! Security Advisory to upgrade ASAP!

First, the good news: Matt & his brave crew of WordPress coders have just released version 2.6 of the Open Source award-winningly awesome content management system called WordPress (download it here). I’ve been using it since it was called b2, and love it. I recommend it for most of my clients, and they love the simplicity and ease of use. I also really like how easy it is to customize and extend, using the excellent theme and plugin system.

If you have a WordPress installation yourself, please upgrade it today. Why should you do it today? In short, not only does the latest version of WordPress have some awesome new features (like content change tracking, a new “Press this” browser bookmark, using Google’s Gears system to make it faster, and about 194 bug fixes) it also contains the latest SECURITY FIXES.

Why should you care about security fixes? Because older versions of WordPress are vulnerable to exploits. I know this for a fact, and have been working on cleaning out a number of older installations of WordPress that have been hacked. This isn’t a fun process, and if you stay up to date, you will have the best chance of not getting hacked yourself.

This isn’t a problem exclusive to WordPress, and they’ve done a really good job generally at fixing holes (the current release proactively fixes a number of potential issues), but it is an issue you should definitely look into.

On a Unix machine, one thing to look for is this pattern in any files: md5($_COOKIE'

You can do a search through all your hosting accounts by running this command (run as root):
# grep -R 'md5($_COOKIE' /home/

That will tell you if you have any infected files (for this particular exploit). If you find any, you need to clean out those files. If you are running your sites out of version control (like using svn), this may be slightly easier.

$ svn st should tell you if any files were changed from the last time you checked them out. If you see unexpected files show up, you’ve been hacked.

To clean out your installation, not using version control method (done as root in this case):

  1. Copy your whole public_html directory to another location so you can do forensics on it and copy valid files back into your new installation:
    # cd /home/USERNAME/
    # mkdir public_html-hacked
    # mv public_html/* public_html-hacked/
  2. Download a clean copy of WordPress into your public_html:
    # cd /home/USERNAME/
    # wget http://wordpress.org/latest.zip .
    # unzip latest.zip
    # cp -R wordpress/* public_html/
    # chown -R USERNAME:USERNAME public_html/*
  3. Create a new wp-config.php file. It’s probably a really good idea to first change your MySQL database password. To create your new config file:
    #cd public_html/
    # cp wp-config-sample.php wp-config.php
    # vi wp-config.php

    Enter the correct (new) values for your MySQL database name, username, password, and the (currently 3) authorization unique key values (go to http://api.wordpress.org/secret-key/1.1/ to automatically generate the 3 keys for you to copy/paste into your config file.
  4. Next, upgrade your WordPress database: http://example.com/wp-admin/upgrade.php. You’ll have to sign in with your admin username and password. Once this is done (should go without a hitch, hopefully), examine your user table to see if there are any entries there that shouldn’t be. Delete any users that you didn’t create. Also, it would be a good idea to update the password for each user in the system.
  5. Go through all of your Settings, looking for any suspicious changes. Specifically notice what the Uploads directory is set to (in Settings->Miscellaneous). It should probably be set to something like wp-content/uploads. If it says something like ../../../../../tmp/ change it back. Also go look there to see if there are any left-over files that need to be investigated and removed.
  6. Make a local copy backup of your database and then clean out entries that don’t belong there. Check your raw database (using something like PHPMyAdmin or command line mysql tools) and examine the wp_users table. Look for a user called WordPress. Delete it! If you found it, also check the wp_usermeta table and delete all entries associated with the bogus WordPress user ID. Next, check through your other MySQL tables to look for any suspicious entries (attached files, comments, posts, etc.) Delete anything that looks incorrect or wrong, but be sure not to delete your actual content.

As you can see, there are lots of things to check for if your installation of WordPress gets compromised. So, to save yourself a lot of pain and suffering, make sure you upgrade your WordPress installation(s) just as soon as you can.

More good info if you think your WordPress installation has been hacked:

sell diamonds