Important Security Update For SyntaxHighlighter Evolved

If you use my SyntaxHighlighter Evolved WordPress plugin, please update ASAP. There’s a security issue with the Flash file that is used by version 2 of the highlighting library. This file is meant to be used for allowing one-click copying of the code to your clipboard (since normal copy/paste doesn’t work with it) but the file reportedly suffers from a cross-site scripting security issue.

Even if you use the better version 3 of the library (the default for my plugin), the file from version 2 of the library will still be included in the plugin’s files.

As a temporary fix, I have emptied out the file. This unfortunately means your visitors will not easily be able to copy any code you paste. I recommend switching to the superior version 3 via my plugin’s settings page. Code highlighted using the newer version can be selected and copied normally.

Feel free to leave any questions you have about this security issue on this post but please leave other general SyntaxHighlighter comments on the plugin’s homepage. Thanks.

jQuery Lightbox For Native Galleries Plugin Discontinued

With the release of Jetpack 1.5, Jetpack now supports the awesome carousel feature that you may have seen running on WordPress.com. It’s superior to my jQuery Lightbox For Native Galleries plugin in my opinion so I am opting to discontinue development on my plugin.

My plugin should continue to work for the indefinite future but I will no longer be maintaining it.

JW FLV Player Removed From My “Viper’s Video Quicktags” Plugin

JW FLV Player has been removed from the latest version of my Viper’s Video Quicktags plugin. The player is not compatible with the GPL license and as a result cannot be included in plugins that are hosted in the WordPress.org plugin repository. I shouldn’t have added the player to my plugin in the first place but it was the only decent player at the time oh so many years ago. Today I have rectified that mistake by removing it from my plugin’s download.

However do not fear — I have not actually removed the functionality, I just no longer bundle it with my plugin. If you wish to continue to use the player to embed .flv and .mp4 files after upgrading to version 6.4.0 of my plugin, you will need to download this ZIP file and extract it to your wp-content folder, resulting in /wp-content/jw-flv-player/player.swf. I’m hosting the ZIP file since my plugin uses an old version of the player that is no longer available for download from the official site.

This is a temporary band-aid fix. The eventual plan is to switch to the GPL-licensed Flowplayer but that won’t happen until I complete the latest recode of my plugin which introduces many much-needed features. Whether I’ll actually ever finish version 7.0 of my plugin is another matter though.

If you have any questions or need any help, please post over on the Viper’s Video Quicktags page.

Did You Know GitHub Supports SVN?

GitHub is an awesome code repository and code distribution website. It’s used by countless people and organizations to develop and release code.

I’ve wanted to made use of GitHub for a very long time now but the site is built around the Git revision control software. However I instead extensively use Subversion (SVN) in my daily life and have no desire or need to learn Git — everything I currently do requires that I use SVN. Not to mention that the Git experience on Windows is absolutely horrendous.

So I was incredibly pleased to learn that GitHub supports SVN! They added full support way back in October 2011 but I somehow missed the memo.

This is super good news because it means I can now start to distribute my code and projects via my my GitHub page. Nothing is there quite yet but I hope to package up and commit some code to there soon. :)

Help Me Name My Latest Plugin

I’m having trouble coming up with a good name for my latest WordPress plugin so I thought I’d crowd source it. :)

My other WordPress-powered site, FinalGear.com, receives very large traffic spikes. I used to just run WP Super Cache to prevent the site from going down but Apache would still actually die under the load even though it was just serving static content. Since the site has no comments or other often changing content, the easiest solution at the time was just to throw a reverse proxy called Varnish in front it with a decent cache time (5-10 minutes per page). I’ve since switched from Apache to nginx which solves that issue but it’s still easiest to just leave Varnish there.

Varnish is set up to ignore cookies on the front end of the site. That means I get served the exact same version of the site that you (a guest) sees — no admin bar, no post edit links, and so forth. Getting to the admin area is easy thanks to an absolutely positioned hidden link in the bottom left of the site (hover over it, you’ll find it) so lack of an admin bar is no problem for me.

What is a problem though is the lack of easy way to edit a post. I currently have to go into the admin area and then browse to the post in order to edit it. So I wrote a plugin that outputs the edit post link even for people who aren’t logged in. However the link is hidden using CSS and then re-shown using Javascript only if you have a logged in cookie.

It works perfect but what to call it? My working title was “Javascript Edit Links” but that seems so bland and locks me a bit into a corner. What if I someday want to add other features to the plugin, such as even showing the full admin bar? Do you have any better ideas?

New Plugin: Add Descendants As Submenu Items

When I created the navigation menu at the top of my site using the menu feature in WordPress (Appearance → Menus), I didn’t want to have to maintain anything but the top-level menu items. When I released a new plugin and created a page for it, I didn’t want to have to go into my menu UI and add it there too. So instead I wrote this plugin.

Add Descendants As Submenu Items adds a checkbox to each menu item that is of a hierarchical post type (i.e. pages). Checking this box will automatically display all descendants as submenu items on the front end of your site. You can see it in action at the top of my site — I only configured the top level menu items and everything that shows up when you hover over them has been added by my plugin rather than manually by me.

For more details and to download the plugin, check out the plugin’s homepage.