Archive for the ‘WordPress’ Category

Wordpress Upgrade

Sunday, March 30th, 2008

I am currently enjoying the visual refresh Wordpress has been given in version 2.5. Its quite cool.

Upgraded

Saturday, October 20th, 2007

I just upgraded this blog using a Subversion patch, seems to be working ok, will keep and eye out for any 404s see if I missed any new files and the like. I also started to burn my feed.

Akismet Sanitised

Sunday, September 30th, 2007

I made the Akismet plugin a little more sane after discovering it sent the entire $_SERVER array to akismets servers. I changed:

        $ignore = array( 'HTTP_COOKIE' );

        foreach ( $_SERVER as $key => $value )
                if ( !in_array( $key, $ignore ) )
                        $comment["$key"] = $value;

To:

        foreach ($_SERVER as $k => $v)
        {
                if (strpos($k, 'HTTP_') === 0 && $k != 'HTTP_COOKIE')
                {
                        $comment[$k] = $v;
                }
        }

Disabled Akismet, comments held for moderation.

Tuesday, September 25th, 2007

I have made the decision to disable Akismet, after reading some hype about the new Wordpress 2.3’s plugin version check API, which turned out to be negative but reveals something interesting with regards to Akismet. The following code is taken from the official Akismet plugin for Wordpres.

        $ignore = array( 'HTTP_COOKIE' );

        foreach ( $_SERVER as $key => $value )
                if ( !in_array( $key, $ignore ) )
                        $comment["$key"] = $value;

        $query_string = '';
        foreach ( $comment as $key => $data )
                $query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';

        $response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);

The bit that worries me is the use of $_SERVER, the only item from this array not sent is HTTP_COOKIE, fair enough. But why do you need to know the full paths to the files on my server and other server environment variables Akismet? I do not have a problem with sending data to Akismet, just not this data!

Source