Wordpress Upgrade
Sunday, March 30th, 2008I am currently enjoying the visual refresh Wordpress has been given in version 2.5. Its quite cool.
Archive for the ‘WordPress’ Category
Upgraded
Saturday, October 20th, 2007Akismet Sanitised
Sunday, September 30th, 2007I made the Akismet plugin a little more sane after discovering it sent the entire $_SERVER array to akismets servers. I changed:
$ignore = array( 'HTTP_COOKIE' );
foreach ( $_SERVER as $key => $value )
if ( !in_array( $key, $ignore ) )
$comment["$key"] = $value;
To:
foreach ($_SERVER as $k => $v)
{
if (strpos($k, 'HTTP_') === 0 && $k != 'HTTP_COOKIE')
{
$comment[$k] = $v;
}
} Disabled Akismet, comments held for moderation.
Tuesday, September 25th, 2007I have made the decision to disable Akismet, after reading some hype about the new Wordpress 2.3’s plugin version check API, which turned out to be negative but reveals something interesting with regards to Akismet. The following code is taken from the official Akismet plugin for Wordpres.
$ignore = array( 'HTTP_COOKIE' );
foreach ( $_SERVER as $key => $value )
if ( !in_array( $key, $ignore ) )
$comment["$key"] = $value;
$query_string = '';
foreach ( $comment as $key => $data )
$query_string .= $key . '=' . urlencode( stripslashes($data) ) . '&';
$response = akismet_http_post($query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port);
The bit that worries me is the use of $_SERVER, the only item from this array not sent is HTTP_COOKIE, fair enough. But why do you need to know the full paths to the files on my server and other server environment variables Akismet? I do not have a problem with sending data to Akismet, just not this data!
