Category Archives: WordPress

WPMU for cpanel sites

There have been too many complaints on the forums about people having trouble installing WPMU. A number of these are on Cpanel administered sites.
Until this morning I had never used Cpanel, but thanks to James Farmer I had my chance.
Here’s how I debugged the problem with installing WPMU on Cpanel sites.
This problem probably extends to any web based installer that creates a .htaccess file in the root directory because Cpanel creates an empty file of the same name.
This is a problem because the file is owned by the user running Cpanel, not the web server. You have to change the permissions of the file through Cpanel, or ftp in and delete it.

Give me a shell any day.

Security Checking PHP Templates

WordPress uses PHP as it’s templating language. It’s well established and as I’ve said before, there’s an abundance of free themes out there for it.
Unfortunately in a multi-user environment, allowing untrusted users to edit PHP code on your server is a huge security risk. There has to be some way to limit the commands a user can use, and there is!
PHP already parses html pages, so why not take advantage of that engine? The PHP Tokenizer lets you do just that!
Feed your template through token_get_all() and it’ll spit out an array containing HTML, PHP, and other elements from your file.
Here’s an if statement that should be familiar:

T_OPEN_TAG: '<?php '
T_IF: 'if'
T_WHITESPACE: ' '
(
T_STRING: 'have_posts'
(
)
)

We then need to compile a list of allowed functions, which can be got from wp-includes/* and we’re well on the way to a safe environment for WP bloggers. Any more ideas?

OpenID: an actually distributed identity system

OpenID looks very promising and maybe WordPerss can play a part in it if the work is put into it.
It’s certainly something that would benefit WPMU. A community of users could post comments on each other’s blogs and bias any moderation rules in favour of the posted data getting through.
It doesn’t address trust however, but in a blogging community that can be solved in other ways (ie. when you register, the user has to click a url in an email.)
Interesting times ahead.

Simple MySQL Backup

If, like me, you have a database full of small tables, but all amounting to a large amount of data then dumping the data from it into a single file is handy, but not very useful when it comes to retrieving a backup of one single table.
Instead, wouldn’t it be easier to dump each individual table into it’s own file? What about keeping a week’s worth of backups? Here’s one way I backup my WordPress db with a little Bash script:

export d=`date +%u`
mkdir -p backup/$d
for i in `echo "show tables" | mysql -u username -ppassword database|grep -v Tables_in_`;
do
  echo $i; mysqldump --add-drop-table --allow-keywords -q -a -c -u username -ppassword database $i > backup/$d/$i.sql
  rm -f backup/$d/$i.sql.gz
  gzip backup/$d/$i.sql
done

WPMU – Using WordPress Themes

I’m exploring what changes are required so that WPMU can use WordPress themes. Currently, WPMU uses Smarty templates but there’s an order of magnitude more WordPress themes out there so it’d be great if we could use those too. The WP theme engine has become a very flexible and sophisticated templating engine over the past year. Version 1.6 of WordPress will have easy tags, so template authors don’t even have to know PHP to create their templates!
In brief, WPMU can use WordPress themes with little modification, although only read-only. If you want to edit the theme then the theme files have to copied into seperate blog theme folders. The pieces are falling into place and hopefully I can make it an option so that Smarty and WP themes can be mixed on the one host!

Debian Sarge, PHP4 and Apache2.. why do you persecute me?

Oh FFS! Has anyone had a problem with Apache2 and PHP4 on Debian Sarge/Testing? I have a stock install of it with nothing unusual AFAICT but Firefox keeps trying to download and save php files instead of processing them. All the config files seem to be correctly set up. Files in mods-enabled/ are fine.
Why am I upset? I added the wp-newblog.php to WPMU SVN tonight, imported a chunk of code from install.php so it’s a one-step process, but I can’t test this thing to see if it works! It’s here as a WPMU snapshot but it won’t work out of the box. It needs an entry in .htaccess first, and bug fixing.

I’m off to relax, it’s been a long day.. zzzz

Much Later… I finally got it working again. I tried dpkg-reconfigure phpmyadmin but it didn’t update the config file with this error:

Not replacing deleted config file /etc/apache2/conf.d/phpmyadmin.conf

Following the clues from here I did the following:

apt-get remove –purge libapache2-mod-php4
apt-get remove –purge apache2
apt-get install libapache2-mod-php4 phpmyadmin

PHPMyAdmin now works fine, and hopefully wpmu will too!

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.

  • uBlock Origin is a free, open source, ad blocker for your browser.
  • Use pi-hole if you have a spare Raspberry Pi on your network.
  • Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.