Comments on: Bug Chasing

By: Cupcakes Brisbane

Cupcakes Brisbane — Fri, 09 Apr 2010 01:41:14 +0000

I use WP as a CMS for most of my web design clients and have found it the most simplest to install and easiest for the client to use. All thanks to all the work developers such as yourself are doing like this this, we kinda take for granted. So a big thanks and keep up the amazing work.

By: Being Part of It | A Fool’s Wisdom

Being Part of It | A Fool’s Wisdom — Fri, 26 Mar 2010 18:39:15 +0000

[...] 3.0, nobody will have to scratch their heads over it again. Yay me! Dougal Campbell, “Bug Chasing“, March 7th, 2010 This entry was posted in Opinion and tagged Collating, Developing [...]

By: felix

felix — Tue, 23 Mar 2010 15:51:35 +0000

do you know why worpress don’t show the language-preferences, which i uploaded manual on my server, in the admin-area?

in config.php i edit this, too.

I can’t remember, hope for help

felix

By: sara

sara — Wed, 10 Mar 2010 15:56:03 +0000

Thanks for sharing about how you squashed the hell out of that bug! I’m sure you just inspired many people to be pro-active when they find bugs too. You rock!

By: reviste

reviste — Wed, 10 Mar 2010 15:20:42 +0000

the title sounds like a movie title… the article looks also like a screenplay. we shall see you at the academy awards ceremony next year?

By: Jeremy Clarke

Jeremy Clarke — Tue, 09 Mar 2010 16:14:57 +0000

Great writeup. The whole kses system is kind of a bitch. Whenever I come across it it’s in bad circumstances, especially in WPMU where kses has traditionally been extra annoying and mysterious.

For anyone having issues with unfiltered_html its important to remember that without a plugin there is no real way to give your authors full trust. If you are using the ‘author’ or ‘contributor’ roles its very important to consider modifying the default permissions to allow unfiltered_html for those roles.

In my experience it is very likely that you do trust your users not to insert malicious code, and that you are limiting their role (i.e. not making them ‘editor’) for organizational or editorial reasons. In this case you should install a role-management plugin and give the ‘unfiltered_html’ capability to anyone who you expect to be writing posts, otherwise they will eventually discover something that gets stripped from their posts, and often users will just give up instead of asking about it because it is experienced as a strange bug that destroys the content rather than a security measure (“I just thought that the video/widget/whatever wouldn’t work with WordPress”).

Capability Manager seems to be the most stable role/capability plugin out these days. Once its installed you can edit the roles to have the extra capability.

IMHO the kses filtering system should be modified to generate visible errors for users whenever some content gets stripped. After the user submits the page to save they should see a message at the top:

The following HTML has been stripped from your post because you do not have permission to use tags included within it. If you believe this is an error please ask your site administrator for help.

By: Dougal

Dougal — Tue, 09 Mar 2010 13:01:51 +0000

One of the main things that I’m hoping people will take away from this is that even though a bug may be “small”, sometimes it still takes a lot of time and effort to understand and fix it.

If I hadn’t noticed some very small details, I might still be trying to track it down. First, I had to notice that the src attribute was always the last one in my XML source. Then I had to notice the lack of a space before the tag-close. If not for that, I might still have looked at kses, but not made the connection about the space (or lack thereof).

By: John James Jacoby

John James Jacoby — Tue, 09 Mar 2010 03:33:23 +0000

Outstanding work, and a great write-up for people that maybe haven’t gotten involved yet but had that gut feeling they were staring at a little ugly bug that needed squashing.

By: Linda 16C

Linda 16C — Tue, 09 Mar 2010 02:25:20 +0000

Thank you Dougal for sharing so significative story .I also think you must like a puzzle you had to bring to an end by sloving it.

“after hours of puzzling over those broken problems, it felt darned good to find it, and — more importantly — squash it. ” ——-I agree vrey much!

By: Izba

Izba — Mon, 08 Mar 2010 22:52:34 +0000

Thank you Dougal for sorting that bug out. I bet for you it must had been like a puzzle you had to bring to an end by fixing it. Sure, without the “src” in an image inserting code there wouldn’t be any image shown !

Because of the 300px x 300px emptiness; something is telling me I may have encountered this in the past, but it well could have been only a manual coding I was doing.

All the best.