Chris Roberts

More or less the same for me. I was deeply disappointed with 2.5. A lot of mistakes – some quite bizarre – were made with the changes in 2.5. While I’m still annoyed at how much WordPress changes between point releases, this was a necessary change. The changes are good, the new Admin interface is very nice. Enough so to win me back. 2.5 drove me to Movable Type, 2.7 brought me back to WordPress.

You’re right – I should be more specific. I’ll tweak the description. I’ll also check into providing popups throughout the site. Offhand I’m not sure what plugin creators do to have their plugins insert code into the template itself. My plugin only executes when a post is saved or viewed, and can only affect the post contents.

If you are semi comfortable with JavaScript you could use the dom_tooltip.js file in the tippy directory to insert the tooltips into your template.

What code on your sidebar? The plugin is only written to work inside of posts.

This has now been fixed. I have always hosted the plugin from my own website but decided to play with WordPress hosting. I did not play with it too much and the version I fiddled with was buggy. Somehow I failed to consider that people might download the buggy version. ??

It should work fine now. Future versions of the plugin will be hosted exclusively through WordPress Plugins.

pishmishy,

Has nothing to do with old exploits, though the problem may have been around a while judging by some of the reports. I’ve had the problem turn up again in one of my blogs running 2.3.1. The problem has happened fairly recently, though I can’t pinpoint exactly when. Since I first noticed an injection I have checked my database from time to time to see if there have been any new injections. Nothing until now, some time after upgrading to 2.3.1.

When I upgraded from 2.3 to 2.3.1 I took pains to make sure old files were not still lingering where they might cause problems. So the injection took place from the 2.3.1 code. I realize this information is not altogether helpful, but it’s all I can offer.

Didn’t mean to imply that I was going to delay an update. ?? I did update to 1.3.1 but from other comments it seems to have the same problem.

I’ve just done a little digging in my logs but haven’t spotted anything yet. I’ll keep looking.

Opened a ticket: https://trac.www.ads-software.com/ticket/5313

Glad to find others discussing this. I’ve just noticed the same thing turning up in my blog, running v2.3. Was about to update to 2.3.1 but I see from comments on here that it is vulnerable as well.

Any idea what hole these are crawling through?

Otto,

That sounds along the line of what I’m looking for. Thanks.

Great info. I’m the ESV plugin creator and these comments will be most helpful. ?? Thanks!

I’ve wrestled back and forth over excerpts vs. whole posts, I may change my mind before I release hehe.

As for comments on pages, that’s something I personally like having.

I’m running Firefox 1.5 under Linux, and the CSS is a little quirky on my end.

Here’s a snapshot image of how it looks for me.

Just throwing in another comment, I re-enabled tabbrowser preferences and the html link still works. So the problem was simply with the force option.