Tip: How to modify WordPress MU to allow embed objects (specifically for SlideShare)

August 1st, 2008 by Dan York

Okay, so this was a serious way to waste a morning! At 8:00am this morning I put up the post about my OSCON 2008 presentation and immediately noticed that the embedded SlideShare slide show was not visible. The problem was fairly simple to figure out. Here’s the embed code from the SlideShare page for my presentation that I had diligently copy and pasted into MarsEdit before sending to WPMU via the API:

<div style=”width:425px;text-align:left” id=”__ss_525876″><a style=”font:14px Helvetica,Arial,Sans-serif;display:block;margin:12px 0 3px 0;text-decoration:underline;” href=”http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed” title=”OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML”>OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML</a><object style=”margin:0px” width=”425″ height=”355″><param name=”movie” value=”http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml” /><param name=”allowFullScreen” value=”true”/><param name=”allowScriptAccess” value=”always”/><embed src=”http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml” type=”application/x-shockwave-flash” allowscriptaccess=”always” allowfullscreen=”true” width=”425″ height=”355″></embed></object><div style=”font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px;”>view <a style=”text-decoration:underline;” href=”http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed” title=”View OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML on SlideShare”>presentation</a> (tags: <a style=”text-decoration:underline;” href=”http://slideshare.net/tag/oscon2008″>oscon2008</a> <a style=”text-decoration:underline;” href=”http://slideshare.net/tag/oscon”>oscon</a> <a style=”text-decoration:underline;” href=”http://slideshare.net/tag/microblogging”>microblogging</a> <a style=”text-decoration:underline;” href=”http://slideshare.net/tag/identi-ca”>identi.ca</a>)</div></div>

However, when I did a “View -> Page Source” in Firefox, this was all that was visible:

<div style=”width:425px;text-align:left” id=”__ss_525876″><a href=”http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed” title=”Mashing Up Voice and the Web Using Open Source and XML”>OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML</a>
<div style=”font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px”>view <a href=”http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed” title=”Mashing Up Voice and the Web Using Open Source and XML on SlideShare”>presentation</a> (tags: <a href=”http://slideshare.net/tag/oscon2008″>oscon2008</a> <a href=”http://slideshare.net/tag/oscon”>oscon</a> <a href=”http://slideshare.net/tag/microblogging”>microblogging</a> <a href=”http://slideshare.net/tag/identi-ca”>identi.ca</a>)</div>

Without even looking through the code I could just see visually that there was a chunk of code missing.

Oops.

I thought I knew what it was and, sure enough, closer examination of the code showed that the <object> element was being stripped entirely out:

<object style=”margin:0px” width=”425″ height=”355″><param name=”movie” value=”http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml” /><param name=”allowFullScreen” value=”true”/><param name=”allowScriptAccess” value=”always”/><embed src=”http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml” type=”application/x-shockwave-flash” allowscriptaccess=”always” allowfullscreen=”true” width=”425″ height=”355″></embed></object>

Based on past experience with WPMU (documented here and here), I knew immediately this was an issue with the &lt;WPMUHOME&gt;/wp-includes/kses.php file which, for very valid security reasons, strips out unknown tags when a post is created on the site (either via the web editor or posted through the API).

What confused me, though, was that SlideShare embeds worked perfectly fine in previous posts. So I had no idea why they weren’t working now. However, since that earlier post, I’ve upgraded to WPMU 1.5.1 and for whatever reason something has changed. It’s strange, though. <object> was NOT in the kses.php file before (I checked a backup) and it’s not in there now. Which makes me wonder how I posted those earlier entries with SlideShare embeds and others with YouTube videos.

In searching the WordPress MU forums, I found this post from a year ago that was seeking a solution to embed YouTube and Google videos. On the second page of responses, I found a great solution from a developer named Hendy Irawan.


WARNING: THIS CAN BE A SERIOUS SECURITY RISK IF YOU DO NOT TRUST YOUR AUTHORS!

In our case (for blogs.voxeo.com), we tightly control who can post to this site, so this security concern is not a major one for us. However, if you are operating a WPMU site where you let anyone sign up and create a new WPMU blog, I would very STRONGLY recommend you be extremely careful (as in “Don’t do it!”) with this as you can allow for the embedding of all sorts of content.


Basically, Hendy’s plugin simply adds <object> and <embed> to the list of allowed tags in kses.php. The nice aspect, though, is that it is in a separate file in the plugins directory so that it will survive upgrades. This seems an obvious thing to do but was not something I had seen previously. Great idea.

So following the instructions, I created the file &lt;WPMUHOME&gt;/wp-content/mu-plugins/embed_allower.php with Hendy’s code in it and tried another upload with the SlideShare embed in it. The result was almost there (new code in red):

<div style=”width:425px;text-align:left” id=”__ss_525876″><a href=”http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed” title=”Mashing Up Voice and the Web Using Open Source and XML”>OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML</a><object width=”425″ height=”355″><embed src=”http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml” type=”application/x-shockwave-flash” width=”425″ height=”355″></embed></object>
<div style=”font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px”>view <a href=”http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed” title=”Mashing Up Voice and the Web Using Open Source and XML on SlideShare”>presentation</a> (tags: <a href=”http://slideshare.net/tag/oscon2008″>oscon2008</a> <a href=”http://slideshare.net/tag/oscon”>oscon</a> <a href=”http://slideshare.net/tag/microblogging”>microblogging</a> <a href=”http://slideshare.net/tag/identi-ca”>identi.ca</a>)</div>

If you compare to the <object> snippet above, you’ll notice that the <param> element is missing and there are some other attributes on the <embed> object that aren’t there, either.

To accomplish this, I need to modify Hendy’s code, which is now shown below:

<?php
/*
* Plugin Name: Embed Allower 2
* Plugin URI: http://blogs.voxeo.com/behindtheblog/wp-plugin-embed-allower-2/
* Description: Allows embed, object, and other security risks tags. LGPLv3.
* Version: 1.0
* Author: Dan York
* Author URI: http://blogs.voxeo.com/behindtheblog/
**/
/*
* Based on Embed Allower from Hendy Irawan at http://hendyirawan.com/
*
* WARNING: THERE ARE SERIOUS SECURITY RISKS with allowing these object and
* embed tags, especially in multi-author environments where you don't trust
* your users.  Please make sure you know what you are doing before using
* this.
*
* Dan York and Voxeo Corporation assume absolutely no liability if you have any
* security issues as a result of using this plugin. USE AT YOUR OWN RISK!
*/

// For more info see wp-includes/kses.php
if (!CUSTOM_TAGS) {
	$allowedposttags['embed'] = array(
		’style’ => array(),
		‘type’ => array (),
		‘id’ => array (),
		‘height’ => array (),
		‘width’ => array (),
		’src’ => array (),
		‘object’ => array(
			‘height’ => array (),
			‘width’ => array (),
			‘param’ => array (
				‘name’ => array (),
				‘value’ => array ()
			)
		)
	);
	$allowedposttags['object'] = array(
	        ’style’ => array (),
		‘height’ => array (),
		‘width’ => array (),
		‘param’ => array (
			‘name’ => array (),
			‘value’ => array ()
		),
		‘embed’ => array(
			’style’ => array(),
			‘type’ => array (),
			‘id’ => array (),
			‘height’ => array (),
			‘width’ => array (),
			’src’ => array (),
			‘allowfullscreen’ => array (),
			‘allowscriptaccess’ => array ()
		)
	);
	$allowedposttags['param'] = array (
	        ‘name’ => array (),
		‘value’ => array ()
	);
}
?>

I’ve now created a specific page for this plugin. If you put it in your &lt;WPMUHOME&gt;/wp-content/mu-plugins directory it should now let you upload objects like SlideShare slide shows and other embedded objects.

If you do have any comments about this, please feel free to leave them here.

And again, please understand the security risks of using this. I would again strongly recommend NOT using this if you do not trust your authors. (On the other hand, if you run a corporate blog portal like we do, this may be perfectly fine.)

Technorati Tags:
, , , ,

Enabling skype: and sip: URLs in WordPress MU 1.5.1

June 11th, 2008 by Dan York

Last week when I put up my request for readers to dial into some sample voice applications, I received the feedback (ironically via Twitter) that my “skype:” and “sip:” URLs weren’t working. They appeared in the text correctly:

skype:+990009369996076704
sip:9996076704@sip.voxeo.net

but they weren’t “clickable”. Instead of launching your Skype or SIP client, they went instead to:

http://blogs.voxeo.com/voiplab/2008/06/03/got-a-minute-to-make-a-couple-of-phone-calls-to-generate-some-traffic-for-screencasts/+990009369996076704

http://blogs.voxeo.com/voiplab/2008/06/03/got-a-minute-to-make-a-couple-of-phone-calls-to-generate-some-traffic-for-screencasts/9996076704@sip.voxeo.ne

Neither of which worked, of course, so people got the good old 404 screen. (Some of you may know where this is going…) A quick look at the code showed the problem:

<a href=”+990009369996076704″>skype:+990009369996076704&t;/a> or <a href=”sip:9996076704@sip.voxeo.net”>9996076704@sip.voxeo.net</a>

The “skype:” and “sip:” URL prefixes were being helpfully stripped out when the post was being published! The links were then relative URLs which were of course bogus.

The solution turned out to be similar to what I could do to solve my embedding XML problem… modify the kses.php file. There at line 338 was this:

function wp_kses($string, $allowed_html, $allowed_protocols = array (’http’, ‘https’, ‘ftp’, ‘ftps’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet’)) {

And so a simple change of adding ’skype’ and ’sip’ to the end of the list like this:

function wp_kses($string, $allowed_html, $allowed_protocols = array (’http’, ‘https’, ‘ftp’, ‘ftps’, ‘mailto’, ‘news’, ‘irc’, ‘gopher’, ‘nntp’, ‘feed’, ‘telnet’, ’skype’, ’sip’)) {

seems to have fixed the problem. I had to re-enter the URL prefixes on the original post, but now the “skype:” and “sip:” URLs do work in the edited post.

Fun, fun, fun…

Technorati Tags:
, , , ,

Successful upgrade to WPMU 1.5.1 - with some lessons learned

June 11th, 2008 by Dan York

Tonight I successfully upgraded blogs.voxeo.com to WordPress MU 1.5.1, the latest version. I’ve been wanting to do this since the release a month ago but I’ve held off to monitor the WPMU Forums to see what upgrade issues there were. The other challenge is, of course, that doing a site-wide upgrade requires setting aside a block of time in case anything goes wrong (and it did… see below). However, in light of reports of mass hacking of WordPress sites (see also here), I decided to make the upgrade tonight.

Following some of the links off of this forum post, I did successfully complete the upgrade, but I thought I’d record several lessons I learned in case they help others:

1. BACKUPS ARE YOUR FRIEND - Before doing anything, I had done the good old

tar -cvzf wpmu-backup-20080612.tgz wpmu

command in the directory above my WPMU installation to have a nice little tar file sitting there. This turned out to be critical as I did in fact need to restore it all to how it originally was after messing it up with #2 below. I also performed a MySQL backup to be safe although that turned out not be needed.

2. DISABLE ALL PLUGINS - This was mentioned in a few posts but for whatever reason I didn’t do it. Bad move. There was something about the OpenID plugins I was using that did not like the upgrade. It was somewhat bizarre in that the plugin to accept OpenID logins actually seemed to start working, which it hadn’t done before! However, it was causing a host of errors - bizarrely even when I reverted to a backup… so I wound up going into mu-plugins and blowing away the OpenID plugins from the directory (thanks to having the backup in #1).

3. YOU DO HAVE TO ADD THE SECRET KEY AND SALT - Just as detailed on Donncha’s blog post, on my first login to the admin interface I was given the warning that I needed to add two lines to my wp-config.php file. This was a very simple copy/paste into a shell window I had open.

4. USE ‘UPGRADE’ FROM SITEADMIN - Once you’ve copied the WPMU 1.5.1 files into your WPMU directory, the upgrade process for the individual blogs is a simple matter of choosing ‘Upgrade’ from the Site Admin menu.

5. THE ‘DEFAULT’ THEME GETS OVERWRITTEN! - After the upgrade, our home page was perfectly fine, but each of the individual blogs looked horrible. After a forced browser refresh it became clear that they had reverted to the default Kubrick theme. The issue became clear - the ‘default’ WP theme gets overwritten by the upgrade. In retrospect, this makes sense, but here’s the problem - we replaced the ‘default’ theme with our own that is visible on any of our blogs. The reason is simple… on this site, the only blogs that will be created will be with this theme. It will be the default for all blogs. Rather than create a separate theme directory and require blogs to be changed to that separate theme, it seemed to make sense to just replace the ‘default’ theme.

Oops.

Thankfully because of the backup from #1, restoring our ‘default’ theme was a trivial matter.

In a nutshell, those were my lessons from tonight. We’ll see if there are any further issues as we use it, but so far everything seems fine (outside of the fact that I have to go back and add the OpenID plugins back in - which will be for another day).

Technorati Tags:
, , ,

Email subscription now available for this blog - and the challenges therein

April 29th, 2008 by Dan York

As noted over on our Voxeo Talks blog, I’ve now set up an email subscription option to our “All Voxeo Blogs” feed through Feedburner. For a reason I’ll discuss below, I’ve only enabled it for our all blogs feed.

However, given that this “Behind the Blog” blog is different from all of our other blogs, and also, quite frankly, because a reader requested it, I’ve also enabled the email subscription option for this particular blog. You can subscribe to just this blog via email by either entering your email address in the box in the far right sidebar - or by clicking this link. Follow the link in the confirmation email and, ta da, you’re done.

So why haven’t I done this for all of our individual blogs?

Simple. I can’t easily automate it and have it appear in the same place as the other subscription options.

Let me explain a bit more. If you go to our main portal page of blogs.voxeo.com you will see in the first sidebar under the heading “Subscribe” a link that says “Subscribe via email“. Click on that and a confirmation email later you are subscribed to the “all blogs” feed. Nice and easy.

We use Feedburner for all of our feeds mostly to get the stats and also because it provides nice options like this email subscription option.

Here’s the thing. That “portal” page uses its own unique WPMU “theme” (very creatively called “voxeo-home”) to deal with how we present entries across all blogs and other ways in which we want to make the portal page different from our regular blog pages. Because it is using its own unique theme, it’s trivial for me to add the “Subscribe via email” link. I just go into “sidebar1.php“, find the right place and add the link. Piece of cake.

However, all the actual blogs on the site use the same WPMU theme (”default”) and so they have the same sidebars by default. The problem, though, is this:

Each blog has a unique Feedburner email subscription URL.

So I can’t just add some magic to template sidebar and have this automagically work. As I’ve thought about this, I see a couple of choices:

  1. Add only the All Blogs email subscription option - This is what I have done now. I’ve gone into the sidebar1.php file for the template and added the link to subscribe to the all blogs feed via email. This is simple and consistent with the other formatting. The problem of course is that it doesn’t let readers subscribe to only the blog they care about. Readers of this blog about WPMU may not care about all the other stuff we’re doing at Voxeo. Readers to “Speaking of Standards” may only be interested in our positions on standards. I’d like to offer the option. This choice doesn’t provide that option.
  2. Manually add widgets to the blog sidebars - That’s what I’ve done here on this blog where I’ve added the widget over in sidebar 2 using the standard way to do so in the WP “Presentation->Widgets” menu. The good news is that I can offer the option, but the bad news is that it is off in a different area from the “Subscribe” options over in sidebar 1. (And for whatever reason, I can’t get the darn widget to say “Subscribe via email” on top, but that’s a different issue that I’m sure I’ll eventually sort out.)
  3. Write some WP code to modify the template - I suspect the real answer is to write a WP function that grabs a URL from the database and inserts it in the relevant spot. In that way I’d enter the URL for the Feedburner email subscription for each individual blog into the database and then modify sidebar1.php in the theme to call the new WP function, which would pull the blog-specific URL from the database and insert it. Sounds cool… but I also don’t see me having the cycles to do that anytime soon.
  4. Search for a plugin that does #3 - I suppose the other thing I can do is to search for a plugin that does what I described in #3. This involves searching through the various directories of plugins, trying out the code to see if it works with WPMU, etc. Maybe there’s one out there. (Heard of one?)

That’s why I haven’t yet rolled out email subscriptions for each individual blog. Have any of you out there solved this issue? What have you done? Is there a plugin you use for WPMU?

Technorati Tags:
, , , , , ,

Adding video comments to WPMU using Seesmic’s new plugin

April 24th, 2008 by Dan York

seesmiclogo.jpgIf you look down in the comments area of this - or any other blog post - you’ll now see a link that says you can add a video comment:
seesmicvideocomment.jpg

What’s going on? Well, I’ve added a new video plugin for Wordpress from the folks at Seesmic. Here’s brief video intro from me:

The plugin was announced yesterday on Techcrunch and also on (Seesmic founder) Loic LeMeur’s blog. The folks at Seesmic even nicely created a little YouTube tutorial about the plugin:

Adding the plugin to WordPress MU was very straightforward. I downloaded the code, unzipped it and copied the directory into the “plugins” directory (NOT mu-plugins). I then went into Site Administration -> Plugin Commander and clicked on the “Allow” link to allow individual blogs to have this capability. Next I went into the admin dashboard for this blog and enabled the plugin for this blog. Ta da… video comments and embeds into posts are now enabled.

Why didn’t I just enable it across all blogs? Well, I like the granularity of being able to enable or disable it on a per-blog basis. The reality is that I’ll probably enable it for all the blogs on this site that I primarily run. But we may have other blogs here that others run (as Chris does with the Voxeo Labs blog) where they don’t want to use video.

One note I should make. In the Seesmic plugin configuration (for each blog), I have opted to allow “anonymous” video comments, meaning that someone does not need to have a Seesmic account in order to leave a video comment. There’s a checkbox there that enables that kind of posting:
seesmicanonymouscheckbox.jpg

Now, the one down-side I’ve already discovered is that in order to use it to embed a video in a post like this, I have to use the WordPress web editor to write my post. However, I almost never use this web editor because I’ve gotten very addicted to doing all my blogging offline using MarsEdit. However, I think odds are that when I want to embed a video, I probably won’t want to write as much text, so I probably won’t need all the shortcuts that I’ve gotten used to in MarsEdit. (I may also be able to go into the web editor, record and embed the video, save it as a draft, and then pull it down into MarsEdit and do further editing there - I’ll have to try it.)

Outside of that, it seems like a cool way to add video into the blogging platform. Let me know what you think. Hey… if you have a webcam, you can leave me a video comment!

Technorati Tags:
, , , , ,

WPMU mu-plugin to list most recent posts across all blogs coming soon…

April 11th, 2008 by Dan York

As I’ve had now several requests for more info about what we did on our main page to list the most recent posts across all blogs, I just thought I’d put up a note to say that I will be posting the plugin script and writing more about that soon. I just need to clean it up a bit more and create a page with more info. It’s almost there…. sometime in the next week or two, hopefully.

Technorati Tags:
, ,

WordPress 2.5 is out… now to see when WPMU will update

April 2nd, 2008 by Dan York

wordpress.jpgWith WordPress 2.5 now out, we’ll be watching to see when WordPress MU gets updated. Of the long list of WP 2.5 features, the one that is honestly of most interest to me as the one running a blog site is of all things the improved editor:

Friendlier visual post editor — I’m not sure how to articulate this improvement except to say “it doesn’t mess with your code anymore.” We’re now using version 3.0 of TinyMCE, which means better compatibility with Safari, and we’ve paid particular attention this release to its integration and interaction with complex HTML. It also now has a “no-distractions” mode which is like Writeroom for your browser.

I don’t use the visual post editor myself - I do all my posting through the MarsEdit offline blog editor - but as I’ve been helping others post to this site, I’ve seen the existing editor as one of the things that sometimes causes challenges. So I’m looking forward to the new editor.

All the other features look good, too, so it should be an interesting release to get into place. Per a thread on the WordPress MU forums, though, it may be a little bit before WPMU comes out with a new release in sync with WP 2.5. As noted in that thread, WordPress.com needs to be updated first. We’ll see. This will be the first WordPress MU upgrade we’ll have done to this site, so it will be an interesting learning experience for us. Will the “upgrade” features of WPMU work as well as we would hope they will? :-)

Technorati Tags:
, ,

The challenge of embedding XML into a WordPress MU blog entry

March 31st, 2008 by Dan York

Given that we work with XML, we naturally want to include XML inside of our blog posts. However, that turns out to be a bit of a major headache. Over on our Voxeo Developer’s Corner blog, you can see what we are trying to do with posts like this one. We want to include snippets of XML code, complete with angle brackets, etc.

Obviously this can be done through good, old “HTML character entity substitution. In order to get:

<prompt>

we simply enter it into WordPress MU as:

&lt;prompt&gt;

We can do that - and certainly any number of text editors make it now easy to go through and swap all symbols over to their corresponding HTML character entities. But this is rather a pain in the neck. You have to bring the code into one of those editors, select the entire text, and then execute whatever script you use to to the character conversion. It takes a little bit of time and when you are trying to get folks like our busy support team to also contribute blog entries, you want to reduce anything that adds time to the posting process.

What I was ideally trying to do for our authors was make it so that they could do something like this:

<code>
… XML code…
</code>

With something like this, they could simply copy/paste their XML code directly into the WPMU editor and… ta da… publish the post. In trying to make this ideal a reality, I worked my way through installing a number of different “code markup” plugins for WordPress:

I also looked at Code Viewer but really did not want to store the XML code in separate files.

I installed each of these (in some cases multiple times), read and re-read the instructions, added the appropriate markup (usually <code>) around the block of code, published the entries and…

Nothing.

All the posts looked horrible and didn’t display any of my XML code. This was all incredibly frustrating and after spending a sizable chunk of my time trying to make this work, I finally posted my problem on the WPMU Forum and soon received my answer.

It turns out that WordPress has a file called “kses.php” which lists all of the tags that are allowed inside my post. Any tags not in the allowed list get stripped out! This obviously occurs before the code markup plugins step in and do whatever conversion they do of the code into HTML character entities. So… all my XML code appears to WPMU as regular tags, which, because they aren’t listed in kses.php get stripped out.

Oops.

The end result is that it appears that I have two options:

1. Enter all the relevant VoiceXML, CCXML and CallXML tags into kses.php so that they are allowed; or
2. Keep on doing it the text editor massive replace route.

Given everything else on my plate, we’re going to reluctantly have to stick with #2 and just keep on replacing the symbols with HTML character entities before copying/pasting into WordPress’ editor. It’s a pain - but I don’t see an option until either I find another solution or get the time myself to update kses.php.

If anyone reading this knows of another option, I’d love to hear it.

Technorati Tags:
, , , , ,

Supporting OpenID, part 2a: Setting up WPMU to accept OpenID logins

January 11th, 2008 by Dan York

As I noted in my last post about OpenID, the second and more difficult aspect of implementing OpenID is to enable this site to accept OpenID logins for comments. In the comments to that post, Jeff Waugh replied today indicating that he had ported WP-OpenID over to WordPress MU.

Naturally I headed over to Jeff’s post as soon as I saw it. Since I had already downloaded WP-OpenID, I just needed to reference his bug report for the instructions on how to patch the plugin. Well, that and I needed to download the diff file (Note: from the dev.wp-plugins.org page, the “attachment” link brings you to an HTML-ized version of the diff file. To get the “raw” version, you need to select the “Original format” link at the bottom of the page (or follow my link here).)

However, although I followed the directions at the bottom of the page, it sadly didn’t work. In some correspondence with Jeff, I think the issue may lie in the fact that we use our own custom theme - and we may need to tweak that to support the OpenID plugin. However, in doing this, as you can see in the comments to his blog post, I ran into some other issues which seemed to expose problems with the existing WP-OpenID plugin. Basically, the WP-OpenID plugin upon which his work is based seemed to only accept OpenID URLs from direct OpenID providers (ex. claimid.com). When I entered my LiveJournal OpenID URL, that didn’t work because it actually redirects to another URL. Similarly, using “blogs.voxeo.com” as my OpenID URL didn’t work either, nor a number of other ones.

Not realizing that he was in Australia and it was approaching 4am, I wound up in a good chat session with Jeff trying to debug the issue. Eventually he needed to get some sleep and so we parked it for another time. So we move closer… I think I’ll wait a bit until Jeff gets a chance to dig a bit more into the OpenID cases that were failing. Once he’s got it thoroughly working, I’ll take a look at how to make it work with our theme. Interesting stuff (to me, anyway).

Technorati Tags:
, , , , ,

Modifying the WPMU comment field to reference a comment policy

January 10th, 2008 by Dan York

As noted on our Voxeo Talks blog, we now have created a “Comment Policy” regarding comments posted to this blog site. When you go to fill out the comment field on a blog entry we have some text below that field and before the submit button that basically says that in submitting the comment you agree to comply with our Comment Policy. This all came about after one of our recent posts attracted some comments that made us concerned that we were not stating what we would and would not permit to be posted.

Creating the “Comment Policy” page was a simple matter of creating a new “Page” in the top-level blog here on the site. This is what you see when you hit blogs.voxeo.com. As I think I’ve noted before, this top “portal” is, in fact, just another WPMU blog, but we’ve set it up so that the main page does not allow actual postings, but rather displays the latest posts across our various blogs. So there will never be any actual “posts” in that particular top-level blog. There can, however, be pages, and they will appear in the sidebar where it says “Pages”. The nice thing about this is that you also quickly get an easily-referenced URL that you can use in other places. In this case, that URL is “http://blogs.voxeo.com/comment-policy/

The next step was to modify the comment field across all the blogs here to include a reference to the comment policy. Because all of our blogs use the exact same theme, this, too, turned out to be a relatively trivial exercise. I just went into our theme, which is actually named “default” in our case and found the file “comments.php”. Down on line 97, I inserted a simple <p> paragraph (shown in blue):

<p><textarea name="comment" id="comment" cols="100%" rows="10" tabindex="4"></textarea></p>
<p><em>Please note: By submitting a comment you agree to comply with our
<a href="http://blogs.voxeo.com/comment-policy/">Comment Policy</a>.
We welcome all comments, positive or negative, but do reserve the right to remove
all or part of blog comments that do not comply with our policy.
</em></p>
<p><input name="submit" type="submit" id="submit" tabindex="5" value="Submit Comment" class="commentsubmit" />

This is now visible below the comment field in all of our blogs. That was it… nice and simple.

Now, the one remaining thing I would like to do is to add a link that says “Comment Policy” underneath the “Pages” heading in the sidebar of each of the blogs here. Right now it only appears under the Pages heading on the top-level site (blogs.voxeo.com). I’m not entirely sure how I’ll do this yet. That block in the sidebar is automagically generated with the various “pages” created for the specific blog. Obviously, I could simply create a new page called “Comment Policy” in each blog and copy/paste the text into it, but that: a) is more manual work than I want to do; and b) could lead to the comment policies on blogs being out of sync if we update the main one. So I need to figure out a way to link to the main comment policy. What I might simply do is create a new entry under “Links” in each blog that goes back to the main comment policy. The other option might be to see about doing some kind of “include” macro inside the pages that brings in the contents of another page (if such a thing exists). I’m definitely leaning toward the Link option as the simplest, even if it means that the “Comment Policy” link will appear in a different place on the blogs than it does on the main home page.

We’ll see. In the meantime, we do now have some text in the comment area of all of our blog entries. If you have suggestions for how you’ve done something like this, please feel free to leave a comment. (Subject, of course, to the comment policy! ;-)

Technorati Tags:
, , , , , ,