Behind The Blog

If you look at the bottom of any of the posts on any of the Voxeo blogs, including this post, you’ll see that there is now a “Related posts” section that promotes other blog posts that are deemed relevant to the topic of the post. The idea being, of course, that you can expose readers who land on a blog post as a result of search (or tweets or other links) to other posts you have on your site. Keep the readers on your site and learning about your content… and potentially then moving them to take some action or engage with you at a deeper level.

After evaluating a good number of WordPress plugins that provide this functionality, I wound up choosing Michael Erlewine’s Yet Another Related Posts Plugin (YARPP), based primarily on the number of recommendations I saw for it, the extensibility that it has (although I’m admittedly using hardly any of its power right now), and also the fact that it put relevant posts out to both the web page and the RSS feed. Here’s a view of what the RSS feed looks like for the same post as shown in the image to the right:

Now, I set the plugin to only show 3 related posts in RSS and 5 for the web site. ALL of that is configurable, including the text that appears above the related posts, the HTML used, styles, etc. There are so many options, in fact, that I could easily see burning up a chunk of time just experimenting with it all. Me? I’m using mostly the default settings right now and it’s working fine.

WordPress MU Issues

I installed the YARPP plugin in the “plugins” directory and then activated it site-wide. I chose “plugins” vs “mu-plugins” purely because I wanted the option to not use it on some blogs… I don’t actually know if it would work in mu-plugins. It all worked fine.

There are just two issues from a WPMU point-of-view:

• Related posts only from the SINGLE blog – The YARPP plugin works with only a single blog, which is probably what you want 99% of the time. However, in a tightly controlled WPMU environment like this corporate blog portal, it would be interesting to try seeing related posts from across ALL blogs on this site. I could see that helping send traffic across the different blogs.
• Related posts NOT appearing in the all-blogs RSS feed – As I mentioned earlier, YARPP nicely puts related posts into the RSS blog for each individual blog. However, we’re generating an “All Voxeo Blogs” RSS feed to which the majority of people subscribe. That feed also goes out to our Facebook page and is delivered by email to subscribers. YARPP does not add posts to this AllVoxeoBlogs feed, largely because we’re generating this feed using another WPMU plugin. At some point I need to look into how I can add in hooks or somehow get related posts there.

Given that YARPP isn’t targeted at WPMU, I wouldn’t expect it to do these things, but they would be wonderful enhancements… or a reason to have a YARPP-MU plugin.

Those issues aside, I’ve been very pleased with the plugin thus far and have to really applaud Michael Erlewine for his great work and for making the plugin available.

Have any of you reading this tried other “related posts” plugins with WPMU?

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

Way back in late 2007 when I launched blogs.voxeo.com, one of my very first problems was in trying to figure out how to include snippets of VoiceXML, CCXML and CallXML code. I wrote about trying a number of different WordPress plugins back in March 2008 and at the time didn’t have much luck. When we have been including source code in blog posts, it has admittedly been using the über-kludgey way of converting all the XML tag syntax into HTML character entities, inserting non-breaking spaces, etc. A serious kludge.

Over the weekend I saw the recent post on the WordPress.com blog about posting source code which pointed me to the excellent “SyntaxHighlighter Evolved” plugin from “Alex / Viper007Bond” (view his plugin page) that is in turned based on the JavaScript SyntaxHighlighter package from Alex Gorbatchev. I installed it in WordPress MU, tested it out on an experimental blog I use for testing and then activated it sitewide.

Now, when I simply bracket VoiceXML code with “[ xml ]” and “[ /xml ]” (without the spaces), it comes out looking great. Here is an example:

---

<?xml version="1.0" encoding="UTF-8"?>
<vxml version = "2.1" >

  <form>
    <block>
    <prompt>
      Hello World. This is my first telephone application.
    </prompt>
    </block>
  </form>
</vxml>

---

It is, of course, not limited to merely XML. There are 20+ languages listed on the SyntaxHighlighter ’syntax files’ page. I expect that we’ll be using it now to be able to better write about the Tropo.com languages over on the Tropo blog.

One aspect I quite like about the plugin is the menu you get when you move your mouse over the source code. As shown in the image to right, you can easily:

• view the source code in a pop-up window
• copy the code to your clipboard
• print the code

Given that we’re planning to make more tutorials available, having the ability to copy and paste the code easily directly from the blog post is a great feature.

Many kudos to the two Alex’s for making both the underlying JavaScript library and also the WordPress plugin. And if you run a WordPress or WordPress MU site, you can download the SyntaxHighlighter plugin and install it in your site, too.

P.S. I should in fairness point out that a couple of colleagues have mentioned SyntaxHighlighter to me over the past few months… I just never had a chance to check it out until now.

---

UPDATE #1, a few minutes after posting: So it seems I still need to work out a kink in my own process. I almost always write my posts offline using the MarsEdit editor and then publish them to the blogs.voxeo.com site. However, when I did that with this post, I wound up with code that had tags escaped as HTML character entities:

I had to go back into the WPMU editor on the website and paste in the correct VoiceXML code.

I’m not sure if the issue is with MarsEdit, my WPMU config or the SyntaxHighlighter plugin… but obviously I can’t really write posts with code in them offline until I figure it out…

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

Back in June, I asked about what people thought the best plugin was for publishing updates to Twitter when there are new blog posts posted here in WordPress MU/WPMU. I was then and have been using Alex King’s excellent Twitter Tools plugin for WordPress, but it was a bit like using a screwdriver to bang in a nail. The Twitter Tools plugin is primarily designed to capture your tweets in a blog post so that you can have occasional posts on your blog site that include all your tweets. The plugin can also publish tweets when you have a new blog post, but it’s real strength seems to be in pulling your tweets into your blog.

All I want to do is publish new tweets… I don’t want to create blog posts with tweets. So I’ve known for quite some time that I’ve been using the wrong plugin for the job… but it’s worked okay, so I continued. I tried a different plugin over on the VoiceObjects Developer Blog, but I haven’t been as happy with it because it tended to shorten the titles of blog posts too much when posting to Twitter.

However, recently my colleague Ron Blaisdell pointed me to WordTwit from BraveNewCode and I have to say that it is outstanding at what I need it to do. Once you install the plugin, there is a very simple configuration screen where you enter your username, password and can change the format of what gets tweeted out:

In our case, I chose to edit the message to be “[title] - [link]” so that there is no prefix on any of the tweets.

You then can choose which URL shortener you want to use – I chose bit.ly:

After you save the configuration options, you then can go back in and enter your Bit.ly login and API key:

This makes it so that all of your shortened URLs then show up in your bit.ly account where you can see statistics around who has clicked on them, etc.

Because we use Google Analytics, I also checked off an option to add UTM tracking codes to URLs so that I can find any inbound traffic in GA easily.

I’ve been using WordTwit here on blogs.voxeo.com for a bit now and have been very pleased with how well it works. I haven’t yet installed it on the VO Developer Blog but will be doing so soon. Kudos (and thanks!) to the folks at BraveNewCode for developing such a great plugin.

Have you tried WordTwit? Or what plugin do you use for updating Twitter?

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

For those interested in plugins to your WordPress install, I found this very lengthy review of 43 plugins that are apparently finalists in the “WordPress Plugin Competition 2009″:

http://planetozh.com/blog/2009/09/wordpress-plugin-competition-2009-43-reviews/

I don’t know how many of those plugins are WordPress MU-compatible – and I have just started reading through all the reviews, but thought I’d pass it along to others interested. Looks like some really interesting ones in the mix. Thanks to “Ozh” for providing such detailed reviews.

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

What is the best Twitter plugin for WordPress MU for simply publishing tweets when new blog posts are published? Or for WordPress in general?

It’s a question I’ve been mulling over a lot recently as I’ve been looking at:

1. Reducing the number of tweaks I have to make to WordPress plugins on this site; and

2. Linking other company WordPress sites into our Voxeo twitter stream.

Back in December 2007, when I first linked this blog site to our Twitter stream, I wound up using Alex King’s great Twitter Tools plugin (see also here). The challenge, though, is this:

I had to hack the plugin code to make it work for us.

THE PROBLEM

Specifically, I went into the code to remove the “New blog post:” that gets added as a prefix to any new message going out to Twitter. This is difficult to do by design, as Alex states in his plugin FAQ:

Is there any way to change the ‘New Blog Post:’ prefix when my new posts get tweeted?

Yes there is, but you have to change the code in the plugin file.

The reason this is done this way, and not as an easily changeable option from the admin screen, is so that the plugin correctly identifies the tweets that originated from previous blog posts when creating the digest posts, displaying the latest tweet, displaying sidebar tweets, and creating blog posts from tweets (you don’t want tweets that are blog post notifications being treated like tweets that originated on Twitter).

Can I remove the ‘New Blog Post:’ prefix entirely?

No, this is not a good idea. Twitter Tools needs to be able to look at the beginning of the tweet and identify if it’s a notification from your blog or not. Otherwise, Twitter Tools and Twitter could keep passing the blog posts and resulting tweets back and forth resulting in the ’spinning fireball of death’ mentioned above.

I have, of course, removed the prefix entirely. And now the problem is that whenever I need to upgrade the plugin, I have to remember to make this modification. Not good.

The issue is that there is a basic fundamental disconnect between the purpose of the Twitter Tools plugin and what I want to do.

The Twitter Tools plugin allows you not only to publish Twitter messages when you have a new blog post, but also perhaps more importantly to publish a blog post aggregating all your Twitter messages. So at some interval you have a new blog post that contains all your recent tweets. While I can see this being tremendously useful in some cases, and is honestly something I’ve been thinking about for my own personal blog, the truth is that for the Voxeo blog portal…

I don’t care!

All I really want out of the Twitter plugin is to publish a tweet whenever we publish a new blog post. I want the one-way push. And that is not where the power lies in the Twitter Tools plugin.

The challenge now in mid-2009 is that it seems like every developer, their brothers, sisters, parents, aunts and uncles have made a Twitter plugin for WordPress – there’s a zillion of them!

A SOLUTION?

So far, in the limited time I’ve had to research this, the plugin that has caught my eye is “Twitter Publisher” by Timan Rebel. It does precisely what it is says… very simply publishes a tweet any time you post a blog post. It does have the ability to add a tweet prefix, but that is blank by default. It also nicely has the ability to use either the bit.ly or awe.sm URL shortening service, which lets me tie the shortened URLs into my bit.ly account for tracking purposes.

I’ve installed this over on the VoiceObjects Developer Portal, which is currently a standalone WordPress (not WPMU) site, and so tweets now appear in our main Twitter stream when blog posts are published there. So far it seems to be working fine, although a couple of times I have been puzzled by how it has abbreviated the blog post title. For instance, here, pointing to this blog post, the post title is:

Adapt-to-me, as I don’t want to adapt to you

yet it was shortened to:

Adapt-to-me, as I don’t want to adap…

which seems strange as it didn’t seem to need to be shortened like that.

Outside of that, it’s been working well so far. I’m intrigued to try out the capability to also send a message to an author’s Twitter account based on including an author’s Twitter name in his/her profile.

MOVING AHEAD

Part of my reason for writing this post is to find out what plugins others have found useful for one-way publishing to Twitter. I have two steps I need to take:

1. Add a Twitter plugin to blog.imified.com so that posts there automatically appear in our main Twitter stream (Added challenge there: ideally we would like tweets to appear in both @voxeo and @imified)

2. Replace the Twitter plugin I use here at blogs.voxeo.com in our WordPress MU installation so that I can remove one post-plugin-upgrade tweak I have to make.

The one challenge with Twitter Publisher is that it’s not 100% clear that it will work with WordPress MU, although I’ve generally found most WP plugins to work well with WPMU.

So I throw the question out there… what Twitter plugins for WordPress MU (or WordPress) have you found work the best for updating your Twitter stream whenever you publish a new blog post?

(Thanks in advance)

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook or following us on Twitter.

---

Technorati Tags: wordpress, wpmu, wordpressmu, twitter, plugins

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

I’m not sure when I’ll get my next block of time to hack on our WordPress site some more, but two enhancements I’m looking to add are:

PUBLISHING TO IDENTI.CA

Using the great Twitter Tools plugin, I’ve set this site up so that any blog posts published in any of our public blogs go out in our Twitter stream at twitter.com/voxeo. The primary reason for that is doing this is that we realize that many people (myself included) consume a lot of news/blog content through Twitter now. I’ve noted that myself that I don’t read RSS feeds in a feed reader nearly as much as I used to… instead I consume the information through Twitter. So we publish our posts out that way for people who want to subscribe to them and consume them in that fashion.

But what about the open source microblogging site Identi.ca? I use identi.ca personally, presented about linking Voxeo’s voice platform with Identi.ca at OSCON in 2008, and wrote up a lengthy piece about Yammer, Laconica and other options for internal microblogging back in October. It’s a great service and offers some interesting ideas for distributed microblogging.

Now we have an Identi.ca account at identi.ca/voxeo, but obviously we don’t use it. So I want to do for Identi.ca what we do for Twitter and publish our blog posts out that way. So far, the two main plugin contenders I see are:

• WordIdentica
• Identi.ca Tools

Judging purely from the websites, WordIdentica seems to have a lot of comments and, one would guess, usage. We’ll have to see.

MAKING THE SITE MORE IPHONE/TOUCH-FRIENDLY

Since we are huge iPhone fans and users here, I was intrigued when my colleague Ron Blaisdell pointed me to WPtouch: WordPress on iPhone which essentially is a plugin that provides a theme that makes your site look nicer and more navigable on your iPhone or iPod Touch. I haven’t tried it yet, but I did browse with my iPhone over to a site Ron did at http://www.flgyr.org/ and it does look cool on the iPhone!

Just two of the many things I’d like to do to the site…

---

If you found this post interesting or helpful, please consider either subscribing via RSS or following on Twitter.

---

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

Given WordPress MU comes by default prepared to be used on a site where you might allow anyone to sign up for an account, the security posture taken by WPMU is understandably high. For instance, only certain types of embeddable objects are allowed by default. As I have written about previously, there are ways to extend the list of embeddable objects but the problem is that people out on the Internet are naturally creating new services with new types of embeds. Maintaining a list of supported embed objects was getting rather tedious.

So I stopped. Since we know exactly who will have an account on this WPMU server, and we very definitely do not let just anyone in, I’ve gone ahead and installed and activated the “Unfiltered MU” plugin. I just followed the installation instructions and dropped it in my mu-plugins directory and… ta da… the problem with embeds went away.

Now there is the detail that authors need to have at least “Editor” status within WordPress MU for the Unfiltered plugin to let their embeds through, but that’s okay because, again, we have a very closed WPMU environment where I know precisely who will be writing on each blog. So for the people who need embeds, I have no issue setting them up with “Editor” access.

Anyway, it’s very great that Automattic makes the “Unfiltered MU” plugin available – and it’s great to no longer have to worry about whether or not new embeds will work within our blog site.

---

If you found this post interesting or helpful, please consider either subscribing via RSS or following on Twitter.

---

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

How can you add support for podcasting, and specifically video podcasting to a WordPress MU (WPMU) installation? That was the question I set out to answer… and here are some thoughts on the process I went through.

If you follow the main Voxeo blog site, you’ll undoubtedly know that not terribly long ago I launched a video podcast called Emerging Tech Talk (ETT) where I am posting videos related to “emerging technology” and more specifically “emerging communication technology”. Essentially it is a place for me to tell stories in a video form around the technologies that I am investigating and using as part of my job within Voxeo’s Office of the CTO.

The challenge I had in setting it up was how to set the podcast up so that viewers could subscribe via iTunes and yet I wanted to ideally not install yet-another plugin. Having been involved with podcasting since early 2005, I was well aware that the PodPress plugin was out there and well-loved by WordPress users. However, at this point I’m seriously trying to minimize the number of plugins I install purely because each time I have to upgrade WordPress MU, I have to check compatibility with all the plugins – and that’s more work than I wanted to do.

So here’s how the story unfolded…

YOUTUBE ONLY – When I started ETT, I initially posted the videos only to our YouTube channel. This was admittedly largely due to the fact that iMovie ‘08 has this insanely simple “Share -> YouTube… menu option. Create your movie, make the menu choice, enter your password and other info and… ta da… iMovie goes off and does all the necessary rendering and uploading to YouTube. However, I knew that this would NOT give me an RSS feed that was compatible with iTunes due to the fact that YouTube uses Flash video for their videos and iTunes needs MP4 (.m4v).

RSSHANDLER – In looking around for solutions, a friend pointed me to RSSHandler.com, a site that offers several tools related to making videos accessible in RSS feeds, including a YouTube channel converter that will take your YouTube channel and turn it into an iTunes-compatible RSS feed with the videos converted to the appropriate formats. I tried this out and it did work (although I admit I still don’t know how it worked as well as it did – at some point I’d like to dig into it a bit more to understand what it does). There was only one problem – I didn’t want to convert the entire YouTube channel. Our YouTube channel has my Emerging Tech Talk episodes, but also other videos we put up there. I wanted a feed with only the ETT videos. Now I could have created a separate YouTube channel for just the ETT shows, and I debated about doing this for a while. Doing so would help build the “brand” for the show. In the end, though, I decided that I wanted to keep all the Voxeo video content in one place on YouTube… so I abandoned this RSSHandler.com approach.

FEEDBURNER AND “SMARTCAST” – Since I already used FeedBurner to gather stats on users of my RSS feeds, my next attempt was to use FeedBurner’s “SmartCast” feature to turn an ordinary RSS feed into a podcast feed complete with all the iTunes-required tags. To make this work, I had to start uploading the video files to another web site (i.e. I couldn’t use the versions in YouTube) and so I started uploading them to a directory on the blog server. So now for each episode I’m doing two uploads: one to YouTube and one to the blog server. I also had to add a “download” link to each ETT blog post and had a link to the video file.

Unfortunately, FeedBurner’s “SmartCast” turned out not to be so smart in may case and despite whatever I did the RSS feed continued to pick up the links to the YouTube Flash video files. And yes, I of course tried 'rel="enclosure"' in the appropriate <A> tag… and I put it at the beginning of the entry and also at the end. Nothing worked. I had to turn off SmartCast and return the feed to a “normal” feed.

PODPRESS – You probably know what’s coming… yes, indeed, in the end I did have to suck it up and install the PodPress plugin. Installed it into my plugins directory, went through WPMU Site Admin to make the plugin available, and then in the ETT blog enabled the plugin and configured it appropriately. Even though PodPress is for the standalone version of WordPress, I had no issues using it in WordPress MU.

It works great… I do have to do the dual uploads to both YouTube and our site, but in the end I have a podcast feed that works great with iTunes and presumably any other podcast receiving software.

There are a couple of interesting points about putting up a video podcast in this manner:

DUAL UPLOADS – As I mentioned, I do have to upload the video file to both YouTube and this site. My primary reason for doing that is that I want the video content to be found in YouTube. If I didn’t care about having the content be found in YouTube, I could skip that upload and just have the upload going from our site. But I do want these videos contributing to our YouTube presence and being able to be found there. Having them in YouTube also means they are very easily embeddable in another blog site, linked to, etc.

STATISTICS – The good news, I guess, is that because the video files are being pulled directly from our site, we can get statistics here on the number of downloads. The bad news is that we’ve now got fractured download counts between our site and YouTube. The number of potential viewers is now the number of downloads plus the number of YouTube views.

ONLINE POST CREATION – A downside for me, personally, to using PodPress is that now I can’t create the ETT blog posts entirely offline. I do pretty much all my blog writing using an offline blog editor (MarsEdit, in my case) and then just hit “Send to Weblog” and the posts are uploaded to the blog site. Now, with PodPress in the production loop, I can write the post offline, but when I send it to the ETT blog I have to make sure that the Post Status is set to “Draft”. This uploads to blogs.voxeo.com but doesn’t make it publicly visible. I then login to our site, go into the draft post and then configure the PodPress options to point to the media file, etc. I then “Publish” the post at which point it is visible and also goes out in the RSS feed. It’s not a huge deal, but it just does add another step to the publishing process.

In the end, I have a working platform on WordPress MU for publishing video podcasts, which could also be used, of course, for audio podcasts (Stay tuned! )

Over time I expect to still be investigating other options for doing all this, but at the moment I’ve got something that works and lets us get our content out in audio and video forms. (Suggestions for other mechanisms are of course welcome.)

---

If you found this post interesting or helpful, please consider either subscribing via RSS or following on Twitter.

---

Technorati Tags: feedburner, feeds, plugins, podcasting, rss, video, videopodcasting, voxeo, wordpress plugins, wordpressmu, wpmu, wordpress

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---

Okay, so this was a serious way to waste a morning! At 8:00am this morning I put up the post about my OSCON 2008 presentation and immediately noticed that the embedded SlideShare slide show was not visible. The problem was fairly simple to figure out. Here’s the embed code from the SlideShare page for my presentation that I had diligently copy and pasted into MarsEdit before sending to WPMU via the API:

<div style="width:425px;text-align:left" id="__ss_525876"><a style="font:14px Helvetica,Arial,Sans-serif;display:block;margin:12px 0 3px 0;text-decoration:underline;" href="http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed" title="OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML">OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML</a><object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object><div style="font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px;">view <a style="text-decoration:underline;" href="http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed" title="View OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML on SlideShare">presentation</a> (tags: <a style="text-decoration:underline;" href="http://slideshare.net/tag/oscon2008">oscon2008</a> <a style="text-decoration:underline;" href="http://slideshare.net/tag/oscon">oscon</a> <a style="text-decoration:underline;" href="http://slideshare.net/tag/microblogging">microblogging</a> <a style="text-decoration:underline;" href="http://slideshare.net/tag/identi-ca">identi.ca</a>)</div></div>

However, when I did a “View -> Page Source” in Firefox, this was all that was visible:

<div style="width:425px;text-align:left" id="__ss_525876"><a href="http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed" title="Mashing Up Voice and the Web Using Open Source and XML">OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML</a> <div style="font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px">view <a href="http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed" title="Mashing Up Voice and the Web Using Open Source and XML on SlideShare">presentation</a> (tags: <a href="http://slideshare.net/tag/oscon2008">oscon2008</a> <a href="http://slideshare.net/tag/oscon">oscon</a> <a href="http://slideshare.net/tag/microblogging">microblogging</a> <a href="http://slideshare.net/tag/identi-ca">identi.ca</a>)</div>

Without even looking through the code I could just see visually that there was a chunk of code missing.

Oops.

I thought I knew what it was and, sure enough, closer examination of the code showed that the <object> element was being stripped entirely out:

<object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml" /><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object>

Based on past experience with WPMU (documented here and here), I knew immediately this was an issue with the <WPMUHOME>/wp-includes/kses.php file which, for very valid security reasons, strips out unknown tags when a post is created on the site (either via the web editor or posted through the API).

What confused me, though, was that SlideShare embeds worked perfectly fine in previous posts. So I had no idea why they weren’t working now. However, since that earlier post, I’ve upgraded to WPMU 1.5.1 and for whatever reason something has changed. It’s strange, though. <object> was NOT in the kses.php file before (I checked a backup) and it’s not in there now. Which makes me wonder how I posted those earlier entries with SlideShare embeds and others with YouTube videos.

In searching the WordPress MU forums, I found this post from a year ago that was seeking a solution to embed YouTube and Google videos. On the second page of responses, I found a great solution from a developer named Hendy Irawan.

---

WARNING: THIS CAN BE A SERIOUS SECURITY RISK IF YOU DO NOT TRUST YOUR AUTHORS!

In our case (for blogs.voxeo.com), we tightly control who can post to this site, so this security concern is not a major one for us. However, if you are operating a WPMU site where you let anyone sign up and create a new WPMU blog, I would very STRONGLY recommend you be extremely careful (as in “Don’t do it!”) with this as you can allow for the embedding of all sorts of content.

---

Basically, Hendy’s plugin simply adds <object> and <embed> to the list of allowed tags in kses.php. The nice aspect, though, is that it is in a separate file in the plugins directory so that it will survive upgrades. This seems an obvious thing to do but was not something I had seen previously. Great idea.

So following the instructions, I created the file <WPMUHOME>/wp-content/mu-plugins/embed_allower.php with Hendy’s code in it and tried another upload with the SlideShare embed in it. The result was almost there (new code in red):

<div style="width:425px;text-align:left" id="__ss_525876"><a href="http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed" title="Mashing Up Voice and the Web Using Open Source and XML">OSCON 2008: Mashing Up Voice and the Web Using Open Source and XML</a><object width="425" height="355"><embed src="http://static.slideshare.net/swf/ssplayer2.swf?doc=oscon2008voicemashups-1216853182252884-9&stripped_title=oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml" type="application/x-shockwave-flash" width="425" height="355"></embed></object> <div style="font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px">view <a href="http://www.slideshare.net/danyork/oscon-2008-mashing-up-voice-and-the-web-using-open-source-and-xml?src=embed" title="Mashing Up Voice and the Web Using Open Source and XML on SlideShare">presentation</a> (tags: <a href="http://slideshare.net/tag/oscon2008">oscon2008</a> <a href="http://slideshare.net/tag/oscon">oscon</a> <a href="http://slideshare.net/tag/microblogging">microblogging</a> <a href="http://slideshare.net/tag/identi-ca">identi.ca</a>)</div>

If you compare to the <object> snippet above, you’ll notice that the <param> element is missing and there are some other attributes on the <embed> object that aren’t there, either.

To accomplish this, I need to modify Hendy’s code, which is now shown below:

<?php
/*
* Plugin Name: Embed Allower 2 
* Plugin URI: http://blogs.voxeo.com/behindtheblog/wp-plugin-embed-allower-2/
* Description: Allows embed, object, and other security risks tags. LGPLv3.
* Version: 1.0
* Author: Dan York
* Author URI: http://blogs.voxeo.com/behindtheblog/
**/
/*
* Based on Embed Allower from Hendy Irawan at http://hendyirawan.com/
*
* WARNING: THERE ARE SERIOUS SECURITY RISKS with allowing these object and
* embed tags, especially in multi-author environments where you don't trust
* your users.  Please make sure you know what you are doing before using
* this.
*
* Dan York and Voxeo Corporation assume absolutely no liability if you have any
* security issues as a result of using this plugin. USE AT YOUR OWN RISK!
*/

// For more info see wp-includes/kses.php
if (!CUSTOM_TAGS) {
	$allowedposttags['embed'] = array(
		'style' => array(),
		'type' => array (),
		'id' => array (),
		'height' => array (),
		'width' => array (),
		'src' => array (),
		'object' => array(
			'height' => array (),
			'width' => array (),
			'param' => array (
				'name' => array (),
				'value' => array ()
			)
		)
	);
	$allowedposttags['object'] = array(
	        'style' => array (),
		'height' => array (),
		'width' => array (),
		'param' => array (
			'name' => array (),
			'value' => array ()
		),
		'embed' => array(
			'style' => array(),
			'type' => array (),
			'id' => array (),
			'height' => array (),
			'width' => array (),
			'src' => array (),
			'allowfullscreen' => array (),
			'allowscriptaccess' => array ()
		)
	);
	$allowedposttags['param'] = array (
	        'name' => array (),
		'value' => array ()
	);
}
?>

I’ve now created a specific page for this plugin. If you put it in your <WPMUHOME>/wp-content/mu-plugins directory it should now let you upload objects like SlideShare slide shows and other embedded objects.

If you do have any comments about this, please feel free to leave them here.

And again, please understand the security risks of using this. I would again strongly recommend NOT using this if you do not trust your authors. (On the other hand, if you run a corporate blog portal like we do, this may be perfectly fine.)

Technorati Tags: wordpress, wordpress mu, wpmu, plugins, wordpress plugins

---

If you found this post interesting or helpful, please consider either subscribing via RSS, becoming a fan on Facebook, or following us on Twitter.

---