Bildiğiniz gibi sitemizde içerik girmek için TinyMCE eklentisi kullanılmaktaydı. Bugün ufku’nun sitesini gezerken gördüğüm BUEditor eklentisi çok hoşuma gitti ve TinyMCE’den daha rahat kullanılabileceğini düşündüm. BUEditor, TinyMCE gibi tam bir görsel editör değil ama ondan çok daha hafif ve hızlı.
Yazdıklarınızı önizleme imkanı da veren bu eklenti aynı zamanda IMCE eklentisi ile de entegre. Zaten bu iki güzel eklentiyi de yazan aynı kişi. Şu an en çok indirilen eklentiler TinyMCE ve IMCE iken yakında bunun BUEditor ve IMCE olduğunu görebiliriz.
devamını oku
October 16th, 2009 Yazan: Turk3005 | Kategori: Drupal | Bu Yazı İçin Yorum Yok. »
Biraz önce Drupal 5.0 çevirilerini http://drupal.org/ sitesine Drupal 5.0 çevirisi olarak yükledim. Bir süre sonra bu çeviriler indirilebilir dosya halinde kullanıma açılacaktır. Sizlerden ricam bu çevirileri inceleyip fikirlerinizi bize iletin.
October 16th, 2009 Yazan: Turk3005 | Kategori: Drupal | Bu Yazı İçin Yorum Yok. »
We have been hard at work now for a few months on the new features that will be coming in WordPress 2.9, and we are nearing the time when the first beta version will be available. We’ll need your help with beta testing the new features and ironing out any bugs.
There are a number of different ways in which you can get involved in the testing process, and there are options to suit people of all different skill sets. First of all, you can join the wp-testers mailing list to keep up to date with the testing progress and to discuss things with the other testers. Secondly, you can head over to the Trac ticketing system and either create tickets for bugs you find or use some of the useful searches to look for patches that need testing or that need someone to try and reproduce the issue.
During the beta phase we are going to focus on the stabilization of the new features and the removal of existing bugs which are well-understood and have easily testable solutions. During this process we will not be adding any more enhancements so as to ensure that the focus is on making the 2.9 release as bug-free as possible. We will also try and have a few special bug hunt days where one or more experienced WordPress developers will be available to help people track down issues and get patches committed to fix bugs.
To make is as easy as possible for you to get a beta testing install up and running we have put together a small WordPress plugin which makes it really easy to convert a test install of the latest release version of WordPress into a beta test install of the next up and coming release. The plugin is called WordPress Beta Tester and is available to download from WordPress Extend or can be installed using the built-in plugin installer. Please make sure you to only install this plugin on a test site, as we don’t recommend running beta versions on your normal live sites in case anything goes wrong. You can read more about the plugin in “Making it easy to be a WordPress Tester”
We are aiming to release the first beta version of 2.9 around the end of October, once we have put the finishing touches on the new features, and then we switch to full on beta testing mode and your help and feedback will be very much appreciated. During the beta program will push out new builds for automated upgrades regularly and once we feel that a suitable level of stability has been achieves we will release a release candidate, and we hope to be able to make the final release 2.9 build available in either late November or early December.
October 14th, 2009 Yazan: Turk3005 | Kategori: Wordpress | Bu Yazı İçin Yorum Yok. »
A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later.
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
I’m talking about this not to scare you, but to highlight that this is something that has happened before, and that will more than likely happen again.
A stitch in time saves nine. Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)
2.8.4, the current version of WordPress, is immune to this worm. (So was the release before this one.) If you’ve been thinking about upgrading but haven’t gotten around to it yet, now would be a really good time. If you’ve already upgraded your blogs, maybe check out the blogs of your friends or that you read and see if they need any help. A stitch in time saves nine.
Whenever a worm makes the rounds, everyone becomes a security expert and peddles one of three types of advice: snake oil, Club solutions, or real solutions. Snake oil you’ll be able to spot right away because it’s easy. Hide the WordPress version, they say, and you’ll be fine. Uh, duh, the worm writers thought of that. Where their 1.0 might have checked for version numbers, 2.0 just tests capabilities, version number be damned.
The second type of advice is Club solutions; to illustrate, I’ll quote from Mark Pilgrim’s excellent essay on spam 7 years ago, before WordPress even existed:
The really interesting thing about these approaches, from a game theory perspective, is that they are all Club solutions, not Lojack solutions. There are two basic approaches to protecting your car from theft: The Club (or The Shield, or a car alarm, or something similar), and Lojack. The Club isn’t much protection against a thief who is determined to steal your car (it’s easy enough to drill the lock, or just cut the steering wheel and slide The Club off). But it is effective protection against a thief who wants to steal a car (not necessarily your car), because thieves are generally in a hurry and will go for the easiest target, the low-hanging fruit. The Club works as long as not everyone has it, since if everyone had it, thieves would have an equally difficult time stealing any car, their choice will be based on other factors, and your car is back to being as vulnerable as anyone else’s. The Club doesn’t deter theft, it only deflects it.
Club blog security solutions can be simple (like an .htaccess file) or incredibly complex (like two-factor authentication), and they can work, especially for known exploits. Club solutions can be useful, like using a strong or complex password for your login — no one would recommend against that. (Another club solution is switching to less-used software on the assumption or more like the software’s claim that it’s perfect and more secure. This is why BeOS is more secure than Linux, ahem.)
In the car world, if someone figured out how to teleport entire cars to chop shops, The Club wouldn’t be so useful anymore. Luckily for manufacturers of The Club, this hasn’t happened. Online and in the software world, though, the equivalent happens almost daily. There is only one real solution. The only thing that I can promise will keep your blog secure today and in the future is upgrading.
WordPress is a community of hundreds of people that read the code every day, audit it, update it, and care enough about keeping your blog safe that we do things like release updates weeks apart from each other even though it makes us look bad, because updating is going to keep your blog safe from the bad guys. I’m not clairvoyant and I can’t predict what schemes spammers, hackers, crackers, and tricksters will come up with with in the future to harm your blog, but I do know for certain that as long as WordPress is around we’ll do everything in our power to make sure the software is safe. We’ve already made upgrading core and plugins a one-click procedure. If we find something broken, we’ll release a fix. Please upgrade, it’s the only way we can help each other.
October 14th, 2009 Yazan: Turk3005 | Kategori: Wordpress | Bu Yazı İçin Yorum Yok. »
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
October 14th, 2009 Yazan: Turk3005 | Kategori: Wordpress | Bu Yazı İçin 1 Yorum Var. »
