Okay, so I’m browsing software today, and I see this incredible plugin:

blog, new beginnings, new plugin. My latest plugin, the WordPress Politically Correct plugin, PC plugin for short, is a fitting plugin for today’s 2.0 bloggers. Turning your blog into something your mother would be proud of has never been easier.

Like it’s name suggests, the PC plugin gets rid of all the non PC language on your blog.

     Yep, sure as excrement, it works.  I should maybe use something like that on my Contact form, seeing as how so many of those less than intelligent, copulating extremely ill-mannered people keep sending me the most mean-spirited cow excrement I’ve ever had to copulating read.

     Firefox still sucks.  I don’t care what everyone else in the world thinks, and I know it’s an unpopular opinion, but it’s the truth.  While they bitch about “standards” all the time, the fact is, 95% of what Firefox calls “a standard” isn’t even ratified yet.  When developers can’t tell a “Standard” from a “Request For Comment,” all sorts of malady ensues.
     It’s also disingenuous on the part of Web Developers to say, “It won’t render right in IE because IE sucks!” when the fact is, any Web Developer worth their salt would make an attempt to make a page render right in the predominant browser and its inferior counterpart.  Yet, for some reason, the call is to “blame Microsoft” every time a Developer makes a stupid mistake or doesn’t know what the Hell they’re doing…

     There’s also this ridiculous assertion that Firefox is inherently bullet-proof as far as being hackable.  The case is that IE is the predominant browser, so it makes sense to use it as the target for widespread attacks.  Firefox is an even more broken mess from a Security standpoint, and the veracity of its issues span across multiple platforms, despite claims otherwise.

     A nice little case in point of “shitty code” in Firefox is this attack vector I found two years ago and apparently still isn’t fixed…

     Get out your favorite PHP editor, and send an image in a stream… but in the header, use these two lines instead of something normal:

echo "Content-type: image/jpg";
echo "Content-length: 0";

     Now, with every other user-agent in the world, this won’t work for two very important reasons:

1. “image/jpg” is not a valid content-type.  “image/jpeg” is.
2. A connection-length of zero bytes tells the user-agent not to receive any data.

     Firefox, on the other hand, will go ahead and render the invalid content-type, zero-byte image at whatever size the Server streams to it, proving that it doesn’t care what’s actually being received from a possibly malicious host.

     Can you say, “Exploitable,” boys and girls?

     I knew you could…

     If you’re using Pyzor to help you block spam (a lot of people use it alongside SpamAssassin), then you’ve probably run into these nasty “pyzor: check failed: internal error” messages in your maillog since July 21st.
     After digging into on my own a bit, I found two things.  The first was the “InternalError” was being caused by a corrupt “servers” file that contained nothing but “File Not Found” information.  The second was that the “discover” command line was returning:

downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
Traceback (most recent call last):
  File “/usr/bin/pyzor”, line 4, in ?
    pyzor.client.run()
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 991, in run
    ExecCall().run()
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 185, in run
    self.servers  = self.get_servers(servers_fn)
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 410, in get_servers
    servers.read(open(servers_fn))
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 119, in read
    self.append(pyzor.Address.from_str(line))
  File “/usr/lib/python2.4/site-packages/pyzor/__init__.py”, line 458, in from_str
    fields[1] = int(fields[1])
IndexError: list index out of range 

     Obviously, linking to non-existent files, especially in the /cgi-bin/ directory, is a bad thing.

     As a temporary measure, simply disable your “pyzor discover” cron job, and manually add “82.94.255.100:24441” into your “servers” file (wherever it may be with your configuration).

     Ya know, I saw a random bug report in the WordPress forums about the Search Everything plugin with no actual description about what the bug was.  It just had a code snippet and said “108.”  No explanation, no fix… Just a complaint that says “108.”

     In SE-Admin.php, change Line 108 from:

<p><input type=”checkbox” id=”search_drafts” name=”search_drafts” value=”true”  <?php if($options[‘SE4_use_draft_search’] == ‘true’) { echo ‘checked=”true”‘; } ?>

     To:

<p><input type=”checkbox” id=”search_drafts” name=”search_drafts” value=”true”  <?php if($options[‘SE4_use_draft_search’] == ‘true’) { echo ‘checked=”true”‘; } ?> />

     Of course, while you’re at it, you can fix Line 102 from:

<p>     <input type=”checkbox” class=”SE_text_input” id=”appvd_comments” name=”appvd_comments” value=”true”  <?php if($options[‘SE4_approved_comments_only’] == ‘true’) { echo ‘checked=”true”‘; } ?>

to

<p>     <input type=”checkbox” class=”SE_text_input” id=”appvd_comments” name=”appvd_comments” value=”true”  <?php if($options[‘SE4_approved_comments_only’] == ‘true’) { echo ‘checked=”true”‘; } ?> />

     After doing that, some of the check boxes will actually show and work on the Settings page…

     There’s a stopper-style bug in the the latest Akismet plugin for WordPress.  If you have multiple pages of Spam Comments, it keeps returning the first fifty — not good if you get as much Spam as we do, as we have to periodically check for false positives.
     The fix is easy…

     In Akismet 2.1.4, change wp-content/plugins/akismet/akismet.php, line 483 from:

        $comments = akismet_spam_comments( $current_type );

     to

        $comments = akismet_spam_comments( $current_type, $page );

     And Enjoy.  😉