Two problems with Ultimate Tag Warrior

Yesterday I updated my Wordpress to version 2.1.3 after that I found found that I could not save my last post about Struts and MVC because some words where triggering one of mod security rules that are enabled on my server. After solving this one (traducing the flagged words to Spanish).

Knowing this I remembered that one time other plugins where having problems similar to this one. Specifically the Ultimate Tag Warrior plugin was giving me a javascript error: “askYahooForKeywords is not defined”. Looking at the javascript files with Firebug (excellent tool for web developers) saw that ultimate-tag-warrior-ajax-js.php was returning an HTTP 500 error, then I checked the server logs and found another mod security rule had been triped.

[code]mod_security: Access denied with code 500. Pattern match “!/imp/login.php” at HEADER(”Referer”) [id "300018"][rev "3"]
[msg "Generic PHP code injection protection via ARGS"
[/code]

That message got me thinking, so I googled a bit and found out that one of mod_security rules detects that any get or post variables have “http” in it, this is the case of UTW. So I went and hacked away:

Changed ultimate-tag-warrior-core.php and changed the GetAjaxJavascriptUrl to:

[php]
function GetAjaxJavascriptUrl() {
global $install_directory, $wp_query;
$rpcurl = str_replace(”http://”, “”, get_option(”siteurl”)) . “/wp-content/plugins$install_directory/ultimate-tag-warrior-ajax.php”;
$jsurl = get_option(”siteurl”) . “/wp-content/plugins$install_directory/ultimate-tag-warrior-ajax-js.php”;
return “$jsurl?ajaxurl=$rpcurl”;
}
[/php]

This eliminates de http from the $rpccurl variable, this way mod_security wouldn’t complain about it. Now the problem was that UTW assumed that the http did come in the GET variable. The solution was to change another file of the plugin, this time ultimate-tag-warrior-ajax-js.php Every line that had

[js]http.open(’get’, ‘< ?php echo $ajaxurl ?>?action=’+action+’&tag=’+tag+’&post=’+post);[/js]

changed it to

[js]http.open(’get’, ‘http://< ?php echo $ajaxurl ?>?action=’+action+’&tag=’+tag+’&post=’+post);[/js]

And it worked. Now after solving it another problem appeared. The post is to long and I get a Request-URI Too Large error, using firebug I saw that while it is using the post method the content of the request is being sent with get variables so maybe there lies the problem. I managed to change the askYahooForKeywords function to use post:
[js]
function askYahooForKeywords() {
var http = createRequestObject();
try {
http.open(’POST’,'http://< ?php echo $ajaxurl ?>?action=requestKeywords&service=yahoo’, true);
var params = “content=” + escape(document.getElementById(’content’).value)
http.setRequestHeader(”Content-type”, “application/x-www-form-urlencoded”);
http.setRequestHeader(”Content-length”, params.length);
http.setRequestHeader(”Connection”, “close”);
http.onreadystatechange = function () {
if(http.readyState == 4) {
document.getElementById(”yahooSuggestedTags”).innerHTML = http.responseText;
}
}
http.send(params);
} catch (ex) {
alert(”Something done went wrong:” + ex);
}
}
[/js]

This way the information is sent via post: the right way to send a large quantity of data.
All this was done using Ultimate Tag Warrior version 3.1415926

Finally I added a feature I always wanted for UTW: the behavior of the tag lists when posting a new bookmark to del.icio.us the biggest change was made to the addTag function on ultimate-tag-warrior-js.php the changes to this function is really large, the new function is this:
[js]
unction addTag(tagname, obj) {
var text_field = document.forms[0].tagset
var text_value = text_field.value
var tags = text_value.split(”,”)
if (tags.length == 1 && tags[0] ==”") tags = []
var new_text = “”
var add = true
if (tags.length>0) {
for (i=0;i
tags[i] = utw_trim(tags[i])
if (tagname==tags[i]) {
add = false
continue;
}
new_text += “, ” + tags[i]
}
}
if (add) {
obj.style.background = “#14568a”
obj.style.color = “#fff”
new_text += “, ” + tagname
} else {
obj.style.background = “#fff”
obj.style.color = “#14568a”
}
new_text = new_text.substring(2)
text_field.value = new_text
}
[/js]

Notice that there is a new parameter to this function (obj) this should be a refference to the link clicked to add (or remove) a tag. To cope with this new parameter I made changes to two other files: ultimate-tag-warrior-actions.php and ultimate-tag-warrior-ajax.php

In both cases the html anchors are something like this:

[html]
tag_name
[/html]

Thats is almost everything I did when dissecting this plug in. I hope Christine, the creator of the Ultimate Tag Warrior, takes this as a suggestion or even a starting point to implement this feature and solve the two problems reviewed. Specially now that she’s at the point of restructuring the plug in.

Comments are welcome in English or Spanis.

PS. Here’s a compressed archive with the modified plug in (it’s working right on this site)
PS1. mod_security can be disabled with this two lines on the .htaccess

[xml]

SecFilterEngine Off
SecFilterScanPOST Off

[/xml]

Edit: it may not be a good choice to disable the mod_security module (check Introducing mod_security for more information)

Recibe otros artículos como este automáticamente
Suscríbete vía RSS a aikon.com.ve || ¿Qué es RSS?