The Advanced Category Excluder plugin has been deleted from all dvector accounts. There were too many problems and not enough users with this plugin. It did provide some useful functionality, so a replacement will likely be added within a week.
The Event Calendar 3 plugin is now working as expected. It has been re-enabled on all dvector sites. Thank you for your patience. Below is the patch code:
@@ -132,7 +132,8 @@
/** Rewrite date restrictions if the query is day- or category- specific. */
-function ec3_filter_posts_where(&$where)
+//function ec3_filter_posts_where(&$where)
+function ec3_filter_posts_where($where)
{
global $ec3,$wp_query,$wpdb;
@@ -225,7 +226,8 @@
}
/** */
-function ec3_filter_posts_join(&$join)
+//function ec3_filter_posts_join(&$join)
+function ec3_filter_posts_join($join)
{
global $ec3,$wpdb;
// The necessary joins are decided upon in ec3_filter_posts_where().
@@ -239,7 +241,8 @@
}
/** Change the order of event listings (only advanced mode). */
-function ec3_filter_posts_orderby(&$orderby)
+//function ec3_filter_posts_orderby(&$orderby)
+function ec3_filter_posts_orderby($orderby)
{
global $ec3, $wpdb;
if($ec3->order_by_start)
@@ -263,7 +266,8 @@
/** Eliminate double-listings for posts with >1 scheduled event. */
-function ec3_filter_posts_groupby(&$groupby)
+//function ec3_filter_posts_groupby(&$groupby)
+function ec3_filter_posts_groupby($groupby)
{
global $ec3,$wpdb;
if($ec3->join_ec3_sch || $ec3->order_by_start)
@@ -278,7 +282,8 @@
/** Add a sched_id field, if we want a listing. */
-function ec3_filter_posts_fields(&$fields)
+//function ec3_filter_posts_fields(&$fields)
+function ec3_filter_posts_fields($fields)
{
global $ec3;
if($ec3->is_listing && ($ec3->join_ec3_sch || $ec3->order_by_start))
@@ -536,7 +541,8 @@
}
-function ec3_filter_the_content(&$post_content)
+//function ec3_filter_the_content(&$post_content)
+function ec3_filter_the_content($post_content)
{
return ec3_get_schedule() . $post_content;
}
The Event Calendar plugin will likely be fully activated and functioning by the end of today. I have implemented a fix and am currently testing that right now.
The Event Calendar and the Advanced Category Excluder plugins have been deactivated for all sites. These two plugin sets were causing display issues by using bad formed SQL statements and deprecated PHP functions. I will review the plugin code, submit bug reports to the authors, and attempt to get these plugins reactivated as soon as possible.
If you are using the Event Calendar plugin to manage and display events, you will temporarily need to display these using only the event category. You will also be unable to add new events to the calendar.
The page to register or create a new blog is protected. This is not meant to discourage you from registering but to block registration bots. The credentials needed to get to the registration page are:
| Username | Password |
|---|---|
| friend | begin |
By entering these credentials into the authentication box, you declare that you are not a spammer and will not use your dVector blog for illegal or adult themed activities.
Now go register or create that blog!
The ability to register for an account and create a new blog has been added back to dVector. All new blogs will be held in moderation until they are fully approved. Approvals may require email communication with the blog creator and a declaration from that creator that the blog will not be used for spam.
Within 6 hours of re-enabling this feature, dVector received more than 60 requests for new blogs. Of those, I have verified that only 1 was legitimate. Expect some additional work and automation on this feature.
The ability of users to create a new blog has been suspended on dVector. This was done to combat the ever-growing problem of blog spam. Over the last month more than 100 blogs have been created on dVector. Each new blog is reviewed by staff for compliance with our terms of service. After this review, the great majority of these new blogs were suspended for spam activity.
To prevent additional spam blog creation, dVector intends on implementing a new registration and approval process for new blogs. In the meantime, blog creation is suspended. If you wish to create a new blog, please contact dVector directly.
sales@gruffgoat.com
414-810-6631
Sorry for an inconvenience,
Gary Dalton
Early this morning, a number of updates were made on dvector.com. This included and upgrade of WordPress to the latest version which is 2.9.1. Also, all plugins were upgraded to their latest version. For those of you using the cforms plugin, you do need to check the functioning of your forms. Our testing of the upgrades was successful but we cannot anticipate all of the ways you may use this plugin.
If you become aware of any problems, please post a bug report so that your issue may be fixed. Bug reports may be posted at http://bugs.ggis.biz/.
IMPORTANT: MULTIPLE RECIPIENTS support revamped, check the HELP! page for updated description
======================================================================
WHAT’s NEW in cformsII – v11
*) feature: MULTIPLE RECIPIENTS support revamped (supporting multiple email accounts per option)!
PLEASE DOUBLE CHECK YOUR SETUP! see HELP! page as well.
*) feature: admin UI revamped (please note the new fixed ‘action box’, right hand side!)
*) feature: PHP 6 compliance: added input processing support to accomodate PHP’s DEPRECATED
get_magic_quotes_gpc()
*) feature: added a new my-functions.php logic routine: “successMessage”
*) feature: UPLOAD field noid- (or ID) prefix can be turned off
*) feature: enabled Email-Priority for the SMTP feature
*) feature: admin UI option boxes: supporting clickable option titles bars
*) feature: added two new system variables: {CurUserFirstName} & {CurUserLastName}
*) feature: supporting multiple form fields with the same name in get_cforms_entries()
*) feature: BCC field now supports multiple email addresses
*) feature: conditional redirection (my-functions.php) can now return “” (empty string) to cancel
redirection altogether
*) bugfix: fixed “magic deletion” of \ (backslashes) for some users when updating settings
*) bugfix: fixed popup time entry for “submission limit”
*) bugfix: form deletion: fixed error when having more than 10 forms.
*) bugfix: fixed deletion of auto confirmation settings when turning off this feature
*) bugfix: fixed form duplication bug that would prevent ‘Multi-part settings’ to be copied
*) bugfix: form deletion: fixed proper consolidation of remaining forms / settings array
*) bugifx: TAF: fixed WP quickedit; now keeping the TAF setting when updating post
*) bugfix: fixed sorting for int() values in get_cforms_entries()
*) bugfix: “geomaplookup” call adjusted to new URL
*) bugfix: RSS title missed a stripslashes()
*) bugfix: Admin email missed a stripslashes() for the form data title
*) bugfix: Tracking/download of CSV: “Add URL for upload fields” option fixed for MP forms
*) other: plugin removal code enhanced (turns off plugin automatically now)
WHAT’s NEW in cformsII – v10.6 *** WP 2.8 compliance
*) feature: completely rewritten sidebar WIDGET SUPPORT, pls recheck your widget setup!
*) feature: auto confirmation messages now support an attachment
*) feature: radio buttons can now be “required” when no radio box should be checked by default!
*) feature: added strip_tags() to TEXT message part of the admin email
(to avoid HTML in plain TXT)
*) other: house keeping, cleaning up & rearranging admin UI
*) feature: backwards compatible now: supporting PHP4
*) bugfix: label issues with “(” and “)”, which would not show in the admin email (&tracking)
*) bugfix: minor code fixed, mostly cosmetic
*) bugfix: nonAjax form submission would not allow single quotes in custom field ID/NAME
*) other: amended Help section
*) other: typos/corrections on Help! page
WHAT’s NEW in cformsII – v10.5.2
*) bugfix: WP comment form feature:: fixed {custom var} replacement in admin email (ajax mode)
*) bugfix: WP comment form feature:: fixed “send to author” option in cforms’
*) other: admin email addresses now support “+” , e.g. john+janey@mail.com
WHAT’s NEW in cformsII – v10.5.1
*) feature: Email Priority can now be set under “Core Options”
*) bugfix: insert_cform(‘1′) would cause minor issues if your default form was a TAF form
*) bugfix: Limit Text is now saved even if no #-limit is provided
*) bugfix: fixed =3D issue for some users (admin email layout)
WHAT’s NEW in cformsII – v10.5
*) feature: redirect options: “hide” & “redirect” have been split, allowing both
find ‘hide’ under ‘core options’ now
make sure to check both options, they may have been reset!
*) feature: email: supporting mail server that strictly require CRLF
new option under GlobalSettings > Mail Server Settings
*) bugfix: field labels that would have an escaped character (e.g quotes) would not be
referenced correctly and required a slash until now (e.g. {Your friend\’s Name} ).
*) bugfix: fixed minor XSS cross site scripting vulnerability
*) bugfix: select boxes: fixes the “auto select” of the last drop down option
*) bugfix: email: fixes CR’s in multi-line fields
*) bugfix: email: fixing SMTP / PHPMailer attachments
*) bugfix: email: MIME / boundary fix
*) bugfix: email: several cosmetic fixes
*) bugfix: WP comment: fixed Ajax submission of WP comments
*) bugfix: fixed get_cforms_entries() when using “form name” parameter
*) bugfix: fixed WP comment form ‘comment id not found’ error
*) other: plugin update notice has become smaller / can be toggled
*) other: updated Help page (API section)
*) other: enhanced API function get_cforms_entries()
Parameters:
get_cforms_entries( $fname,$from,$to,$cfsort,$limit,$cfsortdir )
$fname = [text] : form name (case sensitive!)
$from = [date] : e.g. 2008-09-17 15:00:00
$to = [date] : e.g. 2008-09-17 17:00:00
$cfsort = [text] : any input field label, e.g. ‘Your Name’
or ‘date’, ‘ip’, ‘id’, ‘form’, ‘email’
$limit = [numeric] : limits number of records retrieved
$cfsortdir = [text] : sort direction ‘asc’ or ‘desc’
(see updated Help page too!)
WHAT’s NEW in cformsII – v10.4
*) feature: new my_cforms_logic() features:
“adminEmailTXT” & “adminEmailHTML”, “autoConfTXT” & “autoConfHTML”
to support run-time changes in the email message part(s),
e.g. {user_variable} substitution supporting custom/one-off messages
*) feature: tracking / download: revised and fixed downloads that include field headers
in several areas
*) feature: tracking / download: added optional inclusion of attachment/file URLs
*) feature: tracking / download: added optional inclusion of IP address in report
*) feature: tracking / download: completely revised the tracking download function to
accommodate very large numbers of records, make sure that js/include/data.tmp
is writable!
*) bugfix: fixed access to $subID from within my-functions.php for Ajax post method
*) bugfix: file uploads/attachments: revised, better internal handling
*) bugfix: file uploads/attachments: fixed link/URL issue for MP forms
*) bugfix: file uploads/attachments: all files are now being attached to admin email for
MP forms
*) bugfix: WP comment form: fixed email to author in non Ajax mode
*) bugfix: Fixed “extra variables” (e.g. {Title}) to display again in admin email etc.
*) bugfix: success message: fixed buggy message display (‘*$#..’) in special cases
*) other: Javascript Date Picker updated to latest release
*) other: admin emails: turned upper case HTML tags to lower case
*) other: admin emails: swapped LF for CRLF (according to RFC822 Section 3)
WHAT’s NEW in cformsII – v10.3
*) feature: RSS feed: revised and enhanced feeds (all & indivudal form feeds)
supporting inclusion of form fields in the feed
*) feature: new API function: cf_extra_comment_data( $id )
will retrieve all extra fields per given comment ID in a data [array]
see tutorial online (troubleshooting forum)
*) feature: enhanced option to keep input field data (no reset) after submission
(both ajax & nonajax)
*) feature: cforms allows now to optionally turn off the admin email (and only track via DB)
*) feature: “redirect on success” can now be used to jump to any location on your page after
form submission
*) feature: threaded comment support for cforms’ WP comment feature
note: nonAjax will work as is, for the Ajax method you need to adjust your WP theme to
work nicely with cforms (dynamically set the parent container!)
*) bugfix: multi-part forms: no more session resets / jumping to first form
*) bugfix: multi-part forms: confusion of prev. entered field values when going to previous form
*) bugfix: escaped ‘<’ & ‘>’ in input fields, which allows to properly send code in a form as well
*) bugfix: a few admin CSS fixed (e.g. resizable text areas)
*) other: smaller cosmetic fixes
*) other: input field default values will now remain actual values and not be cleared!
WHAT’s NEW in cformsII – v10.2 GPL compliance!
*) bugfix: WP comment form : fixed issues when form #1 was enabled as WP comment form replacement
*) bugfix: fixed Cross-site_scripting security hole (rarely to be exploited but anyway)
*) bugfix: multi-part form: fixed issue, when first form is the default form (#1)
*) bugfix: multi-part form: fixed escaped quotes when going back
*) bugfix: textarea fields: fixed carriage returns in HTML part of admin email
*) other: buttonsnap has been removed
WHAT’s NEW in cformsII – v10.1
*) feature: added form option to turn off tracking for a given form only
*) bugfix: improved method of adding admin scripts/CSS (to better support preWP2.7 systems)
*) bugfix: added UI CSS mods to accomodate pre WP2.7 admin interface
*) bugfix: wrong dashboard icon extension (png vs gif)
*) bugfix: hover text over AJAX option on ‘form settings’
*) bugfix: multi-page forms: after final submission, form #1 on occcasion would render only partly
*) bugfix: multi-page forms: if used with “WP comment form feature” at the same time, comment form would also be replaced with the current multi-part form
*) bugfix: multi-page forms: when deploying several MP form series the SESSION would in some cases not be reset
*) bugfix: in v10.0 access priviliges for tracking required to be “manage_cforms”
*) other: fixed CommentLuv support
*) other: WP2.7+ fixed admin UI : support for removeable top err/warning messages
*) other: a few minor UI adjustments to accomodate 1024px wide screens a tad better
*) other: some cosmetic icon adjustments
WHAT’s NEW in cformsII – v10.0
*) feature: “manual/help page” now also offered in form of a PDF (see help page)
*) feature: enhanced Opera Browser support
*) feature: complete admin UI update: WP2.7′ized it (code and CSS)
*) feature: multi-part/-page form support
*) feature: added dashboard support for WP 2.7
*) feature: general enhancements on tracking page (time stamps on entries etc)
*) bugfix: regexp now allow OR | operator,e .g. ^(a|b)c
*) bugfix: datepicker localization for admin interface
*) bugfix: email verification fields (special regexp) would not work with custom err messages
*) bugfix: fixed install bug that appeared on some WP 2.7 deployments (redeclare err)
*) bugfix: fixed captcha issue for nonAjax forms
*) bugfix: insert_cform() would show the default form versus a specified one
*) bugfix: minor admin email issue re: inclusion of CAPTCHA input
*) other: updated and cleaned up help page
*) other: much improved admin captcha config preview (no saving necessary for preview anymore!)
*) other: made some admin UI changes (font alternatives)
*) other: enhanced handling of duplicate form fields for tracking/admin email (no more __x suffixes)
*) other: revamped admin email assembly process
There is a worm making digging its way through older version of WordPress. It got started over the Labor day weekend and I expect it will continue until everyone’s WP is either infected or updated. Here is a link to Matt’s blog post on the worm.
At dVector, we make every effort to monitor the developing security profile of WordPress and the web server software needed to run it. Critical security vulnerabilities are usually patched within a day or two of the patch becoming available.
Because of this vigilance, you do not have to be concerned that your site was affected by this worm. All of our blogs were updated to the latest (and immune) version prior to the distribution of the worm.