I just wanted to post something quick with regards to my progress on the AJS Footnotes update.

I am making forward progress, and think I'll be coming to a milestone with some of the troubles the earlier versions had some time today.

The two sticking points were JavaScript and WordPress security issues.

The JS trouble is a coupling of the original plugin doing nothing to ensure that the popup generated by the footnote had room to fit in the viewable area, and user requests to reduce the weight that the plugin adds to the page. I had hoped to makes use of the jQuery UI position function, but killed it due to the fact that UI uses relative positioning, and this causes some "jumps" when the footnote is first shown. I've been forced back the the drawing board to get the behavior right.

I had originally intended to use a file write to create the JavaScript include file on-the-fly so that the options could be passed directly. But it occurred to me that when I setup a hardened public WordPress installation, I remove the rights of the web user to write to the plugins folder.¹ I didn't want to encourage people to undermine the already shaky security that WordPress has shown lately, so that idea was scrapped. Instead, I've turned towards creating a jQuery plugin file. This file would be small (especially once I minify it) and cacheable, and would mean that only a single line of JavaScript code would need to be added to the pages themselves.

CSS has given me similar headaches. It seems that, given the hooks available, I can't examine the post/page content before enqueueing the styles and JS. This means that I have to enqueue them on every page, even if the content on that page will not require the plugin functionality.

In any case, I hope to have the new version rolled out by the end of the week.²

Just wanted to keep everyone abreast of the recent progress.

1. instead relying on SFTP access  (back)
2. I actually think it’ll be sooner, but given my last estimate getting blown out of the damn water, I think I'll stick with this.  (back)

I just thought I'd post quickly about the upcoming update to AJS Footnotes. What started as an update to address some basic issues with the original plugin (oversights on my part, really) has instead led to a much broader revisioning of the plugin's code.

Here you can see the whiteboard ready to go.
AJS Footnotes' Roadmap

New features include:

• A note preview area so you can see how the changes you're making to the note's look and feel affect it in real time.
• Better hover coverage to make it easier for the end user to "capture" the note
• Moving the CSS and JS to external, cacheable files. (If write permissions permit.)
• Alpha channel support¹ (because the shadows look god awful without it.)

The new version will also fix some of the bugs that have been brought to my attention including:

• The lack of a z-index declaration that allows the notes to slide behind other page elements (thanks, Robert)
• The weirdness in where notes sometimes appear.² (Thanks, Aaron)
• The height bug that sometimes causes the following elements to clear in an unholy way (Pointed out by Bastian and originally fixed in the 1.1 version that never seemed to take.)

I had promised several people that this version would be out by the end of this weekend. It is currently extremely early on Monday, so I'm obviously not making that deadline. Still, with the exception of Earth Day celebrations tomorrow, this week is wide open. With a little luck, I might even get the update into WordPress by mid-week, and the WordPress automatic update might even work this time.

1. where appropriate  (back)
2. This fix involves using the jQuey-UI platform, rather than trying to do all the appropriate math myself.  (back)

What's Happening

As most everyone is by now aware, there's a botnet going around attacking WordPress sites on the internet. The bot attempts to gain access to the administration section of the site by brute forcing its way through the admin login.¹

The attack is rather massive in nature, with some 90,000 IP addresses currently identified as having been compromised. It would seem the idea is to place an infected file into the WordPress installation which can then, presumably, be used in later attacks against other targets. A botnet built on web servers is a huge threat, given that servers generally have significantly more bandwidth than your average home computer.

In some instances, this attack has led to an inadvertent DDoS attack on some servers (including this one.)

1. Located, by default, at /wp-admin  (back)

This is a quick post to see if anyone out there can tell me what I've done wrong updating my recent AJS Footnotes Plugin.

Late last night, I received an email from Bastian Zimmermann over at Deliberate-It.de letting me know that the plugin was causing a serious CSS bug. I was able to track the bug down, and get Bastian fixed up. Then I went ahead and did the following to the plugin code.

1. I edited the ajs-footnotes.php file to fix the bug.
2. I changed the trunk code stable tag to 1.1.
3. I copied the trunk code into a new 1.1 folder under the tags directory.
4. I committed the entire thing to the WP repository.

But, as for this morning, the WordPress Plugin Page doesn't show the new version as being an update. Worse yet, it doesn't push the new version as an update in the WordPress system. The download from WordPress is of the correct 1.1 version, but it's still listing 1.0 on the button, as well as the "Current Version" in the "Compatibility" section on the lower right.

Anyone have any idea what I've done wrong. I would like to fix this before the same oversight causes another user trouble.

Thanks in advance!

I've been working on several WordPress plugins that I've always wanted, and it recently occurred to me that it'd be nice to include instructions and form fields that would allow for at least some basic internationalization. I'd like to courteously extend an invitation to anyone who can help me with this. As it turns out, I only speak English, and the Greek and Latin training I received in high-school is only pertinent for individuals who can recall the Peloponnesian War.

If you're reasonably fluent in Spanish, Portuguese, German, French, Italian, Mandarin, or any other non-English language, have a little bit of free time, and would like to get some props (and/or work you need done for free) then use the Contact Page to drop me an email, pretty please.

You can probably barter with me to get a whole site up and running, if you catch me at the right time when I'm not all that busy (like now.)

My first publicly available WordPress plugin was approved this afternoon. It allows an individual writer to include footnotes using a simple inline syntax. You can download the plugin from the AJS Footnotes page at the WordPress Plugin Repository.

Updates are likely to ensue pretty quickly, once a few author's get a chance to break my code.

Next on the plugins list is an autolink plugin to automatically link key words and phrases to certain URLs.

But I think it'll have to wait until tomorrow.

I've finally submitted the AJS Footnotes plugin to the WordPress administrators for its review and subsequent inclusion into the WordPress.org Plugin Directory.

The project page for the plugin can be found at http://www.ajseidl.com/projects/ajs-footnotes/.

This is the first of my many plugins that is intended for public consumption, and I'm giddy as a school girl about the whole thing. Hopefully the good folks at WordPress don't take too long in reviewing it.

In the meantime, I have several other things I have to attend to. This experience was actually a lot of fun, and I've already got plans for my next contribution.

Until then, however, I have to get back to finding work.