… in the usual places.

For TDO Mini Forms, lots of small bug fixes (including one that was preventing some unregistered users from using a form) plus an Auto Respond Email widget and the ability to get moderation emails even if you’ve turned of moderation for a form.

For TDO Tag Fixes, just some bug fixes that have been hanging around for a bit on my private test server. I also plan to do some extra work on this in the next while, specifically around adding a “Tag Surfer” widget. We’ll see how much time I get.

And because I’ve moved to a new host, I can include and my Amazon wishlist for those who’d like to see TDO Mini Forms and TDO Tag Fixes keep on improving….

Update #1: It’s not my day. In my rush to get v0.12.1 out, I copied in some broken code to SVN. Nothing critical, just prevents TDOMF from running. v0.12.2 fixes this.

I’ve discovered a security risk in v0.12 of TDO Mini Forms if you use Custom Fields and the “Append to Post” format option. This was introduced during the implementation of the Form Hacker. I’ve already prepared a fix (v0.12.1 v0.12.2) for this and it is now on Wordpress.org (but it may take a few minutes before you can download it).

I strongly advise anyone using v0.12 to upgrade as soon as possible. If you can’t currently upgrade, please consider downgrading to the v0.11.1 or disabling the plugin until you can upgrade to v0.12.1 v0.12.2.

I do not know if anyone has been exploited by this hole, however I would also recommend carefully checking the HTML of submissions done with v0.12 for any PHP tags that might have slipped in the post content or custom fields.

I apologise for this and hope no-one is inconvenienced by it.

I’ve just released TDO Mini Forms v0.12 (get it in all the usual places). You should soon be able to automatically update it in your Wordpress install. Loads of new features; initial release of Form Hacker, AJAX forms, Categories Widget now supports Checkboxes and Radio buttons, new template tags and more bug fixes. You can see the full changelog after the “more” link.

I’ve had to disable the form import/export for this release as it was not playing nice with Form Hacker. The tdomfinfo() is also adversely affected by Form Hacker. Apologises for this, will fix as soon as I can.

Whats next now is to finish off bits and pieces to do with Form Hacker and probably spend time doing bug fixes. For me, at least, the next big feature is Post Editing. I’ve long ignored it, but I have to tackle it soon before I start on all the other little things that need to be done. Up until recently, every time I started to think about Post Editing, I would get carried away with trying to imagine some sort of generic framework where I could add modules to submit/edit anything in WP. But I’ve restrained myself and plan to attempt to add Form Editing (with an option for delete) without trying to reinvent tdo-mini-forms. Also, I don’t see the point of doing more than Post edit/submit/delete.

Enjoy v0.12!

Read More…

The Form Hacker is working! The soon-to-be-released new version of TDOMF will contain the first release of Form Hacker. With Form Hacker you can modify the outputted code of the Form, so you can move around fields from different widgets, change the “Post Text” text, format the form anyway you, add new PHP code, and many other things. It is quite powerful so be careful using it. The only limitation at the moment is that you can not modify the preview output or the Upload Files widget. I’m currently working on this and it may/may not be in the next release.

Also, with the Form Hacker, you can modify any and all messages that TDOMF prints out, such as the “your submission is now in moderation” or “you doesn’t have permissions to use this form” messages. The only limitation is that you can’t currently modify the messages from widgets, such as the notify-me emails. This is something I will be adding soon.

I’ve done some updates to the widgets too. The Text widget now supports several macros and can included PHP code for really advance stuff. The Categories widget can now display as checkboxes or radio buttons (thanks sillybean.net for that one).

And I’ve added two new options, the first one allows you to choose if you want to redirect to a submission after posting if moderation is disabled and set a fixed size for the log (several people reported issues with memory allocation and the log).

Hopefully by Friday, I’ll have version 0.12 out for you all. If you can’t wait, you can always grab the dev version which has the latest working code.

It was just taking a break! My host went unexpectedly down for a little period and so the TDOMF support forums were down and so too were all my development and test sites. Which meant that I was unable to do any work on TDOMF during the down period, which is why people’s requests on the forums and Wordpress.org went by largely ignored by me. I saw them, but there was little I could do to answer them. I’ll should be back getting back into the swing of things by next week, depending on how much sleep I manage to recoup over the next week.

But before it all went down I had started work on several features. Specifically to do with the problem of spam. My host had upgraded their PHP version and suddenly the TDOMF image captcha no longer worked on the forums and I had to remove it, otherwise no-one could post. Suddenly spam appeared. The one-question-captcha widget had zero effect on it. So I turned on moderation to prevent any more slipping through. I now have a queue of genuine spam submissions for TDOMF, so I thought, why not implement Akismet integration now with some real data. And it was coming together before my host went down. Now that things are starting to get back up to speed, I can start to look at finishing this work. I also want to look at throttling submissions - as in allowing a max limit of submission per user (or IP) per set period of time. And also expanding the one-question-captcha to support multiple random questions. I would hope these combination of features would provide enough tools to handle spam.

I will also look at queueing approved/published TDOMF posts. More than one person has asked for such a feature. The idea being that when you approve a TDOMF submission, it’ll only publish after X time after the last published post, creating a queue of published posts.

I still have the Form Hacker and AJAX features half done, but they require a lot of tweaking so they won’t make it into the next release.

After that I’m seriously thinking about looking at editing (and deleting) posts functionality. It’ll be a big chunk of work, but the time may be right for it.

I also see that Wordpress has gone to 2.5.1. Time to upgrade again.

Anyway, it’s good to be back and please be patient while I get up to speed.