So for no apparent reason, several WordPress blogs running under WordPress MU suddenly lost their header images, reverting to the default image.  These images were added to a custom theme using the Custom Header API (check out WPMU Tutorials on Custom Headers). Everything was working fine, and then suddenly some of the sites spontaneously reverted to the default.

Obviously, there’s got to be some sort of trigger lurking out there, but thus far I haven’t found it. The site was upgraded two weeks before The Great Forgetting; it was related to the upgrade, then it must be triggered by something that people don’t do frequently. There are reports of this happening (here and here) on WordPress.com, but their answer is “contact support”.

I’m still beating on a test instance to see if I can replicate it, but if anyone comes across the answer, please let me know.

I’ve been using Twitter for years, and almost since I created my first account I’ve debated the need for splitting it in two: once for my work related tweets, and one for everything else.

It’s was a difficult question, because you can’t easily divide my life into “work” and “non-work” related tweets. The apps I work with every day — Drupal, WordPress MU, iTune, etc. — also happen to power the stuff I use at home.

This is because my friends, both online and off, then to be intensely creative and productive people. They’re podcasters and writers, gamers and hobbyists, and they use all the self-same tools as at my day job. Cross-pollination between the two has been essential to my use of Twitter, and for that reason I’ve been hesitant to spin off a separate account.

And yet … when I go to conferences for work, I find a lot of people using some iteration of their real-world name for twitter … where as I use my gamer handle, @nukehavoc. Now that handle’s fine when I’m at Origins, GenCon, Balticon or some other big geek convention … but it feels a little less professional when I’m at a work conference.

There’s also the fact that while I’m sure some folks enjoy keeping up with my geekier side, I think there’s also some that would rather not have to read through my Star Wars tweets to get to my WordPress MU ones.

So to that end, I’ve created a new account on Twitter for my work and webapp related posts: @knewquist. I still have my @nukehavoc account, but that one’s full-on geeky — it has all my posts about web development, geek parenting, gaming, etc. You can expect some cross-posting between the two, especially when it comes to web development and online technologies, because as I said earlier, the cross-pollination between my different audiences is what makes Twitter work for me.

I’ll freely admit this is an experiment, and I don’t know how well it work out. I’m going to maintain the account for six months; if at the end of that time it proves to be more trouble than it’s worth, I’ll disable it.

I’ve run into a workflow snag with WordPress MU (well, technically the issue is in WordPress; MU just inherits it): authors can’t add or edit pages.

The problem is basically this:

• I have an academic division web site with an administrator or two.


• I have a handful of editors representing the department heads within that division.


• I have authors who need to be able to add and edit (but not publish) pages.

It’s the last part that WordPress doesn’t support. Ideally, I’d love for the “author” role to function like the “contributor” role does for posts, e.g.: a contributor can write and edit their own posts, but they can’t publish anything.  I’d like the author to do the same thing for pages, allowing a second-tier workflow within the site.

Unfortunately WordPress MU doesn’t work this way out of the box, and based on the comments I’ve read online, it seems that WordPress core isn’t interested in changing this functionality because it differs from WordPress traditional blog mindset. Which I understand, but don’t agree with — I think WordPress has grown into a respectable, lightweight content management system, and adding this additional granularity of editorial control would complete that transition.

So the question is: How to do we manage this? One option is to split up a larger site into sub sites; e.g. instead a single division site, you end up with sub sites for each department.

The other option is to go with a third party module. There are two that look good, particularly when used in conjunction with one another:

• Role Scoper: “Assign restrictions and roles to specific pages, posts or categories.”


• Capability Manager: “…provides a simple way to manage role capabilities. Using it, you will be able to change the capabilities of any role, add new roles, copy existing roles into new ones, and add new capabilities to existing roles.”

They look promising, but I haven’t tested either with WordPress MU yet. I’m curious to know how other folks are addressing this problem; if you have any suggestions or experiences to share, please leave a comment!

WordPress MU 2.8.4a refuses to upload .ppsx (PowerPoint Show files for PowerPoint 2007/2008) because the extension hasn’t been defined in the functions “wp_check_filetype” and “wp_ext2type” in /wp-content/functions.php

Not having ppsx defined here causes WordPress? MU to throw the warning “File type does not meet security guidelines. Try another.” when uploading the file (even when the ppsx file type itself is blessed in WPMU’s admin options).

I’ve reported the bug to WordPress MU Track here:

• #1118: PPSX not defined as valid file in functions.php

Update

The fix isn’t quite so straightforward as just adding .ppsx to the list of valid PowerPoint extensions, because technically PowerPoint Shows for 2007 have their own MIME type:

• application/vnd.openxmlformats-officedocument.presentationml.slideshow

As does PowerPoint 2007:

• application/vnd.openxmlformats-officedocument.presentationml.presentation

Specifying the wrong MIME type for PowerPoint Show files caused WordPress to add a .ppt extension to the file, which played havoc with subsequent downloads. The fix was to specify the MIME type in wp_check_filetype:

• ‘ppsx’ => ‘application/vnd.openxmlformats-officedocument.presentationml.slideshow’

My bug report at WordPress MU was closed because this is technically something that needs to be changed in core WordPress; I’ll be reporting it there shortly.

WordPress MU 2.8.1 was just released, and I came across a few bugs while kicking the tires on my MU development site:

• #1037 After upgrade, upgrade banner doesn’t disappear (fixed)


• #1048 WPMU 2.8.1 improperly escaping titles of newly created blogs


• #1049 Editing Blog Settings as Admin fails (fixed)

#1049 was fixed within four minutes of me posting the ticket, which is pretty darn cool.

I also encountered an issue with the Admin-SSL plugin and 2.8.1 that sets up an infinite rerewrite of the blog delete URL; I haven’t had a chance to track it down yet, but the author is working on an update of the plugin to get it working properly with 2.8.

Our Moodle Wikis were working just fine (well, they were working about as well as the Moodle wiki ever does) until 1.9.4. That’s when they broke; you could select and upload a file (e.g. a photo), but the screen would go white (indicating a PHP error) and your file wouldn’t make it to the wiki. As we have a number of wikis that upload photos, this was a problem.

The issue appears to be a change in the default settings for the wiki. Making the wiki configuration tweaks described in this Tracker report fixed the problem:

• MDL-10641 Wiki binary files option broken

In 1.9.4, Moodle introduces a new security report tool which compares your Moodle roles against different security risks. My colleagues and I just spent the afternoon puzzling through the flags that 1.9.4+ raised in our test Moodle install. Unfortunately, “puzzling” is the optimum word here: we spent a big chunk of time just trying to understand what the report was trying to tell us. Here’s what I learned.

To start, you need to understand how Moodle tolerates risks based on roles (defined under “Risks” in the Moodle Docs wiki.):

• Guest - only capabilities without any risks are allowed


• Student - certain capabilities with spam risks are allowed


• Teacher - certain capabilities with XSS and privacy risks are allowed


• Administrator - all capabilities are allowed

This is important because any custom roles you’ve created are evaluated based on the legacy role that spawned them. So if you start with a student role, and give it some more advanced teacher-like options that allow XSS capabilities, then Moodle will set a critical warning flag because its exceeded the capabilities normally associated with a student.

I need to doublecheck this, but I think that if you change the legacy role associated with the custom role in question to “teacher”, then your custom capabilities will remain the same, but the report will run against the more permissive teacher role. That said, you may not want to get rid of the warnings (since it is helpful to know what a “super student” role could get themselves into) but at least this write-up should help you understand them.

I’d love to see Moodle create a more user-friendly report that says something like:

• “Your role ‘Teacher Assistant’ is based on the legacy role ‘Student’. By default, students are not allowed to have capabilities that permit Cross Site Scripting (XSS), but your custom role allows the following XSS capabilities” — I’d then include a list of the problem capabilities.

You can contribute to improving the Security Report by reading/commenting on this tracker item:

• MDL-18078: Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report

I just ran into an obscure error on our Shibboleth-based implementation of Moodle; when accessing the site with Firefox 3/WinXP a user reported the following error:

“overLIB 4.10 or later is required for the CSS Style Plugin”

A little searching revealed that this is apparently a problem with the browser’s cache; clearing the cache causes it to go away. If you’re proxying Moodle, you may need to clear the proxy’s cache as well. There’s no Tracker item for it; I thought of adding one, but this isn’t really a Moodle problem — it’s a browser one.

• moodle.org: Overlib problem (moodle thread discussing the problem and fixes)


• octette.cs.man.ac.uk overLIB 4.10 or later is required for the CSS Style Plugin

Audio recording tools for Moodle are something that’s come up several times on campus. English and foreign languages faculty would love to be able to use such a tool with students; in English they’d use it to work on student’s inflections and readings of poetry, while foreign languages would use it as part of spoken language critques.

I experimented with using NanoGong to do this, but unfortunately it was just too unstable; the Java applet running it refused to save files on two of the three computers I tried it on … including computers on which it had worked.

COVCELLL has created the audio recording assignment that works with Moodle 1.9. I haven’t had a chance to try it yet, and would love to hear from anyone who has.