Someone mentioned that the winners of WBT plugin contest have huge security holes, quoting the famous XSS and CSRF attacks that haunt virtually every php script that uses get requests.
I’ve made a small fix to change XSS(though it wouldn’t be able to do any damage), and though CSRF, something that affects almost every php script using get.
My opinion:
Virtually every script that uses a get request has this problem, and I anticipated this, and someone’s making a really big deal out of this, and everyone are scared.
Lunching the attack would require your hostname and a script custom tailored to your blog, and you need to be logged in. And in all probability you’re not important enough
Using nonce:
I won’t be able to use wp_nonce as the firefox extension calls in a url and wp_nonce is only accessible from within the wp install.
Action Taken:
I will release a patch in the weekend with a “paranoid mode”/”vista mode”(haven’t decided on the name) which will bug you to confirm when you’re installing any theme/plugin, fixing the “bug”, but being extremely annoying at the same time. This can be enabled or disabled depending on what the user wants.
Thought about this during class, it’s a new wordpress plugin that allows anyone to embed your post in a youtube like flash window. It’s a little hard to explain, but imagine this
Person A comes to your site, likes a post, and wants to present it to his/her own readers.
Normally, he/she’d quote a small portion, and link to it.
With inject, he/she can copy a small html block and paste in the webpage or blog, and the entire post text is presented as a small text flash scrollable area. A little hard to explain, but it allows people to embed your posts, counts as a link.
OneClick is nearing stability. Almost all bugs are fixed except two.
Conflict with other plugins using the pclzip library: Many plugins, including keith’s WPAU plugin uses the PCLZip library to unzip files. Since I tried to redeclare the class, php classifies that as an illegal error. I’m releasing a fix for it tonight. Thanks to Kirk for pointing it out and testing it out. You can read about the final fix.
Theme Folders: Thanks, Tom for pointing this out. Turns out a lot of theme authors sometime put the files of a theme in the root folder of a zip file, and this is blindly extracted in the theme folder, making a giant mess.
*Most* themes, however don’t do this. But K2 does. So will have to check how many file/folders exist in a zip file. If there are more than one, make it in a new directory, or else do the standard procedure.
Please update oneclick tonight (around 6:30 GMT) when the fix will be released.
Aaaargh. The worst virus attack I’d ever seen. I’d gotten infected by a low risk virus W32.Nimida, and I asked the scanner to repair the system. The f*king antivirus took the liberty of deleting nearly every executable on my hard drive.
Back to linux for me. Now that I won’t be doing any major coding or computer intensive task, I wanna configure ubuntu to just play music and read websites.
I got beryl working right after a long time. It looks nice, and I absolutely *love* the drop shadows near the windows. Wonder why nobody uses it for webdesign.
I got the entire system configured very fast. In under 20 minutes (of course I wrote a shell script and let it run for about three hours installing and configuring all my software). It would’ve been faster if I’d installed debian, but the local mirror is broken and xserver won’t start if people install it, so I left it at that.
After lots of coaxing, Iluvatar’s finally putting a local mirror for ubuntu, this would make a lot of difference for me.
I was just used to the windows fonts for a long while and my website looks a little odd in linux, but still pretty good.
OneClick is a Wordpress Plugin+Firefox Extension combo which will change the way you look at wordpress forever. It reduces the effort needed to install a plugin or a theme for wordpress to just one simple click. It’s excellent for admins, non-techies, people with restrictive firewalls, and just about anyone who uses wordpress and installs plugins and themes.
OneClick is my first wordpress plugin, and my first attempt at writing PHP even! The initial release was extremely popular, with over 1900 downloads, and mentioned at over 160 weblogs around the world, and in under three weeks!!!
Sidenote: If you like this plugin, please give it a thumbs up by rating it at the WBT Plugin Competition
Quick Feature tour
Here are a couple of quick screenshots to show off the new features, including diagnostics and the firefox extension.
Installing a plugin from Wordpress extend:
Installing a theme from themes.wordpress.net
Diagnostics showing that an update is available
Here’s a small slideshow summarizing the abilities of OneClick:
Important Updates
You don’t need to chmod the folders to 0777 like previously mentioned, 0755 will do.Thanks Rishi
The new upload(dated 3rd August), comes with Auto-update enabled(was accidentally disabled in the previous release), so you’ll never miss a bugfix or a new feature.
Install Instructions
Download, unzip, upload via ftp (doing so for the last time in your life)
or: if you have oneclick version 0.42, just use the zip file.
If it doesen’t work right away, (might not work on 1% of the hosts, you may need to chmod to 755. To do this, use a ftp client like filezilla, and right click, choose “file attributes”, and set write permissions for group.
Usage:
There are three ways to use oneclick:
1. Using the file upload:
In the “Install from local file” region, select the zip file of the plugin or theme and select the type, and click on the button.
2. Using the file URL
Enter the URL of the zip file. Be careful to not enter the URL for the download page/etc, but of the actual zip file. If the URL seems fishy, you’re best off downloading and using the file upload. OneClick works best with direct urls and most php based downloads.
3. Using the firefox extension
This is the coolest way to install a plugin or a theme. Right click on the download link(same rules apply as in 2) and select wether it’s a theme or a plugin, and it should work fine.
4. Deleting Files
You can easily delete folders and files. Just be careful while deleting them, it’s permanent and there isn’t any warning before deleting.
Features:
The main features of this plugin are:
Install any plugin/theme from the zip file on your hard drive.
Install any plugin/theme from any URL of the zip file
perform easy maintenance and upgrades
automatically checks for updates, and installs updates itself, if required.
Auto diagnostics wether everything is working properly.
OneClick is also the only wordpress plugin to come bundled with it’s own firefox extension. If you see any cool link to download a plugin or a theme, (like the ones on this page, wordpress extend, or themes.wordpress.net), all you need to do is right click on any link and select the type(theme/plugin) and it’ll get automatically uploaded.
OneClick also comes with the purgatory, a backup and deletion system that is completely independent of wordpress’ database and php, so if a plugin messes up the entire admin interface, you can easily delete it.
Apart from that some other features are:
One touch zip backup of all your themes and plugins for your downloading pleasure.
experimental “upload and auto-activate”(disabled in the current release, but easy enough to try for the brave at heart)
Quick notes:
Using the firefox extension: Install the extenison, restart firefox, go to Tools/Addons/OneClick and select the “options” button on it. Now log into your wp-admin, and open the oneclick installer. Now enter this url, typically (blog url)/wp-admin/admin.php?page=oneclick/oneclick.php and now you can use it.
Also, while installing, be sure that the link on which you’re right clicking is the Zip file of the plugin or theme. It should be a simple, non-encrypted url for a zip file, and only then it’ll work.
Downloads
The following files are available for download:
Notes(please read):
1. I understand there’s a slight bug with the code in the auto updating feature, but it will be fixed soon. The plugin should work fine however.
2. The stable version is going to come out in a few weeks. Am doing some testing, it’ll also be translated into German, Chinese, Japanese, French, Italian, and Kannada.
3. I’m closing the comments section. A big big big thank you for all of you for your support and kind words.
4. I’ve written a new and super-cool plugin for wordpress. I’ll be keeping this website plugin news free for a while, as it’s my personal website. You can read about my new plugin at Brajeshwar’s Website.
5. OneClick development has moved to googlecode. Head over to http://oneclick.googlecode.com for trying out experimental versions, joining in on the development, reporting bugs, or trying out the latest experimental version from SVN.
6. The new version is going to kick ass, with automatic detection wether the file is a plugin or theme, integration with wordpress plugin extend, support for multiple blogs, more security for the nuts, upgrades all your plugins with one click, and lots more. Lots of happiness for everyone! (Now playing: Hey Jude by the Beatles. (na-na-na na na!))
There is numerous software available for taking data backup and for making disaster recovery from an unusual state of the system. Some are used to enhance the pbx working logically. The use of spyware software has increased over the time as the internet usage has increased rapidly.
OneClick is powered by the PclZip library, and Amon Amarth (have a look at my last.fm weekly chart when I was developing it (link))
Thanks for your interest in sponsoring OneClick, it’s recieved a lot of attention, thanks to the vibrant Wordpress and open source community, weblogtoolscollection and the others who supported the Wordpress Plugin competition.
OneClick 0.9 RC1 is officially released. Get it here. Leave comments/questions and feedback on this post.
Search
About Me
I am Anirudh Sanjeev, a 20 year old IIT Undergrad. I play with usability, aesthetics, and code, and sortof play the bass. I love coffee, heavy metal, intelligent conversation, and bunnies.
Latest Comments
RSS