WP Mollom “Back to school” 0.6.0

Gepost op door Matthias

On the 1st of september, kids go back to school here in Belgium. And so, with a week to go, I was able to get a new release out. I intended it to be a bugfix release with version number 0.5.3, but I got a bit carried away and some feature creep happened. So I decided to give it version number 0.6.0.

Here’s the changelog:

  • fixed: html is preserved in a comment when the visitor is confronted with the captcha
  • fixed: handling of session id’s in show_captcha() en check_captcha() follows the API flow better.
  • fixed: broken bulk moderation of comments is now fixed
  • fixed: the IP adress was incorrectly passed to the ‘mollom.checkCaptcha’ call
  • fixed: the session_id is now passed correctly to _save_session() after the captcha is checked.
  • improved: more verbose status messages report when using the Mollom Manage module
  • improved: cleaned up some deprecated functions
  • improved: handling of Mollom feedback in _mollom_send_feedback() function
  • added: approve and unapprove options in the Mollom Manage module
  • added: link to the originating post in the Mollom Manage module
  • added: if a comment had to pass a CAPTCHA, it will be indicated in the Mollom Manage module
  • added: plugin has it’s own HTTP USER AGENT string which will be send with XML RPC calls to the API
  • added: detailed statistics. You can find these under Plugins > Mollom

My personal favourite are the new statistics. I like shiny bar graphs. Dries and Benjamin let me use the flash object to generate statistics based on the data of their Mollom services. But I decided to keep some statistics on the ‘client’ i.e. your site’s side.

WP Mollom Statistics

How to install this shiny new version?

  1. If you have Akismet running: shut it down in the plugins panel.
  2. Upload wp-mollom.php in your plugins/ folder and activate the plugin.
  3. Get a public/private key by registering your site on mollom.com.
  4. Go to ‘settings’ in the WordPress Administration and configure the plugin.
  5. That’s it… your blog is protected by the forces of Mollom.

The idea is that Mollom takes away most of your moderation needs. But from time to time, you might get confronted with a false positive. In the ‘comments’ section of your WordPress Administration panel, you find the Mollom Moderation Module which gives you lots of control.

What are you waiting for? Just give it a go!

Wordpress Extend host naast plugins, sinds kort ook themes. Wat eigenlijk een logische stap is. themes.wordpress.net aanvaardde immers reeds lang geen nieuwe themes meer. Als je je eigen theme schrijft: host die dan op Wordpress Extend. (1)

WP Mollom 0.5.2

Gepost op door Matthias

So, I wrapped up version 0.5.2 of WP Mollom today. This release is all about fixing several bugs.

  • fixed: passing $comment instead of the direct input from $_POST to the show_captcha() and check_captcha() functions.
  • improved: implemented wpdb->prepare() in vunerable queries
  • improved: mollom_activate() function now more robust
  • changed: mollom_author_ip() reflects changes in the API documentation. This is to catch up on the abuse of proxies by spammers. If your host uses a reverse proxy and you know the ip(‘s), just enter them in the dashboard. The plugin takes care of the rest.

I tried to make the plugin compatible with the WP OpenID plugin over the past weeks. But no dice. Stable version 2.1.9 of WP OpenID doesn’t deal with extra fields added to the HTTP POST by other plugins when a request is send to wp-comments-post.php. This causes WP Mollom’s CAPTCHA form and subsequent checks to malfunction.

The good news is that Will Norris of WP OpenID is aware of the problem. The development version does contain a fix for this problem and is actually compatible with WP Mollom. You can check out a copy from the DiSo Project’s Google Code repository if you really want OpenID and Mollom support on your site.

As always: refer to the documentation regarding all the in’s and out’s.

WordPress 2.6

Gepost op door Matthias

WordPress 2.6 just got released. It contains lots of bug fixes and new features. Like versioning if you work in a collaborative environment, a ‘press this’ button, extended gravatar support and much more. Watch the introductory movie on wordpress.org. 2.6 is named ‘Tyner’ after jazz pianist McCoy Tyner.

Of course, I’m going to test the plugin on 2.6 in the next couple of days.

Mollom vs Netsensei

Gepost op door Matthias

Over the past days, there were some hiccups with WP Mollom on my blog. Comments that were kept back and the likes. I had an little bit outdated version of the plugin running. Of course, over the past weeks since 0.5.1, I received quite some feedback. And over the weekend, there was a small adjustement in the Mollom API.

So I took action and during my daily commute from and to Leuven, I took the time to fix things up. I’m now running a test version of 0.5.2 on my blog. I improved the SQL yet again (thanks, Ben!) and a bug in the CAPTCHA form.

So drop a me line in the comments and if things don’t work out, don’t hesitate to contact me!

If you’re really willing, you can always give the development version a go. It contains all the latest changes and updates, but might not be so stable.

WP Mollom featured on Mollom.com

Gepost op door Matthias

The plugin got featured over the weekend on mollom.com. It has now it’s own place in their downloadsection. How neat is that!

Mollom Featured

During my four days of relaxing at Rock Werchter, I received some much needed feedback from you. Over the weekend, I realized there are still an issue or two which needs taking care of. There was also a minor change in the API documentation which needs implementing.

WP Mollom “Holiday Edition” 0.5.1

Gepost op door Matthias

I just released a minor update of WP Mollom with some bugfixes. This is the changelog:

  • Fixed: minor issues with the Captcha not being rendered correctly
  • Added: mollom_manage_wp_queue() function which adds Mollom support to the default comment administration panel
  • Improved: updating from a previous version is now more robust

More info and download on WordPress Extend

Mollom 0.5.0 out now!

Gepost op door Matthias

It took me the better part of June to prepare a new version of Mollom. But today I released version 0.5.0. You can download the package here.

So, a lot has changed since version 0.4.0…

  • I rewrote the SQL after this suggestion on Pressed Words. Mollom now uses it’s own table to store all it’s data instead of fumbling with the WordPress data model.
  • I fixed the incompatibility issues with WordPress OpenID plugin.
  • Improved the error handling.
  • Status messages are now a lot more verbose
  • Added the mollom_moderate_comment($comment_id) tag for use in templates and themes. This allows direct moderation of a comment without first having to go to the dashboard.
  • … a lot more!

So download, go forth and protect your blog against those vile spammers through Mollom!

WP Mollom and WP OpenID

Gepost op door Matthias

These two weren’t the best friends over the past couple of weeks. Since someone notified me they weren’t compatible, it took some time to figure out what was going wrong. My initial suspects was an icky way of dealing with the action hooks. Either by my plugin or WP OpenID. But after extensive testing, I concluded that the order in which the action hooks call the different plugin functions, wasn’t problem.

I identified the problem as the comment data getting lost somewhere along the way. I tested the OpenID plugin and the transition to the Mollom plugin. In the end, I could narrow the problem down to odd behaviour of global variables in WordPress. Let’s take a look at this bit of code:


function dosomething($ds_comment) {
global $ds_comment;
print_r($ds_comment);
return $ds_comment;
}
add_action('preprocess_comment', 'dosomething');

For brevity’s sake, I ommitted the obligatory WordPress plugin header. But if you add it, put this bit in a seperate file, upload it to your plugins/ folder and activate. Now you can test if yourself. The idea is that the array containing the commentdata is shown in your browser just before putting it in the database (notice that your browser doesn’t redirect to the original page, but that’s not the issue here). In reality, you’ll get a blanco page. Meaning the array $ds_comment is in fact empty. Further on, you’ll just pass empty variables and in the end save an empty record to your database. The comment got lost into cyberoblivion. Not very nice.

Now. Just comment out or remove the global $ds_comment; bit and try again. Now, if you submit a new comment, the data will be output to the browser nicely.

Conclusion: If you make the very same variable that was passed as an argument through the function, global, the data just gets lost. Very odd. Now, if you create a new, empty, global variable within the function and assign the data from $ds_comment to it, there is no problem whatsoever.

I wonder how this could happen…

Ow. Making a lot of variables global, especially those with sensitive data, is not really best practice. There are more gracious ways of passing data around like OO programming design or paying attention to correct function reuse. In a future incarnation, I’ll try to reduce the amount of globals I use. For now, I just want the damn thing to behave like it should. ;-)

It’s out!

Gepost op door Matthias

Well, nothing more to say for now: it’s out. You can download and play with it. It’s a first beta version so beasts can roar it’s head if you have a heavily customized wordpress installation with loads of plugins. Please, drop me a line with all your feedback, code, concerns, requests!

A big thank you to Dries, Benjamin, the testers and all those people that supported me!

Release of WP Mollom

Gepost op door Matthias

So. I scheduled a first public beta release of my Mollom plugin somewhere tonight (CET/UTC+1). The plugin runs quite stable on my own weblog and spam is happily being blocked. I didn’t receive major complaints from testers or users on my own blog in the past week. Yesterday, I cleared the code with Dries who took a glance at the major functionality.

Of course, it wouldn’t be a first beta release if there aren’t still some irks lurking around in the code. This morning, Leo Arias mailed me that the plugin won’t work together with the WP OpenId plugin. Having toyed with my own OpenID implementation for WordPress, I’m not a great proponent of this technology. The way you have to design a plugin implies using several shortcuts. I’m not going to push my release back now, though. I will try to fix this issue in the next release.

My code will also be thoroughly reviewed by the Mollom people.

Thanks to all the testers and those who just listed to become a tester!

Mollom workflow

Gepost op door Matthias

Dries made me a nice diagram on the process flow of Mollom. It shows the order in which your Mollom programmable should excute the different API calls.

Note: You should never try to save data to the database before all the Mollom checks including the CAPTCHA have been cleared. The idea is that through the challenge-response flow, the contributor has to validated him/herself as a human instead of forcing the administrator to make an educated guess.

As for the plugin itself: I noticed several small booboo’s myself over the weekend and sorted them out. A public release should be very soon-ish.

Statistics for Mollom

Gepost op door Matthias

Because numbers and graphics can express so much more then words: a visualisation of how Mollom is protecting my blog against spam. I’ve been testing my plugin on and off for the past 2 weeks on my own blog.

Mollom for WordPress

The new beta release is almost ready by the way. Just need to pack and ship it to the testers tonight. So here’s what’s new:

  • Decoupled moderation from the CAPTCHA test. Moderation is now optional. If you fail to complete the CAPTCHA, your comment is not saved to the database.
  • Major improvement of the error handling. I dove into WordPress’ error handling. I think people should make more use of the WP_Error class in combination with wp_die(). Maybe I’ll do a small item on that one.
  • I added trackback support. Of course, displaying CAPTCHA’s for trackbacks isn’t going to work. So after discussing it with Dries, instead of trying to solve the CAPTCHA problem, those trackbacks are blocked as well.

As things get finalized, I’m thinking about doing a very first public beta release sometime next week. I had very few feedback from testers so far in fact. If people are still interested in joining me for a last spin: drop me a line!

To moderate… or not?

Gepost op door Matthias

Well, I adjusted some of the plugin code over the weekend. The comments’ data (name, e-mail, url, content) isn’t stored in the database anymore but embedded in the CAPTCHA form as a collection of hidden fields. As I don’t want to store the data clientside (cookies and the likes) this seems to be the best way out. The comment is saved only if the CAPTCHA test was succesfully completed.

A particular issue I face are special characters like backslashes, quotes,… things you might encounter in URL’s and such. Luckily, WordPress is quite flexible as it takes this into account during the process of saving a comment in the database. The issue I have to focus on is not breaking the HTML CAPTCHA form itself. This will probably need some extensive testing.

The new version is already protecting this blog against comment spam. If everything goes well, the moderation queue should stay empty of unprocessable spam. In fact, it changes the usage of the queue entirely: instead of an indispensable tool, it becomes an optional means to teach Mollom if a message contains spam, profanity,… You don’t need to use it, but it allows you to correct Mollom in those few cases that may slip through.

Next up: implement functionality against trackback spam. I hope to get that part finished near the end of next week so I can put out a new betaversion of the plugin.

To moderate… or not?

Gepost op door Matthias

Today, I had an e-mail discussion with Dries and Benjamin over the use of a moderation queue within the context Mollom provides. I have on implemented in my plugin. The idea is that ‘unsure’ comments that don’t get through the CAPTCHA test, land in a moderation queue… sort of.

Mollom was actually designed to get rid of the queue. Checking if a commenter is human or a spambot happens through the CAPTCHA test. Early on in the process of posting a comment. That makes a queue where an administrator has to do the check after the facts quite unnecessary.

The problem is that the way I designed the plugin forced me use a moderation queue altogether. ‘Unsure’ labelled comments happen to land in the database, before the CAPTCHA check. Two months ago, that seemed the logical way out to me. Dries gave me some more insight in the workings of the Drupal module and was able to convince me to seperate the CAPTCHA check from the moderation queue. (I am not nearly into Drupal as I am into the workings of WordPress!)

So. It’s a bit back to the drawingboard for me as this means some parts of the plugin need to be reviewed.

Mollom going strong

Gepost op door Matthias

Okay. It’s been almost two weeks since I released the first installment of my Mollom plugin to the testers. I got some feedback and started hacking away. I’m almost ready to release a new betaversion. So, here’s a list of what’s been improved:

  • Added: bulk moderation of unmoderated comments
  • Added: policy mode. If Mollom services are down, you can choose to automattically restrict access to commenting
  • Improved: when the plugin is deactivated, the database is restored to it’s previous state (all Mollom related data will be removed)
  • Improved: only comments with a mollom session id are now shown in the mollom moderation queue (relevance)
  • Improved: assigning a mollom session id to a comment
  • Improved: the moderation queue interface is more userfriendly
  • Improved: Configuration of the plugin
  • Improved: error handling

As you can guess, I’ve not implemented trackback support yet. Dries and Benjamin suggested to send ‘unsure’ trackbacks to the moderation queue and skip the whole CAPTCHA part. I’m going to implement and release that one in the last testversion.

On a sidenote: I didn’t take into account that the plugin should work with WordPress MU but one of the testers tried it anyway. Apparently, next to a few minor bugs, the plugin seemed to function. Which is a nice bonus.

I still need testers, though. The more the better. So if people are interested to take part: please mail me!