Pie Palace

I’ve updated the MiniPosts plugin. This is a fix of a bug that was exposed by WordPress 2.1. In a nutshell: to detect changes in a posts aside status, the original author of MiniPosts hooked the edit_post action. It turns out that the edit_post action is called when comments are added to a post, which caused the callback to de-minipost-ify the blog entry.

Since the edit_post hook is called from all over the place, I’ve associated a nonce¹ with the checkbox that the user fills out for the miniposts. That allows the plugin to tell the difference between a legitimate change request, and a random one triggered by the promiscuous edit_post hook. That approach was suggested by Mark Jaquith.

Download version 0.6.4 or visit the MiniPosts project page.

1. A nonce is a secret number that has no real meaning, but occurs alongside of data you care about. Whenever you get data that you care about, you check it to see if the nonce is the value you expect. If the data is forged, the attacker will have to guess a value for the nonce. Since there are a huge number of possible nonces, an attacker has a pretty low chance of getting it right and fooling you into thinking that it’s coming from a legitimate source. (back)