Email Users v4.8.0-beta-2 available

I received a new translation (Danish) and updated all of the other translation files for Email Users and have rolled out a new beta release.  There is no new functionality in this beta release as compared to beta-1.

If you have the ability to update a translation, please contact me so I can get you the source files.

Email Users Beta (235 downloads)

Email Users v4.8.0-beta-1 available

Earlier today I released Email Users v4.7.10 which is the formal release of a number of fixes I’ve had in the queue.  Now that it is out, I’ve moved on to the first real new functionality in a while which is why this will be v4.8.x.

Recently there was a 1 Star rated review of Email Users which had a comment about not being able to search for a user in a list of potential recipients.  As you can see in the comments, I didn’t disagree with the user although what they wanted to do was sort of possible.

I’ve used the jQuery Chosen plugin a couple times and it works great for making SELECT elements much more user friendly.  I decided to add it to Email Users to make finding users, particularly for sites which have lots of users, much easier.  If you used WooCommerce, you’re familiar with Chosen as that is what WooCommerce uses for SELECT elements as well.

The v4.8.0-beta-1 release is the first implementation of Email Users with the jQuery Chosen plugin integration.  Please download it, try it out, and report any issues or concerns.

Implementing Chosen allows for easy search and selection as noted in these images.

EU_SS_47

From the Send to User(s) page

EU_SS_48

From the Send to Group(s) page

EU_SS_49

From the Send to Group(s) page after entering “au” to do some filtering

Email Users Beta (235 downloads)

Google Forms v0.83-beta-1 available

Based on a question in the Support Forum I have added a new feature to suppress breaking a form into multiple columns when the browser is narrower than a specified width (e.g. on a phone).  This should allow forms which are set up for columns to be presented better on phones and tablets.

GForm_SS_88

If you’d like to try out this feature, download this beta release and provide feedback on any issues.  By default, the plugin will handle columns exactly as it always has.

Google Forms Beta (464 downloads)

Email Users v4.7.10-beta-4 available

I have just posted beta-4 of Email Users v4.7.10.  This beta update fixes another issue with the line breaks (hopefully the last one) and also adds the capability to use or include the user’s email address when sorting and/or displaying the user selection lists.

EU_SS_46

Email Users Beta (235 downloads)

Email Users v4.7.10-beta-3 available

I had started looking at bounce issues a while back but never completed the work.  It turns out bounce emails are problematic and the PHPMailer code included with WordPress has deprecated support for it.  I’ve made some minor changes that may help those trying to use the bounce email address capability.

I stress the “may” aspect of it because my own testing I have been unable to get it to work.  I have not seen anything not working from the changes I’ve made but I have not received any bounce emails either.  They simply seem to go in the bit bucket as far as I can tell.

Due to this unreliability I am recommending against using the bounce email address feature and have added a warning on the settings page advising as much which appears when a bounce address is set.

EU_SS_45

From looking at email headers this morning, I believe they are constructed properly.  I have no idea when bounced messages are actually routed versus discarded and different email servers seem to do it differently.

Email Users Beta (235 downloads)

Email Users v4.7.10-beta-2 available

This version of Email Users adds a new option to enable apply WordPress’ wpautop function to post content prior to sending it as part of a Post/Page notification email.  This will allow retaining the line breaks in post content as they are shown with the visible editor.  This new option is NOT enabled by default – it must be set on the Email Users settings page.  I chose to do this because it would be a change of behavior for users who have been using the plugin and may yield unexpected results.

EU_SS_40

The difference between what a post notification with and without this setting checked can be seen in the following images:

Test Notification without “Process Content with wpautop” option:

EU_SS_43

Test Notification with “Process Content with wpautop” option:

EU_SS_42

Email received from “Send to User(s)”:

This option also ensures that email composed with the Visual Editor is correctly processed.  The images below show the compose screen within WordPress and the view of the received email within Gmail.

EU_SS_44

EU_SS_41

Download the beta and report any issues encountered.

Email Users Beta (235 downloads)

Dealing with login attacks

For the past month or so, my main site (this one) plus a couple others I have on the same hosting account have been under constant brute force login attack. A long time ago I had set up the Limit Login Attempts plugin and it seemed to be helping. But it doesn’t stop the attacks. It just makes the attackers change their IP addresses more frequently.

Like a lot of WordPress developers, I have a number of sites I’ve thrown together to show someone something or to test things out. I usually clean them up when I am done with them but every once in a while I forget about them. It looks like one of the really old ones I had forgotten about was compromised in early August. As a result I had some malware all over my hosting account. Bah. What a PITA to clean up.

I did a few things fairly quickly:

  1. I deleted all of the sites I no longer needed. I should have done this a long time ago as there was some really old stuff just sitting around in my hosting account.
  2. I installed a fresh copy of the latest WordPress release to overwrite any files which were infected.
  3. I installed Securi Scanner plugin which was pretty good and identifying a bunch of files which shouldn’t be present. Unfortunately it doesn’t handle the wp-content folder (where plugins, themes, and uploads all live by default).

These things cleaned up a lot. This left me to find what else was suspect. The suspect code had a pattern to it where the one or two variables, $qV[] and $sF[], was always present. I used a couple “find” commands to find all of the PHP files which contained these variables.  Some I found, some I edited, some I simply removed.


find . -type f -name '*.php' -exec grep -l '$sF' {} \;
vi `find . -type f -name '*.php' -exec grep -l '$sF' {} \;`
rm `find . -type f -name '*.php' -exec grep -l '$sF' {} \;`

Similarly, there was a suspect Javascript files.  In the end, it took me the several hours a day across 2-3 days to clean up the mess.  Yuch.  Since this happened I’ve installed Sucuri Security and it seems to have helped.  The one downside I ran into was using some of the “hardening” features seems to have created a .htaccess file in the wp-includes folder which prevented the Visual Editor from working.  That took a little while to track down.

 

Email User 4.7.6 released

About a week ago I got a notice from WordPress.org letting me know Email Users had been de-listed from the plugin repository due to potential security exploit. While the odds were low, it was still a vulnerability which required fixing. This came at a time I was heading to Taiwan for work so my ability to fix it quickly was limited.

This morning I had some cycles to work on it while traveling home. I made the necessary fixes, committed them to Subversion, and informed WordPress.org. I just received a notice from WordPress that Email Users has been listed again. It may take a day or two to propagate through their cache.

Look for the version update notice on your Dashboard and I highly recommend installing this update. There is one other fix for users who use the Ithinx Groups plugin which had a bug in it.

wp-SwimTeam v1.45 released

Today I released wp-SwimTeam v1.45 which fixes a possible security problem I was alerted to as well as addresses a number of bugs.  The CSV roster export bug was the primary issue holding up getting this release out, I fixed the security problem last week.

It turns out I had implemented a method in both a parent class and (redundantly) in a child class as well.  The RE1, SDIF, and HY3 exports all (properly) used the method from the parent class but the CSV export was using the child class version.  It took me a while to sort it out as I was staring at the wrong code trying to determine what was wrong. It turns out, nothing was wrong, I was just looking in the wrong place.  Once I removed the redundant method declaration, everything resumed working as it should.

I think I have resolved all of the multi-site issues, please let me know if you run into any more.

This update is available via the WordPress Dashboard or from the WordPress Plugin Repository.

wp-Swimteam v1.45 beta 3 now available

Earlier today I received a report of a security bug in wp-SwimTeam.  While the security flaw is true, I believe the ability to take advantage of the exploit is pretty hard is it would require knowing the value of a WordPress site’s ABSPATH value.  It is certainly possible to guess the value in some cases but without knowing the proper value, the exploit simply fails.

None the less, I have fixed it employing WordPress Nonce Verification.  All downloads now perform a verification before proceeding.

There is still one know bug in this build, the CSV Roster export from the Manage tab doesn’t do anything.  The RE1, HY3, and SDIF Roster Exports all work correctly.

There may also still be some oddities when running on WordPress Multi-Site.  I’ve been chasing them down slowly, if anyone runs into anything please report it.

There is a good chance I’ll release a new version once I fix the CSV export in order to get the security fix out in production release.

wp-SwimTeam Beta (345 downloads)