Sidney’s weblog

Here’s a plugin that lets the themes in the Theme Contest repository work with the Theme Switcher plugin you find in Plugin Manager.

This is really confusing. The WP Plugin Manager refers to a central database of plugins. It has a Theme Switcher Plugin. To use it you add a call to get_theme_switcher() in sidebar.php where you want the list of themes to appear. If you have Plugin Manager installed, with one click you can install or update Theme Switcher. Then all you need to do is edit every one of the themes you download to put the correct snippet of code in sidebar.php.

The WP Themes contest that I’ve mentioned before refers to a different Theme Switcher plugin. It works pretty much the same way, except it uses a different name for the function to be called from sidebar.php. If you install that Theme Switcher plugin, then all you do is download the themes from the contest site. They all have the correct code in their sidebar.php to work with this Theme Switcher.

Oops. That isn’t the Theme Switcher you get when you update in Plugin Manager.

The solution: Theme Switcher Shim, a plugin that I am submitting to the WP Plugin Manager database.

If you have WP Plugin Manager, you can get it with a one click install. There is no configuration involved in using it. When you have Theme Switcher plugin installed from Plugin Manager, then Theme Switcher Shim will just work. If you don’t have the Theme Switcher plugin installed, the shim detects that and does nothing.

You can install Theme Switcher Shim manually by unzipping theme-switcher-plugin.php into your wp-contents/plugins/ directory, but it doesn’t make a whole lot of sense to do so: Its usefulness is in regards to WP Plugin Manager and the one-click install.

I’m trying to add the Spelling Checker Plugin. It doesn’t work in safe_mode. I’m trying to change that. Let’s see if this can be spell-checked and posted.

Yes, it works!!

Here is a summary of the changes I made to the original code version Beta 1.17 14-March-2005. I hope the author of the plugin will be able to make this post obsolete by folding the changes into his plugin.

First, the conditions under which this was tested:

My hosting ISP provides PHP running in safe mode with safe_mode_exec_dir set to “.” and PHP built –with-pspell. That means that aspell is installed on the server. It is in/usr/bin/aspell.

I installed WordPress using PHP built as a cgi and called with CGIWrap using the techniques described in Securing PHP applications at Sonic.net. That may have affected which directory is “.” at time of the call, and therefore which directory I had to install the shell script named aspell that acts as a shim for the call to the system aspell.

This will only work for you if safe_mode_exec points somewhere that you can put your own shell script.

1. Disable the test in spellcheck-plugin.php that blocks installation when running in safe mode.
2. Bypass the exec(”which aspell”) call, which will not work in safe mode. Instead set the result variable of the call to be “aspell”. The location of the aspell command on the server is not relevant because safe mode restricts execution to files in the safe_mode_exec_dir directory.
3. Create a shell script wp-contents/spell-plugin/aspell that is set to be executable and contains
   
#!/bin/sh
/bin/sh -c "/usr/bin/aspell $*" 2>&1

   This can’t be a simple softlink because of the way that safe mode escapes the redirection in the command line.
4. Replace the two calls to shell_exec() with calls to exec(). In the one place that uses the return string from shell_exec use the second argument to exec and the join function to get the same result.

Here are the diffs for the code changes I made:

diff -r ~/spell-plugin/spell-plugin.php ./wp-content/plugins/spell-plugin.php
169c169
< if(ini_get('safe_mode'))
---
> if(ini_get(’xxxsafe_modexxx’))
260c260
< exec( "which aspell 2>&1″, $out, $err );
—
> $out[0] = “aspell”; $err = 0;
diff -r ~/spell-plugin/spellInclude.php ./wp-content/spell-plugin/spellInclude.php
114c114
< shell_exec( $cmd );
---
> exec( $cmd );
diff -r ~/spell-plugin/spellchecker.php ./wp-content/spell-plugin/spellchecker.php
95c95,97
< if( $aspellret = shell_exec( $cmd )) {
---
> exec( $cmd, $execout );
> $aspellret = join(”\n”, $execout);
> if( $aspellret ) {


This was almost too easy!

The problem: Plugin Manager uses exec() to call the unzip command to extract files from plugin archives. This does not work in safe mode. On my hosting ISP, PHP is run in safe mode with safe_exec_dir set to “.”, which restricts exec() to calling only executables in the current directory.

The solution: Create a symbolic link for unzip in the main WordPress directory, pointing to /usr/bin/unzip

My hosting site has allow_url_fopen set, so I did not have to work around a similar call to wget that Plugin Manager uses in the absence of allow_url_fopen.

I posted a comment about this at the Plugin Manager blog site.

WordPress 1.5 Themes is a blog about (you guessed it) with links to a WordPress theme competition/catalog.

And then there is the official WordPress Theme and Style Repository

I haven’t wanted to start a blog, not knowing if I was ever going to get around to updating it, or have things worth saying. But now that I’m playing with WordPress, I realized that I can blog without blogging by just making the test site visible. I’ll document what I do with it. Maybe once in a while I’ll have something else to say.

If nothing else, hints on any customization that is necessary on the sonic.net web server that I’m hosting on should be helpful to other sonic.net customers who want to set up a blog.