dwc’s Development Blog

I just tagged version 1.2 of the http-authentication plugin, which includes a security fix. Users of previous versions are urged to upgrade.

Previously it was possible for one authorized user to impersonate another by forging their WordPress login cookie. A malicious user would need to be authorized via your external authentication mechanism first. Thanks to Mark Quinn for reporting this.

I apologize for the inconvenience. If you have any questions, post them here or, if they are security sensitive, email me.

Update: When you upgrade, please edit each user’s profile in WordPress to scramble his or her password in the database.

I also uploaded a plugin which displays events from an iCal source: iCal Events. It uses import_ical.php from the WebCalendar project. Many thanks to them for writing a parser.

Update (2006-04-17): Version 1.5 released, with support for some types of repeating events and support for event URLs. If you were previously using version 1.4 of the plugin, please note the following API change: the display_events takes a single argument, formatted as a query string. For example, if you are invoking the function as follows:

ICalEvents::display_events('http://www.ufl.edu/calendar/ufCalendar.ics', time(), NULL, 3);

you’ll need to change this to:

ICalEvents::display_events('url=http://www.ufl.edu/calendar/ufCalendar.ics&limit=3&gmt_start=' . time());

This change was made to make the plugin more flexible. You now have much more control over the output; for more information, please see the readme for version 1.5.

Update (2007-04-09): Version 1.12 is out; download it from the WordPress plugin repository.

Update (2008-04-15): Adam Wolfe Gordon has another plugin of same name that might fit your needs if mine doesn’t.

Just a quick note: My authentication patch was accepted and should show up in WordPress 1.5.1, whenever that happens. I added the corresponding plugin to the WordPress plugin repository.

Update (2006-01-12): Version 1.4 released, which is updated to work with WordPress 2.0. It also provides better error messages if it can’t authenticate the user. You can download a zip from Owen Winkler’s site.

If you’re still using WordPress 2.0, please use version 1.8 of the plugin.

Update (2008-04-16): Changes in WordPress 2.5 are causing problems with this plugin. I’ve released an updated plugin that is compatible with the upcoming WordPress 2.5.1.