Tag Archives: api

Fixing markup in cross posts to wordpress using metaWeblog, xml-rpc, & xpost plugin

Posted on by

I’m experimenting with cross posting from one wordpress blog to another using the metaWeblog API and XML-RPC. This led me to the xpost plugin by Jan Gossman.

Easy enough to test. I set up two blogs, activated xpost on one of them and posted to the other.

The plugin works as promised. You can selectively post to multiple blogs and assign categories. Tags and standard properties are preserved. Most impressively, the relationship between source and target blogs is maintained. Changes in the source are updated in the targets.

However markup in the cross posts is broken because single and double quotes are escaped with a backslash. For example, link tags become <a href=\"....

From what I can find this is a known issue intentionally introduced within the WordPress’ XML-RPC implementation as brute force protection against a SQL injection vulnerability.

I don’t want to expose myself to this vulnerability. Nor do I want to hack a wordpress build.

It occurred to me one way to get past this issue is to strip those backslashes at the presentation level within the theme of the blog to which I want to crosspost. I don’t see any reason to render backslashes within posts.

So, with guidance from the WordPress codex, I modified the single and index templates…

Replacing:

<?php the_content(); ?>

With:

<?php
$content = get_the_content();
$content = apply_filters('the_content', $content);
$content = str_replace(']]>', ']]>', $content);
$content = str_replace('\\','',$content); /* This strips escapes inserted through XML-RPC */
print $content ?>

I think this will work for me. I’m glad to be proven wrong. Am I missing something?

Microsoft and Ript

Posted on by

Gerry spoke at the Microsoft Women’s Conference this week.

Ript

I joined her so that we could meet with some key players at Microsoft to talk about Ript™, our WPF application.

Attending were Henry Hahn, WPF Program Manager, Darren Mc Cormick, Worldwide UX Role Owner, and Katherine Westgate, a Marketing Officer from Microsoft’s NY office.

The conversation ranged over the whole history of our project: our Scrum/XP practices, how our team collaborates on user experience, how we created our product vision and our plan to monetize the product.

The three of them were entirely approachable, engaged and enthusiastic. They also came prepared. They’d all downloaded and worked with our application. Henry actually submitted feature suggestions from his team he knows are easy to implement given what we’ve already created.

Katherine helped pull the attendees together and lined up our hands on demo of Surface™. She was interested in figuring how our experiences with Ript™, agile software development and collaborative product ownership might help her enterprise clients. She also asked Gerry how Oxygen approaches advocacy for women, corporate good will and citizenship. Katherine is sharp and conscientious. I could tell Gerry hit it off with her.

Darren described the Developer Platform Evangelists (DPE) programs for joint marketing and developer assistance around products built in WPF and Silverlight. We discussed some of Microsoft’s goals for Silverlight distribution and what Oxygen’s next steps are to engage these resources. Darren is clearly passionate about user experience at the level of product, brand and within an organization. Yet another example of Microsoft going outside its organization to bring in new thinking.

Gerry’s main points were that women are the principle market for consumer technology, that usability testing with women provides valuable insight, how software should playful, purposeful, simple and accessible and how product development should not focus on early adopters but the people who will make up the vast majority of end users should the product be successful.

The conversation also ranged over tech issues. Henry is a fan of our application and left an open door for further communication. He said the .NET team is working on some of our core concerns:

  • breaking up the .NET 3 installer into server and client modules making the package smaller
  • improving the experience of their default install (it plays out like a windows update, hiding itself in the system tray – this is very confusing in an application install process)
  • making it easier for ISV’s to run a silent install and wrap their own UI around the install
  • improving cold start time
  • providing more expressive API’s for automated UI testing

Don’t expect any of this soon unfortunately.

Clearly there are employees at Microsoft in leadership roles determined to engage with and support, not simply consume, innovative work originating outside the company. I had the same impression at the ALT.NET conference earlier this month.

This bodes well for both Microsoft’s future as well as for those of us looking to innovate in the marketplace using their tools and platforms.

Build Bunny

Posted on by

Today was a slow. I upgraded our build bunny to a WPA-capable Nabaztag/tag. Good builds make the bunny very happy. Broken builds make the bunny so sad.

Thanks for the idea to The Pragmatic Programmers and their ridiculous lava lamps. My co-worker Kris wrote a custom publisher to integrate CruiseControl with the nabaztag api.

“A little nonsense, now and then, is relished by the wisest men” — Willy Wonka