[wp-hackers] Ideas for new features. (3.x?)

Nathan Ollerenshaw chrome at stupendous.net
Tue Feb 7 04:15:39 GMT 2006

I'm new to this list, so I hope people can excuse my boldness.

I've been giving some thought to what I would like out of a blogging  
tool. A few things stand out in my mind, some as a system engineer  
who would like to integrate Wordpress into a hosted environment for  
his users, and some as a user.

1. Securely editable templates.

Some of the approaches to this have been to allow only CSS files to  
be uploaded/edited - but there are some problems with this security  
wise. Other approaches are to allow .php files to be uploaded/edited  
but have a list of PHP functions that may be used and reject the  
template if anything else appears.

Personally, I don't like either of these approaches. I think that  
using Smarty makes a lot more sense, as it completely separates logic  
away from template design with the secure mode enabled.

So I would like to see Wordpress move away from having php code  
directly in the templates, and all of the HTML code move outside of  
the PHP into the templates. I humbly suggest hunting down all  
instances of

    echo "<p>$something</p>";

and moving them into smarty templates.

With the right variables being fed into each template, one could  
offer the template designer a huge amount of power in terms of what  
is displayed on each page, without having to expose any code to him.

2. Cross-authenticated comments and trackbacks.

Hoo boy. This is something I've been thinking about for a while, to  
try and fix some aspects of the comment spam/traceback spam issue.  
None of the methods currently in use are particularly ideal, and  
something that doesn't exist in the core doesn't get used by most  
blogs - most of the blogs out there are clean installs with no  
plugins (or maybe a couple).

What do I mean by 'cross-authentication'?

Well, let me describe from a user point of view.

Step 1: An external (ie, he is not registered to your blog) user  
views your blog. He wants to make a comment. He types his comment  
into your comments page, puts in his username (on HIS blog) in the  
name field, and puts the URL to HIS blog in the Website: field.

Step 2: He presses Submit. Wordpress stores the comment in the  
comments DB and redirects to the remote user's blog's URL + something  
like "/verify-post.php?action=verify&postid=<postid>".

Step 3: The remote user's blog connects to YOUR blog via verify- 
post.php and grabs the comment (via XML, whatever).

Step 4: It then checks the remote user's cookies, and if he's logged  
in as the user specified in the username field, it creates a  
cryptographic hash (MD5 maybe) consisting of the post text, the user  
name and a secret key (not the password). It stores this in the  
database locally in case any comment needs to be reverified. If the  
user is NOT logged in, present a login form, let the guy  
authenticate, and then continue as if he was.

Step 5: Remote blog pushes back to YOUR blog this hash with a token  
of "approved" or something like that.

Step 6: Your blog marks the comment as "verified" and stores the hash  
in case this comment needs to be re-verified in the future.

Step 7: Remote blog redirects user back to your comments page, which  
then can be configured to display the comment without moderation.

This all could be done with AJAX maybe? Not sure how AJAX works but  
if I understand the gist of it, the redirect between the two sites  
could be done transparently to the user, except in the case that the  
user didn't have a valid cookie for his site.

This methodology could be applied to trackbacks as well, but  
transparently to the user so that the blog receiving the tackback  
ping can check with the originating blog that it sent the ping. (Does  
this happen already? I don't know how trackbacks work under the hood).

What does this buy us?

A distributed authentication system, which allows anyone who has a  
blog that implements this system to comment onto anyone else's blog  
that implements this system without fear that they can be  
impersonated, or their comments modified by the site owners. (A  
'verify this comment' button can be on the page, which redirects to  
the commenter's site which then displays a "this comment is verified  
as authentic" message along with the comment text)

If I am an impersonator and try to post as you on my blog, if my blog  
implements this code it will check back with your blog and I won't be  
able to log in and authenticate.

I can hack my blog to skip that step, and "pretend" to request  
authorisation for comments, but that would be easily detectable by  
anyone who wanted to check, because they can just click 'verify this  

The other thing it buys us is that spammers have to set up a working  
blog for them to be able to comment on our blog - suddenly the cost  
of comment spam goes up. And on our side, we can just do blanket  
"Disallow comments from this url" or even allow regexs so if the  
spammer uses a predictable blogname, we can block all instances of  
it. Or just go and post on HIS blog and call him names. Whatever :)

Admittedly, I haven't thought about this too hard yet, and I don't  
know if it would work, but I'd like people's feedback on it - there  
are probably other ways to achieve the same thing, and probably other  
benefits and drawbacks, so it would be nice to know them.

"Show me the code!"

I'm working on code as a proof of concept, but its not a part of  
wordpress yet as I was getting a headache trying to decypher how  
wordpress works internally and its easier for me to just write a  
proof-of-concept blog tool and demonstrate that, and have someone  
else come along and get it working in WP.

Um, thats it! Just two for now. Maybe more later. This mail got too  
long :)



On Feb 7, 2006, at 5:09 AM, Matt Mullenweg wrote:

> The last thread about the next version of WP had some interesting  
> ideas in it, but I think the question may have been framed the  
> wrong way. What I'm far more interested in working on for the next  
> version is this:
> How can we make WordPress simpler in the next release?
> How can we reduce support requests on the forums?
> How can we make it faster?
> (To riff on an idea, consider starting a new thread.)
> -- 
> Matt Mullenweg
>  http://photomatt.net | http://wordpress.org
> http://automattic.com | http://akismet.com
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list