Planet

jQuery UI 1.9 Milestone 8 – Position

1 day ago

The eighth milestone release for jQuery UI 1.9 is out. There are quite a few improvements and changes since the last milestone release. Most notably, the Position utility redesign is done.

What’s a Milestone Release?

A milestone release makes it easier to try out the latest development code of jQuery UI without necessarily having to check out code from GitHub.

With a milestone release you can try out new widgets that are pretty far along (though not yet final) and provide feedback based on released code with a specific version number.

Position

The Position redesign is now fully implemented. The using option now provides information about where the element is relative to the target. This information is useful for a variety of reasons, such as knowing where to render an arrow if you want the element to point to the target (think of tooltip with callouts). This information is passed in a second parameter to the using callback.

Accessibility

The Tooltip and Autocomplete widgets have been updated for full ARIA support. Getting these widgets to be fully accessible with various browsers and assistive technology was quite difficult. A huge thanks goes out to Hans Hillen and Everett Zufelt for their help with testing and implementation.

A ton of bug fixes

A lot of components have seen a lot of bug fixes. While we continue to maintain the 1.8 branch, a lot of bugs get only fixed in master. Here are all tickets fixed in 1.9, by component.

Download

You can download the jQuery UI 1.9 Milestone 8 – Position release as a zip file or via git:

File Downloads

Development Bundle:
http://jquery-ui.googlecode.com/files/jquery-ui-1.9.0m8.zip

Git

Tag:
http://github.com/jquery/jquery-ui/tree/1.9.0m8

How to Provide Feedback

wiki page

To help with the testing of the Position utility, visit the Position page on our Development & Planning wiki.

forum

If the comments section on the wiki page doesn’t provide enough room for your feedback, post to the Developing jQuery UI Forum and tag the post:

tag: jquery ui position
tag: jquery ui 1.9.0m8

How to Contribute Code

If you have code changes for the Position utility, fork jQuery UI on GitHub and submit a pull request.

If you’re new to git or GitHub, see our guide: How to submit a fix to jQuery UI – The Easy Way.

Comments

Note: please do NOT use the comments section of this blog post for feedback on the Position utility. This discussion should occur on the wiki page and the forum (see How to Provide Feedback, above).

If you have feedback on us doing our eighth milestone release, feel free to leave a comment below. Thank you.

Source: jQuery UI

Bad Behavior 2.2.6 and 2.0.48

2 days ago

Bad Behavior 2.2.6 and 2.0.48 have been released. This update is a security update for WordPress users and affected users should update as soon as possible.

Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Users who have not yet updated to the 2.2 series should plan to update as soon as possible. Support for the 2.0 series will end June 30, 2013.

Who Should Update?

WordPress users should update to prevent cross-site scripting (XSS) attacks targeted against the blog administrator(s). Users of other platforms are not affected by this issue, but port maintainers may wish to take a moment to check their ports for similar issues.

Download

Download Bad Behavior now.

What’s New?

Changes since 2.2.5 and 2.0.47:

Due to a change in the way PCRE works, input validation code added to the previous release to guard against cross-site scripting attacks failed to work properly on PHP versions higher than 5.2.6. This issue has been fixed.

Support

Bad Behavior still needs your support. If you haven’t donated recently, or at all, donate today to ensure that I can keep going in the fight against our mutual enemies, the spammers.

Source: Bad Behavior

Calling All Contributors: Community Summit 2012

3 days ago

Each year, the WordPress core development team meets in person for a week to work together and discuss the vision for WordPress in the coming year. As annual events go, it’s easily my favorite. Don’t get me wrong, I love attending WordCamps and local WordPress meetups (which are awesome and you should try to attend if you are able), but at the core team meetup, the focus on working together and getting things done is unique, as is the experience of every person in the room being so highly qualified. This year, instead of just planning a core team meetup, I’m aiming a little higher and shooting for a full-on contributor/community summit.

Core code isn’t the only way to contribute to the WordPress project. We have an active theme review team, support forum volunteers, people writing documentation, plugin managers, community event organizers, translators, and more. The teams have been siloed for too long, so we’ve recently begun the process of bringing them together by having teams elect representatives to facilitate more communication between the contributor groups. These reps will form the nucleus of the contributor summit now being planned for a long weekend at the end of October in Tybee Island, GA. This is completely different from a WordCamp. It will be a combination of co-working, unconference, and discussions among the project leaders, and participation will be by invitation.

In addition to bringing together the active contributor team reps to work together, I think it’s important to include community members who don’t fall into that category (at least not yet!). Successful WordPress-based business, authors of popular plugins and themes, and people using WordPress in unexpected but intriguing ways should have a place at the table, too. That said, part of the magic of the core team meetup is the small size; it allows every voice not only to be heard, but to engage. Since this is my first attempt at bringing together so many groups and points of view, I want to try and keep it small enough to retain that personal atmosphere while at the same time ensuring that the best possible mix of people and businesses in the WordPress ecosystem is represented. This is where you come in!

Taking a cue from events with limited availability like AdaCamp (attendance) and the jQuery conference (speaker roster), I want you to nominate people and/or WordPress-based businesses to participate in the summit. Yes, you can nominate yourself.* You can nominate up to 10 additional people — be prepared to provide URLs and the reason you think they should participate. You can also nominate up to 10 WordPress-based businesses without naming individual people, so if there’s a theme or hosting company (for example) that you think should be there, you don’t need to go looking for employee names. This nomination process will hopefully ensure that we don’t overlook someone who is making a difference in our community when it comes time to issue invitations.

Nominations will be open for a week, after which the survey will be closed and the process of analyzing the results** will begin. The nominations process will lead to invitations in June, confirmations in July, planning in August and September, and the summit itself in October. Hopefully we can stream and/or record some of the activity to share online at WordPress.tv. Additional invitations may be extended up until the event if there are people/businesses that become more active in the community. If you’re thinking to yourself that maybe now’s the perfect time to start contributing time to the WordPress project, good thinking! In the meantime, if you want to weigh in, fill in the community summit nomination form. Thanks, and wish us luck!

* Nominating yourself: Do nominate yourself if you fall into one of the categories described in the post above, or if you believe that you have a unique point of view. Please do not nominate yourself if you just think it would be cool to hang out with this group. This is a working event, and everyone is expected to bring something special to the table.

** I (and/or a helpful community volunteer) will sift through the nominations and compile a shortlist of the most-nominated people/businesses and the most intriguing underdogs. This list will be reviewed by the summit planning committee (made up of team reps) to create the invitation list.

Source: WordPress

Bad Behavior 2.2.5 and 2.0.47

5 days ago

Bad Behavior 2.2.5 and 2.0.47 have been released. This update is a security update for WordPress users and affected users should update as soon as possible.

Note that due to the security validation used in this release, the WordPress system requirements have changed. Bad Behavior 2.2 now requires at least WordPress 3.1 or higher; Bad Behavior 2.0 requires at least WordPress 2.9 or higher.

Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Users who have not yet updated to the 2.2 series should plan to update as soon as possible. Support for the 2.0 series will end June 30, 2013.

Who Should Update?

WordPress users should update to prevent cross-site scripting (XSS) attacks targeted against the blog administrator(s). Users of other platforms are not affected by this issue, but port maintainers may wish to take a moment to check their ports for similar issues.

Download

Download Bad Behavior now.

What’s New?

Changes since 2.2.4 and 2.0.46:

Several XSS vulnerabilities were found by a third party and disclosed on a security web site a few days ago. Since I was never notified directly prior to the disclosure, it took longer for me to respond than it normally would have. These vulnerabilities have been fixed through the addition of sanitization and input and output validation. Thanks to Mark Jaquith who provided a patch partially addressing the issues.

Support

Bad Behavior still needs your support. If you haven’t donated recently, or at all, donate today to ensure that I can keep going in the fight against our mutual enemies, the spammers.

Source: Bad Behavior

Migrating our subversion repository to github

9 days ago

We recently moved our svn repository to git hosted at github. Now I’d like to share my experience doing that migration and explain the steps we took to do so. I pretty much followed the process described by John Goulah in his blogpost. So here are the concrete steps I took:

1. Download the entire subversion repository to the local machine for performance reasons.
2. Create an authors mapping file which looks something like this:

#svnuser = gituser <email>
thomasb = thomascube <thomas@...>

3. To start, initialize the git repository with reference to the old svn repos:

$ git svn init file://<path-to-local-svn-repos> roundcube-git

4. cd into the roundcube-git folder and edit the .git/config file to configure what to migrate. I just added the following blocks:

[svn]
	authorsfile = authors.txt
[svn-remote "svn"]
	url = file://<path-to-local-svn-repos>
	fetch = trunk/roundcubemail:refs/remotes/svn/trunk
	branches = branches/{release-0.6,release-0.7,release-0.8}:refs/remotes/svn/*
	tags = tags/roundcubemail/*:refs/remotes/svn/tags/*

Don’t forget to place the authors.txt file into the destination folder!

5. Now we can start importing the subversion data by executing

$ git svn fetch

Depending on the size of your repository this will take a while to run. Grab yourself a coffee or two.

6. There are a few more tasks to run in order to finish this off. Download the scripts from the git-svn-abandon repository and put them somewhere in your $PATH. Then run

$ git-svn-abandon-fix-refs

7. Now we also want to create a table mapping svn revisions to git commits. This can be used later on to update references to revisions in Trac comments for example. The scripts used to do that can be downloaded from the TRAC-SVN-to-GIT-migration project.

$ git-svn-create-lookup-table.sh > rev-lookuptable.txt

8. After creating the mapping table, we can now remove the comments referring to the old svn revisions from every git commit messages. This is done with

$ git-svn-abandon-cleanup

Done. The git repository is now complete. For Roundcube, we’re using a public github repository so what’s left is to push all the data to that:

$ git remote add origin git@github.com:roundcube/roundcubemail.git
$ git push --all
$ git push --tags

The next challenge is to update our Trac platform to place nice with the github repository.

9. Showing a git repository as source in Trac is pretty easy. Clone the repository somewhere on the machine where trac runs and install the GitPlugin for Trac. Just follow the instructions on the referred wiki page. In addition to that, the github-trac plugins helps to keep the Trac clone updated when new changes are pushed to the remote github repository.

10. Finally, we wanted all references to SVN revisions in tickets and comments to point to the according commits in our new github repository. And we therefore created the mapping table in step 7. But it turned out that the revision mapping table created by git-svn-create-lookup-table.sh wasn’t correct. None of the listed git commits finally existed in the git repository. Maybe the git-svn-abandon-cleanup changed them. So I was forced to build a new one in order to update all references. I achieved that by comparing the logs from both the SVN and GIT repository with this quickly hacked PHP script.

svn log file://<path-to-local-svn-repos> > svn.log
git log > git.log
php git-svn-create-rev-map.php svn.log git.log > rev-lookuptable.txt

Now we could start the (slightly modified) convertTracTickets.php script from the TRAC-SVN-to-GIT-migration tools and change all references in our Trac tickets. But don’t forget to backup your database before that step.

Source: Roundcube Inbox

Goodbye Subversion, hello github

9 days ago

Upon several requests from our community we now moved the Roundcube Webmail source code repository from our privately hosted Subversion server to github. With this step we hope to make it easier for anybody to get the source and to contribute patches and improvements.

Source: Roundcube

Just Added: Training at SF jQuery Conference!

15 days ago

In response to the flood of requests and emails, and our original promise to work on this, we’ve got an announcement: we’ve added a single day Beginner/Intermediate training right before the San Francisco jQuery Conference :)

Tickets are on sale now (left side, below the fold). The training will be provided by our friends at Bocoup, and hosted by the ever-generous folks at Microsoft. Here’s a snippet of what Trainers Ben Alman and Rebecca Murphey will be covering:

At Bocoup’s intermediate one-day jQuery training, you’ll work with jQuery veterans to build a foundation that will make you a stronger developer and get you prepared for all the great talks that you’ll see over the next two days. You’ll even learn the basics of creating your own jQuery plugin. Topics that will be covered include:

The jQuery() function

Selecting & Traversing

Manipulating the DOM

Making stuff happen with Events

AJAX

Enhancing with Effects

Extending jQuery with Plugins

jQuery UI

jQuery Mobile

To note: the training and conference are both in San Francisco, but take place in different locations. The training is in the heart of San Fran on Market Street, and the conference is about five to ten minutes from there, on the UCSF Mission Bay campus. Please also note that the conference and training require separate admission tickets, so make sure you’ve purchased both if you’d like to attend both.

We’re still working on the possibility of adding an Advanced training, but thus far have had mostly requests for beginner materials. So here that is :)

Hope you’ve all bought your tickets to the conference; can’t wait to see you there!

Source: jQuery

Bad Behavior 2.2.4 and 2.0.46

15 days ago

Bad Behavior 2.2.4 and 2.0.46 have been released. This update is exclusively for users with sites located in or targeting the European Union.

Port maintainers should implement the new option provided by this release as soon as possible.

Please note: The 2.0 series of Bad Behavior is receiving limited updates, including unblocks, bug fixes and security fixes only. Users who have not yet updated to the 2.2 series should plan to update as soon as possible. Support for the 2.0 series will end June 30, 2013.

Who Should Update?

As you may be aware, as of the 26th May 2012 all web sites in the European Union or targeting people in the EU must comply with draconian new regulations that require web site operators to gain consent prior to setting most cookies on users’ computers. Bad Behavior uses a session cookie named bb2_screener_ to ensure the security of your site and each visitor’s session.

After reviewing the new regulations and ICO guidance on implementing the regulations I believe that Bad Behavior’s cookie is exempt from the regulation because it is a site security cookie meant to help comply with the seventh data protection principle.

The regulations provide for two exemptions, the second of which is:

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

In part, the ICO guidance reads:

The term ‘strictly necessary’ … will also include what is required to comply with any other legislation the person using the cookie might be subject to, for example, the security requirements of the seventh data protection principle.

It is not clear at this time whether the regulation will be interpreted the same way outside the UK. This situation is still evolving as the deadline approaches, and I am still monitoring it. Please keep in mind that although Bad Behavior’s cookie may be exempt from this regulation, you should still disclose its presence in your list of cookies.

Download

Download Bad Behavior now.

What’s New?

Changes since 2.2.3 and 2.0.45:

For those who believe that Bad Behavior’s security cookie may not be exempt from the regulation, a new option eu_cookie is now available as an interim measure. Setting this option disables Bad Behavior’s use of cookies entirely. (When cookies are disabled, Bad Behavior falls back to a JavaScript security screener which performs the same function.) In a future release, integration options will be provided to allow for Bad Behavior to query your host platform and discover whether the user has consented to receiving cookies.

The new eu_cookie option can be set in settings.ini for platforms which use it, or the administrative page for platforms which provide such a page (e.g. WordPress).

Port maintainers who provide an administrative page should implement this option as soon as possible to help users to comply with these new regulations.

Support

Bad Behavior still needs your support. If you haven’t donated recently, or at all, donate today to ensure that I can keep going in the fight against our mutual enemies, the spammers.

Source: Bad Behavior

Tablets and Touch UIs in WordPress 3.4

15 days ago

We’ve had some terrific progress made in the realm of supporting touch interfaces and tablet UIs for 3.4!

The main areas that we’ve focused on for this release were improving touch support in the user interface, resolving incompatibilities for our target devices, and enhancing the UI’s methods for adapting to more restrictive screen sizes.

Target Devices

Our target devices for the 3.4 release were the iPad and the Kindle Fire. The iPad stands as an obvious choice, and the Kindle Fire’s steep climb to over 50% of market share amongst Android tablet devices justifies its presence as well.

Improving Touch Support

For touch-supportive devices, we’ve added a fantastic jQuery extension to the core, jQuery UI Touch Punch. This has enabled ‘drag and drop’ support on mobile devices. Whether editing a post, customizing the dashboard, or modifying a Nav Menu, you’re now able to easily reposition items on a touch interface to your heart’s content, just as you would on your desktop browser.

Caveat: Windows Phone Devices

Windows Phone 7/7.5 phones are wonderful devices. Unfortunately, when Microsoft based the phone’s web browser off IE9, they didn’t add in any touch support. As such, there is no way to detect touch events in the browser — `ontouchstart` doesn’t exist. Dragging support does not work on Windows Phone 7/7.5 devices, but should on Windows 8 tablets and phones when released.

Resolving Incompatibilities

This boiled down primarily to the Kindle Fire. The version of WebKit used in the Kindle Fire’s native Silk browser doesn’t support the contentEditable attribute, so TinyMCE wouldn’t work! To accomodate for this, we added an override to test for the version of webkit that the client is using, and just disable the visual editor if the browser doesn’t support it. This patch should also cross-apply to older versions of iOS and Android as well.

UI Enhancements

In Ticket #20015, we migrated the dashboard and write screen columns to use primarily @media queries, rather than the JS that had previously been used. This should provide some performance optimizations in mobile browsers.

The Tableteer team for 3.4 was comprised of Andrew Ozz, Zach Abernathy, and George Stephanis.