Version 0.6.6 – Finally! a security release

By Dmitry Baranovskiy -
Cross Site Scripting -> XSS

We would like to thank Joshua Hansen and Scott Caveza for their help in identifying and helping us debug two XSS vulnerabilities that had the potential to effect users using internet explorer browser with versions lower than 8, or when xss protection was explicitly off. We avoided the urge to call this version and resumed the regular naming policies. Those vulnerabilities don’t pose any risk to webmasters or hosters using Transposh, but to users that might trust scripts from these sites by using the sneaky XSS method.

This release also bundles two other changes that were already committed and would have probably waited for a later release otherwise, the first being a small improvement to the parser, enabling support for some more html “breaker entities” such as ’ which were created by software trying to outsmart the user, we would like to thank archon810 on his help in this bug report.

Last but not least is a change in the support for Google Sitemaps XML generator, the patch has one letter removed in order to have proper support for php5.3, and on other good news, the coming version 4 of this plugin has support already built in, this version also helps in breaking the 50k url limits that some users had. So we would to thank Arne Brachhold on his great work on this project.

So everybody, go and upgrade! just because finding an image to match this post was such a difficult fit.

Version 0.4.0 – Happy new integrations

This new version provides integrations with two of the most popular wordpress plugins. The first, google-xml-sitemaps provides a way to create sitemaps for use with google and google webmaster tools, the integration creates for each url in the sitemaps additional urls for the translated pages. This integration needs a simple patch to be performed on the original plugin, read how in the FAQ, or contact us to receive the patched file. We hope that future versions of google-xml-sitemaps will include this patch by default.

The second integration is with wp-super-cache which provides a caching mechanism for wordpress, this plugin is not for the faint of heart and provides a strong caching mechanism in exchange for tons of problems on the way, installation is hard and integration is even harder. However, this integration provides this plugin user a simple change which delete the cached page upon translation action, this prevents translations from happening multiple times and from users to see non-translated content (and in the case of auto-translation, translating again and again).

If you have more plugins you want integration with, and you have ideas on how (and maybe some code), just drop a note here. And yes – happy new decade to us all!


Update 2010/1/3 – It appears there was an error with the patch instructions, the new instructions are updated on this site FAQ section (thanks myatus). The patch can also be directly downloaded from this link : sitemap-core-322-patched