Cricket Moods 3.0

I have just officially released Cricket Moods 3.0. Major improvements include multi-user support and error reporting. The plugin also has several important bugfixes, one of which lets it play more nicely with other metadata-based plugins.

In the process of fixing bugs, I believe I noticed a bug within WordPress itself. One of the new functions in WordPress 2.0, update_usermeta(), doesn’t escape any data before trying to cram it into the database. If the data isn’t escaped, then things fall apart when it contains an apostrophe. If a plugin is poorly written, I think a malicious user could theoretically modify data he shouldn’t have access to—however, I don’t have any testcases to back up my claim. I’ve already created a ticket in WordPress Trac if you’d like to follow along.

7 Responses to “Cricket Moods 3.0”

  1. Bean Says:

    Um…wow. Interesting. Fun. Gotta run. In the sun. With a gun. Pointed at a nun? Hehe. Bean away! :-)

  2. thesuperstar Says:

    http://dev.wp-plugins.org/wiki/CricketMoods linke is dead.

  3. kccricket Says:

    Thanks for the heads up; however, there’s not much I can do about that. Trac seems to be down on wp-plugins.org. In the meantime, you can get CricketMoods directly from SVN.

  4. Nacron Says:

    I can’t get the cricket moods plugin to activate. I hit activate and wordpress tells me that the plugin was deactivated immediately after that.

  5. Alicia Says:

    Hi,
    Wonder if you could help. I installed and activated it, however when I tried to post the blog..the smilies didn’t display (both on the post-blog page, and write-blog page). I do not know anything about this, any help would be much appreciate. (I use wordpress 2.0.2)
    Thanks.

  6. kccricket Says:

    Nacron: Looks like you already got it working. The only instance it should deactivate itself is if you’re trying to use Cricket Moods 3.0 with WordPress 1.5 or earlier.

    Alicia: This isn’t really a support forum. If you’re still having trouble, feel free to e-mail me.

  7. Jana Says:

    I just installed Cricket Moods and have all my files in order, and all the moods in order, however on the Write page nothing but boxes with no images show up, and if I go into Manage and view the table of available moods, I get this error:

    Cricket Moods

    Use the table below to modify your list of moods. You may leave either the name or the image blank, but not both. Use the blank entries at the bottom to add new moods.

    Deleting a mood will also remove any references to that mood from your posts.

    Warning: dir(/home/laurasco/public_html/wp-images/smilies/): failed to open dir: No such file or directory in /home/laurasco/public_html/wp/wp-content/plugins/cricket-moods.php on line 579

    Fatal error: Call to a member function on a non-object in /home/laurasco/public_html/wp/wp-content/plugins/cricket-moods.php on line 580

    Is there anything you can think of that I can do to fix this error? Thank you.