LINK to my new Monotone WP Gallery
Margaret Roach, of A Way to Garden found this new Wordpress theme in her travels through the ether and suggested I check it out, being a pretty good editorial photographer.
There are certain complexities in using this theme on a hosted Wordpress site, so I just jumped in and created a free Wordpress account and started driving the them, using a group of photographs from the book I did ten years ago by the same title, A Way To Garden, which is currently out of print, but a reall great book for beginning and intermediate gardeners, and can picked up for a song on Amazon.
Monotone is a simple yet dynamic theme for photo-blogging. The layout is clean and non-intrusive, but the way it handles images makes each entry unique (and requires no intervention to do so).
Monotone takes the first image attached to a post and samples colors from it for use in the surrounding layout.
Each post needs to contain one image, and optionally, any text you want. The theme does the rest, pulling colors out of and resizing the images for use in the design.
You can use the visual or the HTML editor in wordpress to input your image and supporting text.
Enjoy Monotone, and please, let us know what you think!
A lot of fun to use, and I love the fact that the theme generates a custom background color with each new photograph.
Many issues can be found here LINK
I absolutely love Wordpress as a CMS, a web publishing platform as well as a great blog application. Over the last year I have made a good living helping people get found by Google, Yahoo and MSN using Wordpress, and original content to get found in the NSO (Natural Search Space).
That being said, I have recently had to clean out this site (Tarky7.com) as well as several others I own and manage from the ravages of an SQL-Java Scripts exploit that has rendered these sites (including this one) to be black listed by Google as security risks.
This site has been fixed, as well as the others, but I am putting this and the previous three posts out there to warn people if some of the brutal and dangerous security issues surrounding the Wordpress publishing platform.
Tarky7
WordPress Download Monitor Plugin “id” SQL Injection Vulnerability
Secunia Advisory: SA29876
Release Date: 2008-04-28
Last Update: 2008-05-02
Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: WordPress Download Monitor Plugin 2.x
CVE reference: CVE-2008-2034 (Secunia mirror)
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!
Description:
Dino Covotsos and Charlton Smith have discovered a vulnerability in the Download Monitor Plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the “id” parameter in wp-download_monitor/download.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 2.0.6. Other versions may also be affected.
Solution:
Update to version 2.0.8.
Provided and/or discovered by:
Dino Covotsos and Charlton Smith of Telspace Systems Research Team
Changelog:
2008-05-02: Added CVE reference.
