FeedWordPress

IMPORTANT SECURITY FIX: This version includes an important fix for a security vulnerability reported to me through WPScan and WordPress support channels.

Vulnerability CVE-2021-25055 allowed for an XSS (Cross-Site Scripting) attack using a specially crafted URL for a page within the FeedWordPress admin interface. (To be exploited, an existing user with login credentials that allow them to access the FeedWordPress dashboard would have to follow the malicious URL and log in.) This vulnerability has been corrected in the current version; to protect your site's security PLEASE BE SURE TO UPGRADE AS SOON AS POSSIBLE to version 2022.0123 or later, via the WordPress Plugin Repository or via Github.

BUG FIXES: Fixes a number of small possible bugs when creating new syndicated posts under unusual conditions -- a sanity check is built in to avoid infinite loops in case of certain unexpected error outcomes when creating new users; some more possible sources of PHP 8 "Countable" warnings are eliminated, etc.

WORDPRESS 5.6, 5.7.x COMPATIBILITY FIXES. This release introduces fixes to annoying or worse warnings resulting from the deprecation of WordPress's built-in WP_Feed_Cache class. This should resolve the problem if you are encountering annoying, worrying, or breaking problems related to the PHP warnings: "Deprecated: class-wp-feed-cache.php is deprecated since version 5.6.0", and/or "Message: ./cache is not writable. Make sure you've set the correct relative or absolute path, and that the location is server-writable."

Fixes PHP warning for "count(): Parameter must be an array or an object that implements Countable in .../wp-content/plugins/feedwordpress/feedwordpress.php on line 1566"

Miscellaneous fixes for other missing variable and global warnings.

Code cleanup and reorganization to allow better modularization of error messages, warning dialogs, and extended text.

WORDPRESS 5.5 COMPATIBILITY FIXES, RESOLVES WARNING NOTICES OR WP-ADMIN LOCKOUT. WordPress 5.5 incorporated a newer release of SimplePie, version 1.5.5, which is pretty rad, but FeedWordPress classes that relied on SimplePie 1.3.1's method signatures would then produce PHP warning notices. That should be pretty innocuous, but depending on web server configurations, some users could get locked out of their own wp-admin interface by the display of error notices in the browser at inopportune times. In any case, I have

PHP 7.4 COMPATIBILITY FIX: Magic quotes were deprecated and then removed back in PHP 5.x, and in PHP 7.4 the vestigial get_magic_quotes_gpc() function has been deprecated. We don't need to worry about it anymore for versions of PHP still supported by WordPress. The reference to the function in the MyPHP utility class caused PHP warnings in more recent versions of PHP; so it has now been removed.

DIVERS BUG FIXES AND PHP WARNING NOTICES RESOLVED, thanks to @oppiansteve's fixes and pull requests. (Thanks!)

JQUERY COMPATIBILITY FIXES, RESOLVES MYSTERIOUS VANISHING FEED SELECTOR IN WP-ADMIN. An upgrade to WordPress's packaged jQuery caused the drop-down box for feed settings (in Syndication > Feeds & Updates, Syndication > Posts & Links, etc.) to vanish shortly after pageload. That was awkward, so I disabled the now-incompatible interface chrome that was causing it to vanish.

ADD BOILERPLATE / CREDITS FEATURE AVAILABLE IN POSTS & LINKS SETTINGS PANEL. I have added a new settings panel to the off-the-shelf features of FeedWordPress, under Syndication > Posts & Links (or under the Posts settings page for any individual feed), which allows you to define boilerplate text that should appear in connection with every syndicated post, or with every post syndicated from a particular feed. So, for example, if you want each syndicated post to include a byline reading "This is a syndicated post, reprinted from (LINK TO ORIGINAL SOURCE WEBSITE).", you could set up this byline from within the FeedWordPress settings interface, by going to the Boilerplate / Credits panel, and adding a line to appear BEFORE the CONTENT of each syndicated post, using the text and shortcode "This is a syndicated post, reprinted from [source]." For those of you who have corresponded with me about this feature before, you may be familiar with it from the long-standing "experimental" add-on, FWP+: Add Attribution; I've decided that it's been enough years, and I've had enough requests, that the Add Attribution feature may as well be included in the main FeedWordPress code.

Back when FeedWordPress was first created, the assumption was that a well-behaved aggregator would include boilerplate text to indicate the source of syndicated posts, but that the best way to do this was to provide a set of syndication-specific template tags so that the administrator setting up the site could edit their Theme template files with constructs like:

<?php if (is_syndicated()) : ?>

This post by <?php the_author(); ?> originally appeared at By <?php the_author(); ?>.

You can still do this, of course, and for maximum expressive power and flexibility, it is certainly the best way to do it. Template Tags are documented here: http://feedwordpress.radgeek.com/wiki/templates/ However, (1) it requires writing PHP code, which not everyone is comfortable doing; and (2) it requires altering template files within your Theme, which is not always possible, especially given the increasing role that prepackaged commercial themes have come to play in the WordPress ecosystem. So, now, you can get some basic features for adding boilerplate text and attribution credits even without touching your template files, and without having to add custom add-ons for FeedWordPress. Enjoy!

MINOR CODE MODERNIZATION, PHP 7.1 COMPATIBILITY AND BUG FIXES. This project is now 12+ years old (good lord), and there are still some places where code was written at a time when PHP was a very different language from what it is now. Props to @david-robinson-practiceweb for pointing out and sending a pull request to fix some instances where obsolete PHP reference notation (&$q on parameters and so on) created a compatibility problem for PHP 7.1. Props to an email correspondent for pointing out a place in SyndicatedPost where excerpts should be generated from post content using encoding-aware mb_substr(), instead of naively running them through substr(). I've begun making some efforts throughout to begin auditing some of the creakiest old code in the project, to update what needs updating and improve documentation throughout.

PARTIAL FIX FOR 2X DUPLICATE POSTS APPEARING ON DUAL HTTP/HTTPS SITES: Some users reported an issue in which their FeedWordPress sites, which are over both insecure HTTP and over HTTPS, would pick up exactly 2 copies of every post or almost every post from certain feeds, and where the guids for each of the pair of duplicate posts would look exactly alike, except for a difference in the protocol, for example:

http://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545 https://www.example.com/?guid=c1cd28da39e8d7babcf6499983aca545

... where www.example.com is the server that your own copy of FeedWordPress is installed. This release of FeedWordPress normalizes post guid prefixes so as to avoid or limit the scope of this problem.

PHP 7 Compatibility: eliminate remaining sources of PHP 7 compatibility-check failures -- remove the use of depreciated mysql_error() function, and make sure all classes make use of __construct() convention for constructors.

AVOID "PHP Warning: shell_exec() has been disabled for security reasons in [...]/feedwordpress/feeds-page.php on line 197": FeedWordPress uses the PHP shell_exec() function in a very narrowly limited way for information gathering, trying to find the real path to curl or wget on your system, so that it can give as realistic as possible a recommendation for the sample crontab line displayed in Syndication > Feeds & Updates. Some web hosting environments disable shell_exec for security reasons (since it could in theory be used to do a lot more stuff than the very limited information gathering FWP uses it for); in which case, this part of the code in FeedWordPress could spit out a nasty-looking and potentially worrisome-looking error message. So, now this code is fenced with checks to make sure that shell_exec is available, before FWP attempts to make use of it.

WORDPRSS BACKWARD COMPATIBILITY FOR VERSIONS [4.5, 4.7]: This change fixes a fatal PHP error (on some web server configurations you'd see the message "Fatal error: require_once(): Failed opening required '[...]/wp-includes/class-wp-feed-cache.php'" on others, you might just see an HTTP 500 Internal Server Error or a blank page) when using FeedWordPress with versions of WordPress before 4.7. A change that I introduced to avoid a code module that had been deprecated in version 4.7 ended up relying on code modules that were only introduced as of version 4.7; so now, instead, FeedWordPress attempts to detect which modules the current version of the WordPress core makes available, and load the right modules depending on your WordPress version.

In theory, up to this point, FeedWordPress supported any version of WordPress from version 3.0 onward. In practice, version 3.0 was released over 6 years ago, and I can realistically commit only to testing out new releases of FeedWordPress with a few prior versions of WordPress; so I've updated the "Requires at least" field to version 4.5, the first major release issued in 2016. If you've really got to use FeedWordPress with older versions of WordPress, it will probably still work with any moderately modern release of WordPress, but I won't promise to keep it working with releases of WordPress that are more than about a year old.

WORDPRESS COMPATIBILITY: Tested with new versions of WordPress up to 4.7.

PHP WARNINGS UNDER WP 4.7: Eliminated cause of a PHP warning under WP 4.7 "Parameter 1 to FeedWordPressHTTPAuthenticator::set_auth_options expected to be reference" Warnings were due to a change in how http_api_curl hook is sometimes called in WP 4.7; so I changed the signature of the event handling method to avoid the notice. Props to @cogdog, @froomkin, @gwynethllewelyn et al. for flagging the issue and @garymarkfuller for suggesting a preliminary fix to the issue that was fairly similar to the solution I ended up adopting.

PHP 7 and PHP Strict Standards compatibility changes: @alexiskulash @daidais and @zoul0813 all sent pull requests through Github to fix some issues from a very old code base that has made its way from PHP 3.x through 5.x to the roll-out of PHP 7. Class methods should now fare better under modern versions of PHP and generate fewer "Deprecated" notices.

IMPROVEMENTS TO SCHEDULED AND AUTOMATIC UPDATES: use wp_loaded hook to check for magic URL parameters and to execute updates, to do pageload-based automatic updates, etc. Ensures that anything plugins or themes need to do in init to set up custom post types, taxonomies, etc. will be done before the update_feedwordpress updates are attempted. If you saw posts not getting put into the correct custom post type or custom taxonomies or similar problems when performing scheduled updates, but the problem seemed to go away when you manually performed updates through the wp-admin interface, then you might be able to solve those problems with this update.

WORDPRESS COMPATIBILITY: Tested with new versions of WordPress up to 4.5.

FILTERS AND ADD-ONS: Allow filters and add-ons to filter terms and taxonomy (categories, tags, custom taxonomies, etc.) more thoroughly and more fine-grainedly using syndicated_post_terms_match, syndicated_post_terms_match_{taxonomy}, syndicated_post_terms_unfamiliar, syndicated_post_terms_mapping, syndicated_item_feed_terms, and syndicated_item_preset_terms filters.

FILTERS AND ADD-ONS: Globals $fwp_channel and $fwp_feedmeta REMOVED. These global variables, originally introduced to allow filters access to information about the source feed in syndicated_item filters were deprecated 6+ years ago. If you have any filters or add-ons which still depend on these global variables, you've been using obsolete techniques and you should see about fixing them to access data about the source feed using the SyndicatedPost::link element instead. For documentation, see the FeedWordPress documentation wiki at http://feedwordpress.radgeek.com/wiki/syndicatedpost and http://feedwordpress.radgeek.com/wiki/syndicatedlink.

BUGFIX: Syndication > Diagnostics HTTP diagnostic test widget was broken due to a dumb error on my part. Now fixed.

SMALL CODING CHANGES: Lots of small changes to code organization, incorporation of some PHP 5.x coding conventions, etc.

IMPORTANT SECURITY UPDATE: This version includes two important fixes for potential security vulnerabilities reported to me through support channels.

The first is a common problem across several plugins due to an ambiguity in the WordPress documentation and a change in the behavior of WordPress's built-in add_query_arg() and remove_query_arg() functions which could, under certain low-probability conditions, allow for potential XSS attack vectors. This fixes issue # 39 reported at https://github.com/radgeek/feedwordpress/issues/39 Thanks to github.com/quassy

The second is a security vulnerability fixes a security vulnerability that was reported to me privately (thanks to Adrin M. F.) which, under other low-probability conditions, could allow for SQL insertion attacks by a malicious user with access to login credentials, which would compromise data security.

It is IMPORTANT and worth your while to upgrade FeedWordPress as soon as possible in order to eliminate these vulnerabilities. If you have any questions or if there is something blocking you from making the upgrade which you need my help with, don't hesitate to get in touch.

ADMIN UI BUGFIX: "Update Now" button in feeds setting pages should now work once again instead of causing a PHP fatal error. See https://github.com/radgeek/feedwordpress/issues/46

SEVERAL OTHER SMALL BUG FIXES. See https://github.com/radgeek/feedwordpress/issues/32 https://github.com/radgeek/feedwordpress/issues/30 https://github.com/radgeek/feedwordpress/issues/29 etc.

FILTERS AND ADD-ONS: A number of new hooks for filters and add-ons to further customize the behavior of FWP have been added.

COMPATIBILITY/BUGFIX: Many users saw odd characters, especially "n," appearing in posts in versions of WordPress from 3.6 on, due to a change in when the API expects HTML data for posts to be slashed and when it does not. This has been fixed, so that the junk characters should no longer appear, regardless of your version of WordPress.

BUGFIX: A bug preventing FWP from saving categories assigned under Syndication > Categories & Tags has been fixed.

BUGFIX: Post-editing related metaboxes should now show up when you edit items of any post type, including custom types, not only normal WordPress posts.

BUGFIX: A bug in the admin UI that caused the "Alternative Feeds" / "Find Feeds" box to throw a permissions error has been fixed.

BUGFIX: A bug preventing proper mapping of categories and other terms in 2013.0504 has been fixed.

BUGFIX: A number of small fixes contributed through Github by Flynsarmy should eliminate PHP warnings for many users on several methods that are called as static methods within FeedWordPress.

WORDPRESS VISUAL EDITOR FIXED. There was an unlisted change in the 2012.1212 release which had the effect of disabling the WordPress Visual Editor for all posts syndicated by FeedWordPress. Many users reported this as a bug. It was actually a deliberate decision -- a crappy way to try to deal with a crappy situation. (Many users had previously reported a "bug" in which all the paragraph or line breaks seemed to be stripped out of their syndicated posts; the issue turned out to be that the Visual Editor was stripping out <p> and <br/> tags on the assumption that the resulting post would be sent through standard WordPress formatting filters. But under default settings, posts syndicated by FWP deliberately bypass WordPress formatting filters.) In any case, this version adopts a more flexible compromise. If FeedWordPress is set up to bypass WordPress formatting filters (as it is by default), then the Visual Editor will be disabled for syndicated posts (since using it would produce incorrect results). If on the other hand FeedWordPress is set up to expose syndicated posts to WordPress formatting filters (as it usually is for those using the Visual Editor to manually edit posts), then the Visual Editor tab will be re-enabled for syndicated posts.

BUG FIX: PERMALINKS REWRITTEN FOR CUSTOM POST TYPES AS WELL AS NORMAL WORDPRESS POSTS. If you had WordPress set up to syndicate incoming posts to a custom post type (under Syndication > Posts & Links), and asked FeedWordPress to make "permalinks point to the original site", then previous versions of FeedWordPress would fail to do the rewriting -- permalinks would only be rewritten to point to the original source for normal WordPress posts, not for custom post types. In 2012.1218 this bug has been fixed: all post types will now have permalinks rewritten unless you request for permalinks to point to the local copy on your aggregator site.

BUG FIX: ELIMINATES "PHP Fatal error: Call to a member function setting() on a non-object...." Some changes to the in-memory caching of information about feed subscriptions could result in a fatal PHP error in cases where you have de-activated one of your subscriptions, but posts from that subscription were still in the archive. This would normally show up through half-completed feeds or half-completed pages that suddenly broke off in the middle, and displayed or logged an error message like: "PHP Fatal error: Call to a member function setting() on a non-object in {...}/wp-content/plugins/feedwordpress/feedwordpress.php on line 615". This bug has been eliminated, so affected feeds and pages should now render correctly, and the error message should no longer appear.

BUG FIX: CATEGORY BOXES IN SYNDICATION > CATEGORIES & TAGS. Some minor bugs in the appearance and animation of category checkboxes (for example, the checkbox used to select categories for syndicated posts on the Syndication > Categories & Tags settings page) have been fixed.

WORDPRESS 3.5 COMPATIBILITY: This release has been tested for compatibility with new releases of WordPress, up to version 3.5, and any documented compatibility issues have been cleared -- in particular, if you were seeing error pages stating that you don't have permission to access the FeedWordPress Syndication page within the WordPress admin interface, then upgrading to this release should fix the problem.

As always, if you encounter any compatibility problems after upgrading your version of WordPress and your version of FeedWordPress to the most recent versions, please contact me with as detailed a description as possible of the issue you are encountering, the circumstances you're encountering it under, what you expect to see happening, and what is happening instead.

PHP 5.4 COMPATIBILITY: This release has been audited to fix potential problems with deprecation notices or fatal errors under recent versions of PHP. In particular, all uses of run-time pass-by-reference have been eliminated from the code; if you were seeing a fatal error reading "Call-time pass-by-reference has been removed ..." then upgrading to this release should fix the problem.

CUSTOMIZATION FRAMEWORK: A great deal of work has been done to make the underlying framework more flexible, so that PHP add-ons can be written to adapt FeedWordPress to handle custom XML vocabularies, expiration of posts under specified conditions, and other custom behavior.

BUGFIX: MANUALLY EDITED POST SLUGS NOT OVERWRITTEN. Thanks to a report by Chris Fritz, I've identified some code that causes post slugs for the posts generated by FWP to be rewritten with every update, even if the user has manually updated the slug from within the WordPress editing interface. This has been fixed: FWP will continue to generate new slugs for syndicated posts, but when syndicated posts are updated, they will retain the slug that they had at the time of the update; any manual changes to the post slug should be preserved.

USER-AGENT STRING: FeedWordPress now sends a distinctive User-Agent string identifying itself, and noting that it is a feed aggregator.

MISCELLANEOUS PERFORMANCE IMPROVEMENTS: A number of changes have been made to try to reduce the intensity and expense in terms of both database performance and web server memory consumption.

DIAGNOSTICS IMPROVEMENTS: A number of new and improved diagnostics have been added which should aid in understanding and troubleshooting issues that may arise.

BUGFIX: "THERE ARE NO HTTP TRANSPORTS AVAILABLE" ERROR FIXED: The initial support for HTTP Basic and Digest authentication in version 2011.1018 contained a bug that could cause HTTP requests for feeds or for other WordPress resources to break down if you do not have the PHP curl module installed. This bug has been fixed, and these errors should no longer appear.

IMPROVED HTTP AUTHENTICATION SUPPORT: In addition, the HTTP Authentication support in FeedWordPress has been extended, to ensure that Basic authentication is available in many web host configurations, and to allow you to add a username and password for a feed immediately when you subscribe to it.

HTTP BASIC AND DIGEST AUTHENTICATION SUPPORT: FeedWordPress now offers improved support for syndicating feeds that make use of HTTP Basic or HTTP Digest authentication methods. In order to set up authentication on one of your feeds, just go to its Settings > Feed page, and click on the "Uses Username/Password" link underneath the Feed URL. Enter the username and password for accessing the feed, then select the authentication method. (If you're not sure which method your feed provider uses, try Basic first.) Save Changes, and syndicate away.

NOTE: HTTP Digest support requires the curl module for PHP. If you are not sure whether this module has been installed, contact your web hosting provider to check.

WP 3.3 (BETA) COMPATIBILITY: This version fixes an init-sequence bug that could cause intrusive warning messages or fatal errors in WP 3.3 beta versions.

BUGFIX: FIXES LONG DELAYS IN UPDATES SCHEDULES IN LARGE INSTALLATIONS. A performance feature introduced in version 2011.0721 had some flaws in its implementation, which tended to create serious delays (on the order of several hours) in FeedWordPress's attempts to schedule updates for feeds, when users had a very large number of feeds (several dozen or more) in their FeedWordPress installation. This feature has been reconfigured to adjust dynamically to the number of feeds in Syndicated Sources and the frequency with which they are updated. If you've seen a lot of ready-to-update feeds piling up, several hours after they were supposed to get updated, then this upgrade should better ensure that your feeds get updated in a timely fashion.

BUGFIX: syndicated_item_guid FILTERS FIXED. Previous versions of FeedWordPress theoretically allowed for filters on the syndicated_item_guid hook, which was intended to filter the globally-unique identifier element (rss:guid or atom:id) -- useful if you need to convince FeedWordPress to use different guids, or to recognize two or more incoming posts as versions of the same post rather than as distinct items. However, while the hook affected the guid stored in the WordPress database, it did not affect the guid used to check whether an incoming feed item had already been syndicated or was a new item -- which greatly limited the practical usefulness of the filter. This bug has been fixed: syndicated_item_guid filters should now properly control not only the final database record, but also the initial uniqueness test applied to posts.

BUGFIX: SERIOUS BUG CAUSING RARE UNEXPECTED DELETION OF PAGES AND OTHER CONTENT. A bug in the guid-checking code for some rare kinds of guids could cause content in the wp_posts table to seemingly disappear at random after FeedWordPress updates.This most frequently but not exclusively affected static pages. What actually happened is that in these rare cases the existing static page was mistaken for an older version of the new incoming syndicated post, which was then stored as a new revision of the original page. The bug that caused these mistaken identities has been fixed.

BUGFIX: UNWANTED AUTOMATIC PAGE-LOAD-BASED UPDATES NO LONGER A NUISANCE. Some users encountered a bug in which FeedWordPress would adopt an automatic page-load-based update method, even if they had requested that it not do so, and that it use a manual or cron job update method instead. The bug causing this has been fixed, and page-load-based updates should no longer trigger unless explicitly turned on.

WP 3.2 USER INTERFACE COMPATIBILITY: POST TAGS BOX NOW WORKS AGAIN. The release of WordPress 3.2 caused a breakage in the tags box which prevented you from adding or removing tags under Syndication --> Categories & Tags. (The breakage was the result of an incompatibility introduced by the new release of jQuery.) This breakage has now been fixed, and the tags box should work correctly again.

FEED UPDATE SCHEDULING IMPROVEMENTS: UI. The Syndicated Sources table now provides considerably more data to understand update scheduling, when specific scheduling decisions are made because of, e.g., requests from the feed producer.

FEED UPDATE SCHEDULING IMPROVEMENTS: ENFORCEABLE "MINIMUM INTERVAL" SETTIN TO SPACE OUT UPDATES. Some feeds request specific update schedules, using standard elements such as sy:updateFrequency and rss:ttl. Normally, FeedWordPress respects any scheduling requests that a feed makes -- if it requests a longer gap between polls than what FWP would normally adopt, then FWP slows down to meet the request. If it indicates a shorter gap than what FWP would normally adopt, FWP speeds up and checks that feed for updates more often than it normally would. Now, there should not be any way for user settings to override an explicit slow-down request from the feed producer -- if producers indicate a particular update schedule, then polling the feed more frequently than they request is considered abusive behavior. But there's no reason why users should not be able -- if they so desire -- to override speed-up requests, and poll a feed less frequently than the indicated update schedule, if the FWP user wants to space update checkins over a longer interval of time. Before, they could not do this: FWP always sped up to meet the indicated update schedule. Now, they can do this, by using the new "Minimum Interval" setting in Syndication --> Feeds & Updates..

WP 3.2 COMPATIBILITY: ELIMINATES FATAL ERROR "Call to undefined method WP_SimplePie_File::WP_SimplePie_File() in [...]/wp-content/plugins/feedwordpress/feedwordpress.php on line 1841." The latest release of WordPress, version 3.2, has shifted the minimum requirements up to PHP 5.2, and in line with the shift to PHP5 they have rewritten a number of code segments that made use of now-obsolete PHP4 idioms. Unfortunately, this caused a fatal error whenever FeedWordPress attempted to make use of the cache, since FWP's caching plugin was written to match the older idiom. FeedWordPress has been updated to follow the new, PHP5 idiom when possible, thus eliminating the fatal error.

PERFORMANCE: The handling of queries to determine whether posts had been previously syndicated produced some very slow queries (usually, but not always, involving a scan over the MD5(post_guid) column of the table). The code that prepares MySQL queries for previously-syndicated checks has been revised to eliminate the MD5(post_guid) scan entirely, and to significantly improve performance by eliminating other unnecessary clauses.

BUGFIX: NO LONGER DESTROYS STICKY POSTS. Previous versions could destroy (or, more precisely, replace the content of) sticky posts due to some queries mashed together in unexpected ways by WordPress. Version 2011.0706 accounts for and eliminates the problem; your sticky posts should be safe once again.

BUGFIX: GUIDS CONTAINING MYSQL-ESCAPED CHARACTERS NO LONGER CAUSE DUPLICATE POSTS TO APPEAR. One remaining source of duplicate post issues in 2011.0602 was guids that contained characters that needed to be escaped for MySQL, such as single quotes and double quotes. The work-around for handling filtered URIs has now been corrected to ensure that these do not cause duplicate posts.

WP 3.1.3 COMPAT / BUGFIX: WHITESPACE IN GUIDS NO LONGER PRODUCES DUPLICATE POSTS. The work-around for handling filtered URIs in guid elements has now been extended to handle URIs that were filtered because of leading or trailing whitespace, in addition to URIs that were filtered because of unapproved schemes.

WP 3.1.3 COMPAT / BUGFIX: RELATIVE URLS IN GUIDS NO LONGER PRODUCE DUPLICATE POSTS. The work-around for handling filtered URIs in guid elements has now been extended to handle URIs that were altered without being filtered out entirely (most commonly because a scheme was added to a relative URL).

BUGFIX: UPDATES TO POST NO LONGER CAUSE DUPLICATE DRAFT VERSION TO APPEAR. Under certain conditions in 2011.0531, an update to an existing post would not be properly applied to the post itself, but rather would appear as a duplicate post with Draft status. This bug has been eliminated, and updates will now be properly inserted as revisions to the existing post.

WORDPRSS 3.1.3 COMPATIBILITY: DUPLICATE POSTS ISSUE FIXED. Due to internal changes in the way that WordPress handles post guids in the most recent release (3.1.3), many users experienced problems with many duplicate posts appearing in rapid succession. (Specifically, this would happen with any posts using tag: URL guids -- such as all the posts coming from Blogger feeds or feeds from other Google services.) This compatibility release of FeedWordPress eliminates the issue by working around the new restrictions on tag: URLs.

NEW AND IMPROVED DIAGNOSTICS: Syndication --> Diagnostics now contains some new diagnostics settings useful for debugging problems with duplicate posts (allowing you to easily view the guid of posts in the WordPress posts database and allowing you to track the SQL used to check for existing versions of a syndicated post).

DIAGNOSTICS IMPROVEMENTS; "THERE MAY BE A BUG IN FEEDWORDPRESS" CRITICAL ERROR NOTICES ELIMINATED: This version includes some major improvements to the Syndication --> Diagnostics section, which should aid in troubleshooting difficulties with items failing to be imported, posts failing to be properly inserted into the database, or updates failing to be recorded. If you have been encountering critical error / bug notices with a white screen and the message "THERE MAY BE A BUG IN FEEDWORDPRESS," followed by an extraordinarily long dump of mostly incomprehensible diagnostic information, you'll be happy to know that the condition causing these notices has been eliminated. In the few cases where errors may still crop up with database insertions, FeedWordPress will now produce a significantly more manageable and more useful diagnostic message.

BUGFIX: NEW POSTS FAILING TO APPEAR IN A CLEANLY-INSTALLED FEEDWORDPRESS SYSTEM. If you encountered a recurring problem with FeedWordPress failing to import new posts, after a clean install of FeedWordPress (i.e., not an upgrade from a previous version), this problem may have been the result of a bug with author-handling which has now been fixed in the 2011.0512 release. (If the problem does not go away with the upgrade, this version also includes significant improvements to the Diagnostics system, which will help track down what is causing it in your particular case.)

PERFORMANCE: New handling of update hashes allows FeedWordPress to avoid a certain kind of infinite loop, caused when two more more different syndicated feeds each carried a version of the same item (for example, because it appeared on two different aggregator feeds that you're syndicating). In previous versions, when this kind of loop cropped up, syndicated posts could pile up an indefinitely large number of revisions -- each revision alternating between the version from each of the two feeds where it appeared -- which would, over time, dramatically inflate the size of the database, and kill the performance of queries on the post table. This issue has been resolved: revisions of the post that have been syndicated once will not be re-syndicated over and over again.

AUTHOR LISTS: Lists of authors presented on the Author settings pages should now be easier to scan through, with author names arranged in alphabetical order.

FEED ITEM DATE PARSING: More tweaks to make date-time handling more resilient when feeds provide broken or weird values for the timestamps on syndicated items. FWP will now attempt to work around unparseable timezone values.

AUTHOR MATCHING: Now attempts to match author names against the WP login name in addition to display_name; when creating user record, also fills in some best-guess values for nickname, firstname and lastname. Also properly picks up Atom 1.0 author/uri data from feed.

COMPATIBILITY: FeedWordPress has been successfully tested for compatibility with recent releases of WordPress, up to version 3.1.2.

WORDPRESS 3 REQUIRED: Please note that this release of FeedWordPress requires WordPress 3.0 or later. If you are currently using a 2.x branch of WordPress, you will need to upgrade to WordPress 3 before you can successfully upgrade FeedWordPress.

BUGFIX: NO MORE DISAPPEARING "SYNDICATED SOURCES" PANEL; INTERNET EXPLORER UI GLITCH APPARENTLY FIXED: Several users independently reported a problem with FWP 2010.0623 and various versions of IE. A problem with the HTML markup caused IE (but not Firefox or Chrome) to completely hide the Syndicated Sources administration panel (the main list of currently-syndicated sources, and the main location for adding new sources, under the Syndication menu item) when a user added their first syndicated feed. Maddeningly, the glitch seemed to affect some IE users and not others: I was never able to reproduce the problem for myself on my own machines. However, the markup of Syndicated Sources has undergone significant changes and corrections since 2010.0623, and two independent sources who had been having this problem confirm that they no longer encounter it with the updated version. For the time being, I am going to declare this bug squashed.

BUGFIX: MORE PROTECTION AGAINST FATAL ERRORS FROM PLUGGABLE VERSIONS OF SimplePie: FeedWordPress now takes some precautions that should help to better avoid conflicts for users who have installed pluggable versions of SimplePie for another plugin or theme. (You may not know that you have done this; but if you've been encountering fatal errors indicating that you cannot redeclare class SimplePie, or something along those lines, there is now a better chance that those fatal errors will be eliminated.

PERFORMANCE: SIGNIFICANTLY REDUCED MEMORY CONSUMPTION FOR LARGE UPDATES: FeedWordPress is still a memory-hungry little module, especially when you are dealing with very large feeds. However, users should notice a significant reduction in memory overloads, especially if they update a large number of feeds at once.

USER INTERFACE IMPROVEMENTS: Nothing is radically different, but there's been a fair amount of extra spit and polish added, including a convenient new Dashboard widget that may save you a trip to the Syndication menu, a lot of effort to make the relationship between global and feed-by-feed settings more obvious to the user and more easily controllable, to make navigation between settings pages easier, to sand off a few rough edges, and to make other improvements on the margins. I hope you'll like how it looks.

ADDING MULTIPLE FEEDS: FeedWordPress now provides a convenient mode for adding multiple feeds at once, using either a copy-and-pasted list, or else an OPML file. Go to Syndication --> Syndicated Sources and check out the two new buttons underneath the New Source input box. When you have to add a number of feeds at once, this can save you considerable time and trouble.

IMPROVED HANDLING OF AUTHORS WITH DUPLICATE E-MAIL ADDRESS AND AUTHORS WITH NAMES WRITTEN IN FOREIGN SCRIPTS: WordPress 3 is increasingly picky about what it will accept for new author accounts, and some of the conditions it imposes can cause error conditions that prevent posts from being properly syndicated, or properly attributed, if authors happen to have identical e-mail addresses, or if users are given usernames that are written in non-Western scripts. FeedWordPress now handles these much better, and systematically works to avoid clashes between syndicated authors' account names or in their e-mail addresses, which should result in significantly better results in mapping author names to WordPress user accounts.

MAPPING CATEGORIES ON SYNDICATED POSTS TO TAGS NOW BETTER SUPPORTED: In previous versions, the only way for the Categories provided by a syndicated feed to be mapped into Post Tags was to instruct FWP to create new tags, rather than new categories, for unfamiliar categories from the feed. This works fine if you want tags to be the default; but if you want only a specific set of tags, there was no way to get them without getting most or all other categories imported as tags. You can now do this by creating a tag (under Posts ==> Post Tags) before importing the post; when the syndicated category matches a pre-existing tag, the incoming post will be tagged with that tag, without creating a local Post Category.

REL-TAG MICROFORMAT SUPPORT FOR INLINE TAGS: Syndicated posts that contain inline tags, marked up using the Rel-Tag microformat http://microformats.org/wiki/rel-tag, are now tagged with the tags provided by Rel-Tag format links.

MUCH GREATER CONTROL OVER CATEGORY AND TAG MAPPING: This is partly the result of building in support for a potentially endless set of custom taxonomies (see below), but in general there has been a great deal of effort towards giving you more control over how categories and tags provided by the feed are mapped into terms on the local blog. In particular, you can now force FeedWordPress to create only categories from categories and tags provided by the feed; or to create only tags; or to search both categories and tags for a match; or you can simply force it to drop all of the categories provided by the feed and use only categories or tags that you explicitly provide. In addition, you can now also choose whether to override global categories settings with a local, feed-specific setting; or whether to add together both the global categories and the local feed-specific categories -- depending on whatever your use-case may demand.

CUSTOM POST TYPES AND TAXONOMY SUPPORTS: This is mainly for the super-geeky, but if you use other plugins or themes that make significant use of WordPress's support for custom post types and custom taxonomies, you may be pleased to find that FeedWordPress now allows you to feed incoming posts into any custom feed type that you wish, and to map categories and tags from the feed to custom taxonomies as well as to the standard Category and Tag taxonomies.

STORING NAMESPACED CUSTOM FEED ELEMENTS IN POST CUSTOM FIELDS: If you would like to use FeedWordPress's support for storing custom meta-data from feed elements in the custom fields for a post (for example, to store geolocation data or iTunes media meta-data), you'll find that it's now much easier for you to access these namespaced elements. You always could access them, but in previous versions you might have to write something ugly like $(/{http://www.w3.org/2003/01/geo/wgs84_pos#}lat) just to get at the value of a <geo:lat> tag. Now, as long as you use the same mnemonic codes that the feed producer used, you should always be able to write a nice, simple expression like $(/geo:lat) to get the value of a geo:lat tag.

CUSTOM DIRECTORY STRUCTURE SUPPORT: if you poke at it enough, WordPress is relatively flexible about where it should store admin interface code, uploaded content, plugins, and a number of other things that occupy an important place in the WordPress directory structure. Previous versions of FeedWordPress encountered serious errors or broke entirely when used with directory structures other than the default. This should now be fixed: FWP now supports custom directory structures wherever WordPress allows them to be customized, rather than depending on the default locations. Enjoy your freedom!

MANY NEW FILTERS AND API UTILITY FUNCTIONS FOR ADD-ON PROGRAMMERS: There have been too many improvements to list them all in this ChangeLog, but it means that much more power and ease for folks who are customizing FeedWordPress through PHP filters or add-on modules. Fuller documentation will be put up at the Wiki at feedwordpress.radgeek.org soon.

WORDPRESS 3.0 COMPATIBILITY / AUTHOR MAPPING INTERFACE ISSUES: I resolved a couple of outstanding issues with the author mapping interface (Syndication --> Authors), which were preventing new users from being created correctly and author mapping rules from being set up correctly. These partly had to do with new restrictions on user account creation introduced in WordPress 3.0; anyway, they should now be fixed.

MORE EFFICIENT SYNDICATED URL LOOKUPS: Several users noticed that the bug fix introduced in 2010.0528 for compatibility with post-listing plugins caused a lot more queries to the database in order to look up numerical post IDs from the URL provided to the filter. This shouldn't cause any major problems, but it is not as efficient as it could be; the code now takes advantage of a more efficient way of doing things, which usually will not require any additional database queries.

SIMPLEPIE FEED UPDATE ISSUES: If you have been having significant problems with getting feeds to update correctly, this may be the result of some bugs in the implementation of SimplePie caching that ships with WordPress (as of version 3.0). (You would most commonly experience this error if you continually saw errors such as "No feed found at <...>" in your updates.) Fortunately, SimplePie allows for a great deal of extensibility and this allows me to work around the problem; these error conditions should now be mostly eliminated when the underlying feed is valid.

UI: SHOW INACTIVE SOURCES: When you use the default unsubscribe option -- which turns off the subscription to a feed while preserving the posts from it and the syndication-related meta-data for the feed -- the unsubscribed feed can now easily be viewed in a special "Inactive" section of the Syndicated Sources page. (As a side benefit, if you've accidentally, or only temporarily, turned off the subscription to a feed, it is now much easier to restore the feed to being active, or to delete it permanently, if you prefer.

UI: FEED FINDER / SWITCH FEED INTERFACE IMPROVEMENTS: changes to styling and options for the feed finder / switch feed, which should now make it easier, in some cases, to find alternative feeds, and make interface options more clearly visible.

FILTERS: syndicated_item_published and syndicated_item_updated NOW PROPERLY AFFECT THE DATING OF POSTS. These filters used to affect some date-related settings, but not others -- and, most importantly, not the final date that is set for a post's publication or last-modified date in the WordPress database. Now, they do affect that, as they should. (Filters should receive, and return, a long integer, representing a Unix epoch relative timestamp.)

MAGIC URL TO CLEAR THE CACHE: Suppose that you need to clear the feed cache, for whatever reason; suppose, even, that you need to clear it on a regular basis. One way you might do this is by logging into the FeedWordPress administrative interface and going to Syndication --> Performance. Another way you might do it, now, is to simply send an HTTP request to a magic URL provided by FeedWordPress: if your blog is at example.com, the URL would be http://example.com/?clear_cache=1

CATEGORY BOX INTERFACE ELEMENT FIXED FOR WP 3.0: Stylesheet changes between WordPress 2.9.x and the WordPress 3.0 RC caused the Categories box under Syndication --> Categories & Tags to malfunction. This has been fixed.

LINK CATEGORY SELECTION BOX IN SYNDICATION ==> FEEDS FIXED FOR WP 2.8 AND 2.9: A WP 3.0 compatibility change introduced in 2010.0531 inadvertently broke the Syndicated Link Category selector under Syndication --> Feeds & Updates in WP 2.8 and WP 2.9, causing the post categories to be displayed in the selector rather than the link categories. This should now be fixed so that the selector will work correctly under both the current versions of WordPress and the 3.0 RC.

MORE PERMISSIVE HANDLING OF FEEDS WITH BAD CONTENT-TYPE HEADERS: One of the small advantages that MagpieRSS had over SimplePie is that it was more tolerant about parsing well-formed feeds that the remote web server happened to deliver with weird or incorrect HTTP Content-type headers. In feeds affected by this problem, the new SimplePie parser would simply fail to find a feed, due to its being led astray by the contents of the Content-type header. This version includes an extension to SimplePie's content-type sniffer that offers more permissive handling of the HTTP headers.

MORE FULL-TEXT "EXCERPTS" NOW PROPERLY SHORTENED. Version 2010.0528 introduced code to control for cases in which elements intended for item summaries are (ill-advisedly) used to carry the full text of posts; past versions of FeedWordPress would simply include the full text of the post in the excerpt field, but newer versions now attempt to detect this condition when it arises and to head it off, by blanking out the excerpt field and filling it with an automatically generated short, plain text excerpt from the full content. This release broadens the test conditions that indicate when an excerpt field is treated as identical to the full text of the post, and should therefore improve the handling of some feeds (such as Google Reader feeds) where the full text of each post was still appearing in the excerpt field.

FILTERS: syndicated_item_published AND syndicated_item_updated FILTERS NOW ALLOW FILTER AUTHORS TO CHANGE POST TIMESTAMPS. You can now use the syndicated_item_published and syndicated_item_updated filter hooks to write filters or add-ons which directly change the post date and most-recently-updated timestamps on incoming syndicated posts. Props to niska for pointing out where the filters needed to be applied in order to change WordPress's internal timestamps for incoming posts.

PERMALINK / CUSTOM FIELDS PROBLEM RESOLVED: An issue in 2010.0528 caused some posts to be imported without the proper syndication-related meta-data being attached (thus causing permalinks to point back to the aggregator website rather than to the source website, among other problems). This problem has been resolved (and a fix has been applied which will resolve the problem for any posts affected by this problem, if the original post is recent enough to still be available on the feed).

UI: The "Back End" section has been split into two separate sections -- "Performance" (dealing with caching, database index, and other performance tweaks), and "Diagnostics" (dealing with debug mode, update logging, and a number of new diagnostic tests which I will be rolling out over the next few releases).

Several minor interface bug fixes and PHP warning notices eliminated.