Downgrade to MT 2.65

| 7 Comments

It's been two days since MT 2.661 was released and I haven't heard any word on whether another upgrade will be released to address issues and complaints from MT users. Looking at changes in 2.66 and 2.661, I decided to downgrade my MT installation back to 2.65 for the following reasons:

1. Unwilling to give up MT-Blacklist in order to able to use ThrottleSeconds parameter in mt.cfg

MT-Blacklist 1.62 prevents the ThrottleSeconds parameter from working at all. If I have to choose one over the other, I'd rather have MT-Blacklist. I have yet to be hammered with dozens or hundreds of comments, which ThrottleSeconds is supposed to help protect against. MT-Blacklist provides protection from and easy removal of comment spam, no matter how many or few there are.

2. MTCommentAuthorLink redirection

I don't see anything to like about this. MT 2.6 appended the destination URL to the end of the redirect link, but this opened a security hole where malicious users could use MT as a relay to visit any URL. MT 2.661 fixed this by appending the comment ID instead, and letting MT look up the URL in the comment database. The new code in 2.661 now causes an error to be thrown on the comment preview page, because comments don't have a comment ID before they are posted.

A side-effect of the 2.661 redirect links is that you can no longer tell what the destination URL is (by hovering the mouse over such a link) without clicking on the link (and hoping for the best) or looking up the link in the comments database. This alone was enough for me to be against the whole idea of redirects (not that I was ever comfortable with them in the first place).

3. Improved e-mail address validation of mt-send-entry.cgi.

I don't use mt-send-entry.cgi, so I don't see any of the benefits from improving its code.

Since I can't use the ThrottleSeconds parameter, do not want redirected MTCommentAuthorLink URLs, and do not use mt-send-entry.cgi, not only do I receive zero benefit from upgrading to 2.6 or 2.661, I get a couple of problems that I didn't have before and do not want. Downgrading to back to MT 2.65 seemed to be the only logical choice.

7 Comments

Yeah, I had planned to use this evening after work for upgrading from 2.65 to 2.661, but true to my compulsive nature I researched the upgrade on MT's forums and saw your difficulties (monist a slew of others') and have opted to refrain from upgrading for basically the same reasons you "downgraded" back to 2.65. Perhaps we will just wait for 3.0.

Hi, I was wondering what you thought about OptionalRedirect by David Raynes. I've not tried it yet, but am interested in implementing it (my blog has received a total of only one comment spam in the six months that it's been up). I don't mind the redirect so much as I mind the inability to tell where you're going until you click the link (which, I guess, means that I do mind the redirect after all, heh).

Also, I tried implementing DeadPool2's solution to the error code in comment preview, but I must have botched it up worse somehow. When I attempted to rebuild a recent entry, I got an ugly error message during rebuild. I didn't bother copying the message; I simply reverted back to the original context.pm file and it worked again. *sigh* I guess I'm not good at patching up code and stuff...

Ack, omg, I didn't realize you allowed email addies to show up as author links! Please edit my last comment to show my url instead... thnx!

I was wondering what you thought about OptionalRedirect by David Raynes.

It looks okay in concept, but there seems to be a couple of bugs in it. Read through the comments on David's web site - one is if you use the "spam_protect" attribute for comment author e-mail addresses, errors will be displayed when the blog is rebuilt. It doesn't seem that a new version has been released to address these problems, so you would have to patch the plugin code yourself to fix them. (The patches are also posted in the comments.)

I just visited D. Raynes' site as you suggested and I found out that MT-Blacklist v1.63 beta now supports Movable Type 2.661. Anyway, regarding the Optional Redirect spam_protect bug, I doubt I'd have a problem with that, since I don't allow email addresses to show up as author links. I guess I'll go ahead and try it and see if I encounter any problems. Thanks again!

Easiest way to get rid of the redirect is to just grab the old code from 2.65 and hack it into the new Context.pm