css.php

Atahualpa and Customizing the Theme

The people behind Academic Commons, at least the WPMU aspects of it, are very, very responsive. I switched to the Atahualpa theme, and took a few minutes to make a header graphic for the sandbox blog.

Some snags on the upload, mostly because it’s a bit clunky to get a header into the system. For some reason, default header image alignment is centered? Not something I would have chosen, but ok.

And then I had to figure out why the left and right portions of my header weren’t showing in the prepared black. Hint: Opacity is set at about 50% by default on the left and right sides of the header (sidebar stuff, really, it seems).

But not that big a deal. I used the logo from atahualpa, tossed it on a black background, and then used the Stop font in my library for the BG image. 20 minutes from start to finish, including some interruptions. And now that I’ve been through it once, I expect it could be done in under 30 seconds if I had a header ready to roll.

Cool feature, for about 5 minutes: I can make lots of headers and they’ll change on new page views. I can imagine this being interesting if I want to show different little graphics in different headers (duck, nail, pig, bird, shoe, whatever).

If you’re not digging into Academic Commons’ WPMU blog, do it now. I feel like there are 3-4 developers responding to my ruminations on “what would be nice” to have in the system. Thanks!

9 comments

  1. Userthemes only allows users to enter raw PHP if they have access to a theme editor, or FTP access to the server. We have it set up so that changes can only come through me… not optimal, I agree, but safe (and few of our users hack on their own… the send me requests that I execute).

    How are you managing Custom User CSS; is it activated sitewide, or are you doing it on a blog-by-blog basis? CSS customization isn’t going to allow a user to add meta data calls to a theme, change navigation in a header, or create custom page templates… in addition to style changes, those are the types of things I most employ Userthemes for.

  2. Well, I’ve been doing some more research on this, and I’m not sure what to think yet. The problem with Userthemes is that it lets users enter raw PHP to run on the server. So a user could do some severe vandalism – like erasing your database! – or steal user data from the database (along with pesky things like fork bombs).

    The plugin I installed here doesn’t give users access to PHP. Instead, it offers users the ability to write an additional stylesheet that is called up on each pageload. Stylesheets are rendered client-side, which means that the potential damage to the server is minimal. But CSS does allow for some naughtiness. It’s possible to embed Javascript in CSS that some browsers aren’t smart enough to block (Internet Explorer, you’ll be surprised to learn! It has to do with IE’s CSS expressions). Thus a bad user could potentially run malicious code of some variety on a visitor’s computer.

    One way to prevent against this – a method that this plugin does indeed take – is to run the user-provided CSS against a blacklist of known CSS vulnerabilities. This eliminates most of the risk, I think. But you can never be sure that a blacklist will be up to date.

    In this case, the risk seems relatively low for what can, as Michael points out, be a great benefit for the right kind of user.

  3. Matt: do you have additional info on risks posed by Userthemes? I assumed it was safe if the installation is stripped of its theme editor, which ours is, but I’d love to hear more detail if you or Boone have done research more recently than I have (I installed it last year).

  4. Cool! I’m seeing some value in this down the road, particularly for a class I teach. One of the reasons I’ve steered clear of WPMU as the blog tool for students in my web writing class is the limited theming options. Lots o’ themes to choose from, but historically very little room for customization. Blogger is very, very different in this regard. I really like the idea of this handy plugin, though I agree that it’s probably for something under 1% of the user community.

    Matt had raised some concerns regarding security breaches if such a customization option was available. Is this resolved? Or perhaps the plugin approach addresses the concern?

  5. Hi Michael,

    I thought you might like to know that I just installed a plugin called Custom User CSS. It allows any user to add CSS that supplements or overrides the standard theme CSS (tip: if you’re overriding an already-existing style, append with !important to make sure your style is prioritized). You can access this plugin via Dashboard > Settings > Custom User CSS.

    I imagine that most users won’t have much use for this plugin, but the few who are into CSS design – like you – should have a blast with it.

  6. Michael: got your email, but haven’t had a chance to respond to your server questions yet. We might pull Matt and Andre Pitanga, who runs the server that hosts the Commons, into that conversation as well.

    And, if you dig the rotating header function of Atahualpa, just wait to see what Zoe Sheehan Zaldana is going to show off at WordCampEd on Friday…

  7. Thanks, Michael. George Otte, who is heading up this project, recently described our task as “trying to build the plane as we’re trying to fly it.” That seems an apt description, to me, for a site that we hope will stay in perpetual beta in order to remain responsive to the needs of its users.

    You’re right that the WPMu side of the site is powerful, but we’re also trying to create an environment in which users can create groups to mobilize a number of people across the system around certain issues or subjects. One of our big goals in the coming months is to redesign/rework the group interface so that it better responds to the needs of users.

    There is only one admin team here, and again, on behalf of that admin team, let me say that we’re really excited to have people aboard who are testing the limits of the Commons and pushing us to extend its functionality in new and imaginative ways. Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *