Ian Dunn » WordPress

Cross Site Scripting Vulnerability in Subscribe2 Plugin

Ian — Fri, 18 May 2012 18:10:19 +0000

News of the XSS bug in Subscribe2 didn’t show up in any of my RSS feeds or mailing lists, even though it’s a fairly popular plugin, so I wanted to make a note of it in case anyone else missed it. Version 8.2 has a fix for it.

Creating Admin Notices From a WordPress Plugin

Ian — Tue, 15 May 2012 20:53:56 +0000

I just threw a couple small PHP classes up on GitHub that I use in almost every WordPress plugin I write. The first is IDAdminNotices, which is a clean and easy way for plugins and themes to send messages/errors to the user within the Administration Panels. The second is IDDescribeVar, which will outputs the type, length and contents of a variable in a readable format, and send it to wp_die(), die(), return, set_transient(), or an IDAdminNotice.

Preventing Callback Functions From Executing Multiple Times

Ian — Thu, 19 Apr 2012 17:52:33 +0000

Many actions in WordPress will fire multiple times, which can lead to performance drags and undesired/intuitiveness results. Pippin Williamson points out that you can check how many times an action has already run, and modify your code to respond accordingly.

New WordPress Security Plugin

Ian — Mon, 09 Apr 2012 18:36:11 +0000

In the past I’ve used Login Lockdown and Login Lock to block brute force attempts against WordPress installations, but Login Lockdown isn’t actively maintained and Login Lock has some serious bugs/security vulnerabilities. Recently Daniel Convissor released a new plugin called Login Security Solution that has the same basic features of Login Lockdown and Login Lock, but without the problems they have. He’s also added several more... [more]

Using Constants for a Text Domain in WordPress

Ian — Mon, 26 Mar 2012 18:49:51 +0000

Normally any kind of global values that don’t change within a program’s execution should be defined as constants, but text domains within internationalized WordPress plugins are an exception to that rule. Mark Jaquith explains why it’s important to use a string instead.

WordPress Developer’s Meetup Presentation on Child Themes

Ian — Tue, 20 Mar 2012 01:33:40 +0000

I’ll be giving a presentation on building Child Themes at the Seattle WordPress Developer’s Meetup tomorrow. You can follow along with the presentation if you plan on attending.

BackPress PHP Library

Ian — Fri, 09 Mar 2012 21:47:58 +0000

BackPress is a useful project that packages the re-usable code from WordPress into an independent library you can use in non-WordPress projects.

Including External View Files in WordPress Widgets

Ian — Thu, 23 Feb 2012 01:22:23 +0000

I ran into a problem today while cleaning up and modifying some widgets. I moved all of the markup inside widget() to an external view file, and then included it via require_once(), which worked fine. I then tried to do the same thing inside form(), but didn’t get any output. It turns out that you can’t use include_once() or require_once() inside form(), you have to use include() or require() instead. It’s a good idea to use include() or require() anyway, though, in case the widget has multiple instances.

Comparing WordPress, Drupal and Joomla in 2011

Ian — Tue, 21 Feb 2012 18:41:54 +0000

Ok, so it’s already 2012, but I just came across an article comparing the three from last year and it was a good read. Like a lot of articles, though, the real value is in the comments more than the article itself. Going into it I had the impression that Joomla was a stagnant mess, but it sounds like they’ve really cleaned things up since the last time I used it. WordPress is still my default choice for most projects, but I’d give my left arm for it to have an object-oriented, MVC architecture like Joomla now does.

WordPress Backup Options

Ian — Sat, 04 Feb 2012 00:22:06 +0000

Nathan Ingram put together a thorough post on backing up WordPress and a chart comparing various plugins and services.