You are here: Home / Archives for Focus / Development
Dec
10

I’ve Still Got It!

By | Development, Focus

Leave a Comment

Every now and then, someone asks me whether or not I still have quality WordPress development skills.  I think it’s a fair question.  After all, I spend the bulk of my time now working with closed-source ASP.Net projects and have little time for my favorite WordPress stuff.

But really, much of what I do in the .Net arena is pretty transferable.  And – this is me bragging a bit – I’m a good developer no matter what language or paradigm I’m working with.

There’s been a lot of talk about WordPress 3.3 coming out soon.  And a lot of that talk has been about the number of contributions and contributors to the project.  I’m proud to say that I’m in that group – I’ve had a patch in every major version of WordPress since version 2.8!

And I want to show that off. [Read more...]

Nov
28

WordPress Portland

By | Development

Leave a Comment

As promised, here is the code for my demo of adding feature pointers to WordPress in version 3.3

And again, please do not use these in distributed plugins/themes.  They’re only slated for Core at the moment, but if you feel that they’ll help in your custom theme/plugin development with clients, feel free!

<?php
/*
Plugin Name: WordPress Portland Meetup Pointer Demo
Plugin URI:
Description: Demonstrate feature pointers in WP 3.3
Author: Eric Mann
Version: 1.0
Author URI: http://eamann.com
*/

add_action( 'admin_enqueue_scripts', 'pdxwp_pointers_header' );
function pdxwp_pointers_header() {
    $enqueue = false;
   
    $dismissed = explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) );
   
    if ( ! in_array( 'pdxwp_pointer', $dismissed ) ) {
        $enqueue = true;
        add_action( 'admin_print_footer_scripts', 'pdxwp_pointers_footer' );
    }
   
    if ( $enqueue ) {
        // Enqueue pointers
        wp_enqueue_script( 'wp-pointer' );
        wp_enqueue_style( 'wp-pointer' );
    }
}

function pdxwp_pointers_footer() {
    $pointer_content = '<h3>Welcome WordPress Portland!</h3>';
    $pointer_content .= '<p>This is an example of an admin pointer.</p>';
    $pointer_content .= '<p>You can use it in your <a href="http://wordpress.org/extend/themes">themes</a> ';
    $pointer_content .= 'and <a href="http://wordpress.org/extend/plugins">plugins</a>.</p>';
?>
<script type="text/javascript">
//<![CDATA[
jQuery(document).ready(function($) {
    $('#menu-comments').pointer({
        content: '<?php echo $pointer_content; ?>',
        position: {
            edge: 'left',
            align: 'center'
        },
        close: function() {
            $.post( ajaxurl, {
                pointer: 'pdxwp_pointer',
                action: 'dismiss-wp-pointer'
            });
        }
    }).pointer('open');
});
//]]>
</script>
<?php
}

?>
Nov
21

Security Vulnerabilities

By | Development, Focus

1 Comment

Out of the blue today, a user of one of my plugins contacted me to ask why I was so slow in patching a security vulnerability in my system.

The question came as a complete surprise.

Apparently, back in January, someone discovered a potential security hole in one of my plugins, WP Publication Archive.  The frightening thing about the report, though, was the fact that he never bothered to report the vulnerability to me so I could fix it.  Instead, an open report sat there on his site, and was then picked up by a few other security sites and syndicated across the Internet.

Had this user not contacted me, I would never had known about this issue.  And I can’t fix something if I don’t know it’s broken.

The Hole

WP Publication Archive uses a proxy file to load a remote file as an attachment so it can be downloaded by the browser.  Here’s the entire source of the “vulnerable” file: [Read more...]

Nov
08

Keeping it Realtime – Day 2

By | Development, Focus

4 Comments

I will once again be liveblogging the Keeping it Realtime conference in Portland, Oregon.  If you want to catch up with yesterday’s stream, feel free.  Otherwise, stay tuned for more today!

You can also leave comments at the bottom of the feed … Click through to get real-time live updates …

Nov
07

Keeping it Realtime

By | Development, Focus

1 Comment

KRT Opening Session

Today and tomorrow I’ll be at the Keeping it Realtime conference in Portland, learning about all the cool new interfaces available for a real-time web.  Unfortunately, I wasn’t able to finish my liveblogging plugin before today … so you’ll be stuck hitting F5 repeatedly to get update from me in this space.  On the other hand, this will serve as a real-world demonstration of why the non-real-time web is so ineffective for real-time communications.

Maybe we’ll both learn something! :-) Click through to get real-time live updates …

Nov
04

Flaws in UI Design

By | Development, Focus

Leave a Comment

In YetAnotherForum.Net 1.9.1.8, the login button is on the left.

This past week, I spent a copious amount of time running a test update of some forum software we use at work.  The old version that’s still live on the server is version 1.9.1.8.  The current release is version 1.9.5.5.

Version numbers aside, there’s a huge difference between the two pieces of software.

The newer version has a far superior user interface.  There are several spam filtering tools enabled by default.  The update fixes a specific RSS bug that’s been plaguing us for years.  And the newer version is better protected against SQL injection attacks.

But to update from the old version to the new version, I have to manually walk the database through incremental updates.

You see, they completely changed user management and database schemas each time a version is released.  And not every version is backwards compatible.  A direct update from 1.9.1.8 to 1.9.5.5 broke.  So I first tried walking the database through version 1.9.3 … but it still broke.

It turns out, the best upgrade path is to update first to version 1.9.4, then to version 1.9.5.5.  After that, we’re golden.

The update takes a while, so it’s not the kind of thing I want to do every day.  But I’ve been keeping the demo database relatively up-to-date so that our CSR team can make sure all the bells and whistles are in place before I go through and update everyone else.

Today, I decided to refresh the database, since the last time I upgraded a database snapshot was last month.  The entire process takes me a little over an hour going back and forth between two different servers and different versions of SQL Server.

And today, I stumbled upon a huge error in the application’s UI: [Read more...]

« Older Posts
Newer Posts »