Stop turning off CURLOPT_SSL_VERIFYPEER and fix your PHP config

24 October 2012

As Pádraic Brady points out in a recent article about PHP security, there's a whole lot of misinformation about how to deal with the error "SSL certificate problem, verify that the CA cert is OK" from curl. Nearly everyone advises that you turn CURLOPT_SSL_VERIFYPEER off (in fact, countless comments on the PHP manual page for curl_setopt tell you this). This is bad, because it allows your nice, encrypted stream of confidential data to be silently highjacked by a bad guy. Don't do that! Instead, just fix your PHP installation so that it doesn't get that error.

Filtering the output of WordPress widgets

6 September 2012

Probably the best thing about WordPress, from my perspective as a developer, is its hooks. It has filter and action hooks for nearly everything, which means I can easily customise a WordPress website to meet pretty much any requirements thrown at me. Well, nearly any. Except widgets.

PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?

27 August 2012

Pádraic Brady has written a must-read article on some of the silly defaults in PHP that put the lie to the old adage, “what you don’t…

How to hack a WordPress plugin that doesn’t have the filters you want

16 August 2012

The best thing about WordPress, besides the fact that nearly anyone can edit a website built with it, is hooks. Filter and action hooks allow developers like me to customise a WordPress website in myriad ways. Many good plugins provide hooks too. But inevitably, you'll run up against a problem where you'd like a plugin to have a hook that it just doesn't have. You can ask the plugin author nicely to add that hook, and maybe they'll add it sometime soon, maybe even on time for your deadline. But what if your deadline comes before they add it?

Filter invalid characters from XMLReader input files

15 August 2012

I just ran into a problem reading XML data exported from a Microsoft Access database. For whatever reason, Access has written VT (vertical tab) characters in the XML, which PHP's XMLReader baulks at. To be able to handle that on each data load without requiring the user to edit their XML, I wrote a simple PHP stream filter that replaces each VT character with a LF (line feed).

Integrating Classic ASP with WordPress using AJAX

15 July 2012

I've built a few websites now in WordPress with some custom data that had to be integrated into Classic ASP websites. Here's how I did this using AJAX from VBScript.

Populate form from database using AJAX and JSON

14 July 2012

I just went searching for a nice, simple example of populating a form from a database, using AJAX and JSON. I hope it's just that my Google juice is depleted after a hard week, but I couldn't easily find one. So I wrote one.

Sort wp-e-commerce products by category and product title

22 May 2012

The wp-e-commerce shopping cart plugin lets you sort your products by a few different things: name (product title), price, date/time created... but it doesn't let you sort by category name and then product title. Here's what I just came up with for one client; it isn't generic, but other developers should be able to adapt it for their circumstances.

Stop Role Scoper messing with the found_posts of custom queries

24 April 2012

Role Scoper is a very handy WordPress plugin for websites that need to manage access to pages for a range of different user classes. But it has a nasty habit of getting in the way sometimes, and it can mess up the pagination of a custom WP_Query by changing the number of found posts (found_posts). Here's how to tell it to leave you alone!

Cleaning up WordPress plugin script and stylesheet loads over SSL

6 April 2012

It's quite common to use WordPress as the host for an online shop, and that often means having an order page that needs to be encrypted via SSL. You don't want your customers providing credit card details or other sensitive information over an unencrypted connection! But many WordPress plugins don't take SSL into account, and merrily load scripts and stylesheets without encryption. Here's a couple of ways to fix this problem.

Events Manager conditional placeholders for custom attributes

22 March 2012

The Events Manager plugin for WordPress is pretty flexible, allowing you to easily add custom attributes to your event posts. It also has conditional placeholders that allow you to display or hide information conditionally. There is a nice tutorial on the plugin website showing you how to add your own conditional placeholders. Lets bring this all together with a conditional placeholder for a custom attribute.

Load a nice jQuery UI theme in WordPress

15 March 2012

WordPress now comes with a reasonably complete copy of jQuery UI, which you can easily incorporate into your themes and plugins using wp_enqueue_script. But it doesn't come with any jQuery UI themes, leaving you to supply your own. Here's how to make use of the standard themes easily.

Snippets

Posts tagged “php”