As Pádraic Brady points out in a recent article about PHP security, there’s a whole lot of misinformation about how to deal with the error “SSL certificate problem, verify that the CA cert is OK” from curl. Nearly everyone advises that you turn CURLOPT_SSL_VERIFYPEER off (in fact, countless comments on the PHP manual page for curl_setopt tell you this). This is bad, because it allows your nice, encrypted stream of confidential data to be silently highjacked by a bad guy. Don’t do that! Instead, just fix your PHP installation so that it doesn’t get that error.
Probably the best thing about WordPress, from my perspective as a developer, is its hooks. It has filter and action hooks for nearly everything, which means I can easily customise a WordPress website to meet pretty much any requirements thrown at me. Well, nearly any. Except widgets.
Pádraic Brady has written a must-read article on some of the silly defaults in PHP that put the lie to the old adage, “what you don’t know won’t hurt you”. Clearly, some of this stuff could hurt you/your clients very easily. And I have to put my hand up to failing on the SSL/TLS and XML injection attack vulnerabilities…
The best thing about WordPress, besides the fact that nearly anyone can edit a website built with it, is hooks. Filter and action hooks allow developers like me to customise a WordPress website in myriad ways. Many good plugins provide hooks too. But inevitably, you’ll run up against a problem where you’d like a plugin to have a hook that it just doesn’t have. You can ask the plugin author nicely to add that hook, and maybe they’ll add it sometime soon, maybe even on time for your deadline. But what if your deadline comes before they add it?
I just ran into a problem reading XML data exported from a Microsoft Access database. For whatever reason, Access has written VT (vertical tab) characters in the XML, which PHP’s XMLReader baulks at. To be able to handle that on each data load without requiring the user to edit their XML, I wrote a simple PHP stream filter that replaces each VT character with a LF (line feed).
I’ve built a few websites now in WordPress with some custom data that had to be integrated into Classic ASP websites. Here’s how I did this using AJAX from VBScript.
I just went searching for a nice, simple example of populating a form from a database, using AJAX and JSON. I hope it’s just that my Google juice is depleted after a hard week, but I couldn’t easily find one. So I wrote one.
The wp-e-commerce shopping cart plugin lets you sort your products by a few different things: name (product title), price, date/time created… but it doesn’t let you sort by category name and then product title. Here’s what I just came up with for one client; it isn’t generic, but other developers should be able to adapt it for their circumstances.
Role Scoper is a very handy WordPress plugin for websites that need to manage access to pages for a range of different user classes. But it has a nasty habit of getting in the way sometimes, and it can mess up the pagination of a custom WP_Query by changing the number of found posts (found_posts). Here’s how to tell it to leave you alone!
It’s quite common to use WordPress as the host for an online shop, and that often means having an order page that needs to be encrypted via SSL. You don’t want your customers providing credit card details or other sensitive information over an unencrypted connection! But many WordPress plugins don’t take SSL into account, and merrily load scripts and stylesheets without encryption. Here’s a couple of ways to fix this problem.
The Events Manager plugin for WordPress is pretty flexible, allowing you to easily add custom attributes to your event posts. It also has conditional placeholders that allow you to display or hide information conditionally. There is a nice tutorial on the plugin website showing you how to add your own conditional placeholders. Lets bring this all together with a conditional placeholder for a custom attribute.
WordPress now comes with a reasonably complete copy of jQuery UI, which you can easily incorporate into your themes and plugins using wp_enqueue_script. But it doesn’t come with any jQuery UI themes, leaving you to supply your own. Here’s how to make use of the standard themes easily.