Your SlideShare is downloading. ×
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Plugins debugging and developing
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Plugins debugging and developing


Published on

Published in: Technology, Art & Photos
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • With this header in place, your plugin will be listed on the Plugins admin screen.You will have to click the Activate link for the plugin to actually be enabled.
  • If my_awesome_function() is part of a plugin, this function will be called on every page load.The bad part is the array_map of stripslashes on the $_POST array.This is what happens when I code without caffeine! Anytime the $_POST array is present, each element of that array will be stripped of slashes.Why is this bad? If the $_POST array contained a nested array, that array would be trashed and converted to a string == ‘Array’. Oopse...
  • This only fixes part of the problem.Lets say that your plugin has an admin screen with a simple form. When the user clicks the submit button, you want to take that POST data and save it to the database. You need to make sure that your plugin’s form processor only executes when the $_POST array comes from it’s admin screen.
  • There are a couple of ways to do this. Most admin screens will have a page slug associated with them. For example, if you have a settings screen for your plugin, the URL to it should be something like:
  • Transcript

    • 1. Plugins: Debugging and Developing
    • 2. Plugins are tools to extend the functionality of WordPress.
      Q: Has anyone here ever developed a WordPress plugin?
    • 3. Are you wishing that WordPress had some new or modified feature?
      Always check the WordPress Plugin Repository first!
      No one wants to re-invent the wheel.
      Chances are that someone else has already created a plugin that would suite your needs.
    • 4. Plugins live in /wp-content/plugins/
      The plugin header lets WordPress know that this file is a plugin.
      Plugin Name: Vox Importer
      Plugin URI:
      Description: Import posts, comments, tags, and attachments from a blog.
      Author: Automattic, Brian Colinger
      Author URI:
      Version: 0.6
      License: GPL v2 -
    • 5. Potential Gotcha’s
      (How to break 10 million blogs with one line of code)
    • 6. <?php
      function my_awesome_function() {
      $_POST = array_map( 'stripslashes', $_POST );
      // ...Insert something into the database
      What’s wrong with this code?
    • 7. The proper way of doing this is to wrap this line with a conditional statement:
      $_POST = array_map( 'stripslashes_deep', $_POST );
      stripslashes_deep() is a WordPress function that can properly handle multi-dimensional arrays.
    • 8. /wp-admin/options-general.php?page=my-awesome-plugin
    • 9. You could wrap the array_map code in a conditional check to make sure that you only run this code on this page.
      if ( 'my-awesome-plugin' == $_GET['page'] ) {
      $_POST = array_map( 'stripslashes_deep', $_POST );
    • 10. Another way would be to create a nonce field in the submission form and check for it before processing the POST data.
      Add this to your form:
      <input name="update_settings" type="hidden"
      value="<?phpecho wp_create_nonce('update_settings'); ?>" />
      In your plugin form handler function add this:
      if ( !wp_verify_nonce( $_POST['update_settings'], 'update_settings' ) )
      Or you could check the referrer:check_admin_referer( $_GET['action'],'update_settings');