WordPress Plugins: ur doin it wrong

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    started from my personal pet peeves in plugins Andrew Ozz wrote great post two weeks ago Simplicity of WP plugins is double edged sword - low barrier to entry (even if you ride the PHP Short Bus...) - deceptively simple -- easy to learn, hard to master

    Plugins break WP Upgrades - Scoble didn’t upgrade

    suffix is optional, and only available for html and attr contexts

    delay expensive operations until they’re actually needed

    Goal of WordPress core nor plugins is to add every feature possible standard install makes 1200 filter calls, 20 action calls MySpaceID plugin extends OpenID plugin

    no registration necessary, just call them just in time extensions for your own plugins ex: Activity Streams - ‘register service’ model - just in time adding of new services

    Favorites, Groups & Events

    WordPress Plugins: ur doin it wrong - Presentation Transcript

    1. WordPress Plugins: ur doin it wrong ur doin it wrong
      • Will Norris < http://willnorris.com />
    2.  
    3.  
    4.  
    5. Effect of Plugins
      • Upgradability
      • Performance
      • Security
      • Extensibility
    6. Unique Function Names
    7. Function Name Prefix
      • wcsea_activate()
      • wcsea_deactivate()
      • wcsea_uninstall()
    8. Class
      • class WordCampSEA {
      • function activate()
      • function deactivate()
      • function uninstall()
      • }
    9. Escape Values
    10. What do these have in common?
      • XSS
      • CSRF
      • SQL-injection
    11. Escape Values
      • 1. Standard prefix
      • 2. Context (attr, html, js, sql, url, url_raw)
      • 3. Optional translation suffix
      http://markjaquith.wordpress.com/2009/06/12/escaping-api-updates-for-wordpress-2-8/
    12. Never Assume File Location
    13. Traditional Directory Layout
      • example.com/
      • wordpress/
      • wp-config.php
      • wp-content/
      • plugins/
      • themes/
    14. Non-Traditional Layout (since WP 2.6)
      • example.com/
      • wordpress/
      • wp-config.php
      • wordpress-content/
      • plugins/
      • themes/
    15. Plugin URL
      • ur doin it wrong:
      • <img src=”<?php bloginfo(‘wpurl’) ?>/wp-content/plugins/wcsea/logo.png” ?>
      • dats bedder:
      • <img src=”<?php echo WP_PLUGIN_URL ?>/wcsea/logo.png ?>”/>
      • you haz it:
      • <img src=”<?php echo plugins_url(‘logo.png’, __FILE__) ?>” />
    16. Plugin URL
      • plugins_url()
          • supports WPMU plugin directory
          • auto detects SSL
          • supports renamed plugin directory
          • calls ‘plugins_url’ filter
    17. Friends of plugins_url()
      • site_url()
      • admin_url()
      • includes_url()
      • content_url()
      • no home_url() (why not?)
    18. Including Files
      • ur doin it wrong:
      • include ‘../../wp-content/...’
      • dats bedder:
      • include ABSPATH . ‘wp-content/...’
      • you haz it:
      • include WP_CONTENT_DIR . ‘/...’
    19. Find the Right Hook
      • Load as late as possible, but no later
    20. Admin Hooks
      • ur doin it wrong:
      • add_action(‘admin_init’, ‘wcsea_admin_init’)
      • add_action(‘admin_head’, ‘wcsea_admin_head’)
      • you haz it:
      • $hookname = add_options_page( ... )
      • add_action(“admin_load-$hookname”, ‘wcsea_admin_init’)
      • add_action(“admin_head-$hookname”, ‘wcsea_admin_head’)
    21. Styles and Scripts
      • ur doin it wrong:
      • <script rel=”<?php echo plugins_url(‘wcsea.js’, __FILE__) ?>”></script>
      • you haz it:
      • wp_enqueue_script(‘wcsea’, plugins_url(‘wcsea.js’, __FILE__))
      • wp_enqueue_style(‘wcsea’, plugins_url(‘wcsea.css’, __FILE__))
    22. Styles and Scripts
      • wp_register_* and wp_enqueue_*
          • support dependencies
          • push scripts to footer
          • caching support based on version
          • (one day) server side concatenation
    23. Add your own hooks
      • A strategically placed hook covers a multitude of sins.
    24. Custom Hooks
      • Can do everything core WP hooks do:
          • event notification (actions)
          • massage data (the_content)
          • replace values (stylesheet)
          • extend functionality (http_api_curl)
          • replace functionality
    25. Custom Hooks
      • do_action(‘my-action’)
      • do_action(‘my-action’, $a, $b)
      • do_action_ref_array(‘my-action’, array($wcsea))
      • apply_filters(‘my-filter’, $wcsea)
      • apply_filters(‘my-filter’, $wcsea, $a, $b)
    26. Custom Tables
    27. Designed for Flexibility
      • WordPress database supports
          • custom options
          • arbitrary metadata for posts, users, and comments (2.9)
          • custom taxonomies
          • custom post types
    28. Custom Post Types
      • Used by WordPress core for
          • posts
          • pages
          • revisions
          • attachments
    29. If it walks like a duck...
      • author
      • date and time
      • title
      • content
      • comments
      • categories and tags
      • permalink
      • order
      • hierarchy
      • (additional arbitrary metadata)
    30. Admin Settings Pages
    31. Admin Settings Pages
      • Don’t waste time processing manually
      • register_setting( ‘wcsea’, ‘my-option’ )
      • http://codex.wordpress.org/Settings_API
      • http://codex.wordpress.org/Creating_Options_Pages# Register_Settings
    32. Admin Settings Pages
      • Do you really need a dedicated page?
      • Add options to any built-in settings page
      • add_settings_field( ... )
    33. Direct Plugin Files
    34. Direct Plugin File Calls
      • Direct HTTP request to plugin file ajax.php:
      • echo ‘<script type=”text/javascript”>
      • jQuery.get(“‘ . plugins_url(‘ajax.php’, __FILE__) . ‘”);
      • // do something with AJAX data
      • </script>’;
    35. Direct Plugin File Calls
      • If ajax.php includes anything similar to:
      • require_once(‘../../../wp-load.php’);
      • ur doin it wrong
    36. WordPress Requests
      • Permalink URL:
      • http://example.com/2009/01/hello-world
      • becomes:
      • http://example.com/index.php?
      • year=2009&
      • monthnum=01&
      • name=hello-world
    37. Custom WP Request
      • Instead of making an AJAX call to:
      • http://example.com/wp-content/plugins/wcsea/ajax.php
      • we want a URL like:
      • http://example.com/index.php?wcsea=ajax-handler
    38. Custom WP Requests
      • function wcsea_parse_request($wp) {
      • // only process requests with &quot;wcsea=ajax-handler&quot;
      • if (array_key_exists('wcsea', $wp->query_vars)
      • && $wp->query_vars['wcsea'] == 'ajax-handler') {
      • // process the request.
      • }
      • }
      • add_action('parse_request', 'wcsea_parse_request');
      • function wcsea_query_vars($vars) {
      • $vars[] = 'wcsea';
      • return $vars;
      • }
      • add_filter('query_vars', 'wcsea_query_vars');
    SlideShare Zeitgeist 2009

    + Will NorrisWill Norris Nominate

    custom

    398 views, 0 favs, 0 embeds more stats

    Slides from presentation at WordCamp Portland

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 398
      • 398 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 3
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.