SlideShare a Scribd company logo

WordCamp Jerusalem - Doing it Wrong

Yoav Farhi
Yoav Farhi

Things developers tend to do wrong with WordPress. Based on amazing presentations from many great WordPress developers across the world. Slides mostly in English, presentation was in Hebrew at WordCamp Jerusalem (September 2011). הערות והפניות בבלוג בכתובת http://wp.me/pD4bk-Jn

TechnologyEducation
1 of 90
Download to read offline
You’re doing it wrong! ‫עשר טעויות נפוצות בפיתוח לוורדפרס‬ Monday, September 12, 11
You’re doing it wrong! ‫עשר תשע טעויות נפוצות בפיתוח לוורדפרס‬ Monday, September 12, 11
Monday, September 12, 11
Monday, September 12, 11
‫ בחברת‬VIP ‫מפתח‬ Automattic ‫ מפקח בין‬VIP-‫צוות ה‬ WordPress ‫השאר על קוד‬ ‫שיוצר מעל‬ ‫ל-000,000,000,1 דפים‬ ‫נצפים בחודש‬ http://yoavfarhi.com @yoavf Monday, September 12, 11
Monday, September 12, 11
Monday, September 12, 11
/me activates WP_DEBUG... Monday, September 12, 11
Monday, September 12, 11
(wsod) 1. WP_DEBUG Monday, September 12, 11
WP_DEBUG 1/2 define('WP_DEBUG', true); • Include notices • Bypasses some error suppression (ie WPDB ) • Triggers notices for deprecated functions ex: PHP Notice: get_links is deprecated since version 2.1! Use get_bookmarks() instead. in /Users/ yoavfarhi/Sites/trunk/wp-includes/functions.php on line 3409 Monday, September 12, 11
WP_DEBUG 2/2 Don’t display define('WP_DEBUG_DISPLAY', false); Output to wp-content/debug.log define('WP_DEBUG_LOG', true); Monday, September 12, 11
2. Function Naming Monday, September 12, 11
Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Monday, September 12, 11
Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Fatal Error Monday, September 12, 11
Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Angry Client Monday, September 12, 11
Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Call From Client Monday, September 12, 11
Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Time / Money Monday, September 12, 11
Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } We don’t want that! Monday, September 12, 11
Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Solution: Prefix Monday, September 12, 11
Prefix! Plugin 1 Theme / Plugin 2 function plugin1_custom_script() { function themename_custom_script() { //... //... } } Monday, September 12, 11
Prefix! Plugin 1 Theme / Plugin 2 function plugin1_custom_script() { function themename_custom_script() { //... //... } } Happy! Monday, September 12, 11
Or: Use a Class class my_plugin { function custom_script() { //... } function whatever() { //... } } new my_plugin; Monday, September 12, 11
AND {$table_prefix} erms.term_id = $table_prefix} erm_taxonomy.term_taxonomy_ donomy.term_id Queries 3. Direct SQL AND {$table_prefix} osts.ID = {$table_prefix} ostmetata.post_id AND {$table_prefix} Monday, September 12, 11
$last_posts = (array)$wpdb->get_results(" SELECT post_date, ID, post_title, name, {$table_prefix}terms.term_id FROM {$table_prefix}posts, {$table_prefix} term_relationships, {$table_prefix}terms, {$table_prefix} postmeta, {$table_prefix}term_taxonomy WHERE {$table_prefix}posts.ID = {$table_prefix} term_relationships.object_id AND {$table_prefix}term_taxonomy.term_taxonomy_id = {$table_prefix}term_relationships.term_taxonomy_id AND {$table_prefix}terms.term_id = {$table_prefix} term_taxonomy.term_id AND {$table_prefix}posts.ID = {$table_prefix} postmeta.post_id AND {$table_prefix}postmeta.meta_key = '_mini_post' AND {$table_prefix}postmeta.meta_value = 0 AND post_status = 'publish' AND {$table_prefix}terms.term_id != 25 AND {$table_prefix}terms.term_id != 24 AND {$table_prefix}term_taxonomy.taxonomy = 'category' "); Monday, September 12, 11
$last_posts = (array)$wpdb->get_results(" SELECT post_date, ID, post_title, name, {$table_prefix}terms.term_id FROM {$table_prefix}posts, {$table_prefix} term_relationships, {$table_prefix}terms, {$table_prefix} postmeta, {$table_prefix}term_taxonomy WHERE {$table_prefix}posts.ID = {$table_prefix} term_relationships.object_id NG! AND {$table_prefix}term_taxonomy.term_taxonomy_id = O R {$table_prefix}term_relationships.term_taxonomy_id W AND {$table_prefix}terms.term_id = {$table_prefix} term_taxonomy.term_id AND {$table_prefix}posts.ID = {$table_prefix} postmeta.post_id AND {$table_prefix}postmeta.meta_key = '_mini_post' AND {$table_prefix}postmeta.meta_value = 0 AND post_status = 'publish' AND {$table_prefix}terms.term_id != 25 AND {$table_prefix}terms.term_id != 24 AND {$table_prefix}term_taxonomy.taxonomy = 'category' "); Monday, September 12, 11
$args = array( 'post_type' => 'post', 'post_status' => 'publish', 'tax_query' => array( array( 'taxonomy' => 'category', 'terms' => array( '25', '24'), 'field' => 'id', 'operator' => 'NOT IN', ) ), 'meta_query' => array( array( 'key' => '_mini_post', 'value' => 0, ) ) ); $last_posts = new WP_Query( $args ); Monday, September 12, 11
$args = array( 'post_type' => 'post', 'post_status' => 'publish', 'tax_query' => array( array( 'taxonomy' => 'category', 'terms' => array( '25', '24'), 'field' => 'id', 'operator' => 'NOT IN', ) ), 'meta_query' => array( array( 'key' => '_mini_post', 'value' => 0, ) ) ); $last_posts = new WP_Query( $args ); Monday, September 12, 11
This is so much better because: Monday, September 12, 11
This is so much better because: • It is easier to read, easier to change Monday, September 12, 11
This is so much better because: • It is easier to read, easier to change • It is more secure Monday, September 12, 11
This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster Monday, September 12, 11
This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster • It is platform indifferent Monday, September 12, 11
This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster • It is platform indifferent • It is future proof Monday, September 12, 11
This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster • It is platform indifferent • It is future proof • It is bound to be improved Monday, September 12, 11
4. Loading JS/CSS/etc Monday, September 12, 11
Javascript Monday, September 12, 11
Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ themes/mytheme/js/newsletter.js'></script> Monday, September 12, 11
Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro Monday, September 12, 11
Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro function mytheme_load_script() { wp_enqueue_script( 'newsletter', 'http://thisismysite.com/wp-content/ themes/mytheme/js/newsletter.js', array( 'jquery' ), '0.1' ); } add_action( 'wp_enqueue_scripts', 'mytheme_load_script'); Monday, September 12, 11
Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro function mytheme_load_script() { wp_enqueue_script( 'newsletter', 'http://thisismysite.com/wp-content/ themes/mytheme/js/newsletter.js', array( 'jquery' ), '0.1' ); } at i f ... add_action( 'wp_enqueue_scripts', 'mytheme_load_script'); but wh O k, Monday, September 12, 11
Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro Monday, September 12, 11
Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro function mytheme_load_script() { wp_enqueue_script( 'newsletter', get_template_directory_uri() . '/js/newsletter.js', array( 'jquery' ), '0.1' ); } ht! add_action( 'wp_enqueue_scripts', 'mytheme_load_script'); Rig Monday, September 12, 11
Use wp_enqueue_* because: • DRY - don’t repeat yourself • You can set dependencies • And manage versions • And easily move to the footer • And control where it loads (admin/page/...) Monday, September 12, 11
Never assume a file location Monday, September 12, 11
Never assume a file location • There’s a function for that: Monday, September 12, 11
Never assume a file location • There’s a function for that: site_url() Monday, September 12, 11
Never assume a file location • There’s a function for that: site_url() plugins_url() Monday, September 12, 11
Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() Monday, September 12, 11
Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * Monday, September 12, 11
Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * get_theme_directory_uri() * Monday, September 12, 11
Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * get_theme_directory_uri() * includes_url() Monday, September 12, 11
Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * get_theme_directory_uri() * includes_url() admin_url() Monday, September 12, 11
5. Fetching remote content Monday, September 12, 11
What’s your transport? file_get_contents() ? CURL ? fsockopen() ? stream_socket_client() ? Monday, September 12, 11
What’s your transport? ! file_get_contents() ? W RO NG CURL ? fsockopen() ? stream_socket_client() ? Monday, September 12, 11
The WP_Http class Helper functions //Simple Get $resp = wp_remote_get( 'http://example.com/' ); //Simple Post $args = array( 'body' => 'some data', 'user-agent' => 'your plugin' ); $resp = wp_remote_post( 'http://example.com', $args ); Monday, September 12, 11
The WP_Http class Supports • Cookies • Headers • Authentication • Timeouts • Etc... * Add your own caching Monday, September 12, 11
6. Doing Ajax Monday, September 12, 11
Doing Ajax Monday, September 12, 11
Doing Ajax front-end: <script> var ajaxurl = <?php echo plugins_url( 'ajax.php', __FILE__ ); ?> $('#button').click(function(){ $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> Monday, September 12, 11
Doing Ajax front-end: <script> var ajaxurl = <?php echo plugins_url( 'ajax.php', __FILE__ ); ?> $('#button').click(function(){ $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> ajax.php: <?php require_once('../../../wp-load.php'); //... Monday, September 12, 11
Doing Ajax front-end: <script> var ajaxurl = <?php echo plugins_url( 'ajax.php', __FILE__ ); ?> $('#button').click(function(){ $.post(ajaxurl, function(data) { $('.result').html(data); NG! }); }); RO </script> ajax.php: <?php W require_once('../../../wp-load.php'); //... Monday, September 12, 11
Doing Ajax Monday, September 12, 11
Doing Ajax front-end: <script> var ajaxurl = <?php echo admin_url( 'admin-ajax.php'); ?> $('#button').click(function(){ var data = { action: 'my_action', }; $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> Monday, September 12, 11
Doing Ajax front-end: <script> var ajaxurl = <?php echo admin_url( 'admin-ajax.php'); ?> $('#button').click(function(){ var data = { action: 'my_action', }; $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> php: add_action('wp_ajax_my_action', 'plugin_action_callback'); add_action('wp_ajax_nopriv_my_action', 'plugin_action_callback'); function plugin_action_callback() { // do whatever echo $whatever; die(); } Monday, September 12, 11
7. Security? What ‘bout it? http://xkcd.com/327/ Monday, September 12, 11
Never trust user input Monday, September 12, 11
Never trust user input 1. XSS <h1>Search results for: <?php echo $_GET['s']; ?></h1> http://mysite.com/?s=</h1><script>alert('This Javascript can do anything!');</script> Monday, September 12, 11
Never trust user input 1. XSS Wro ng! <h1>Search results for: <?php echo $_GET['s']; ?></h1> http://mysite.com/?s=</h1><script>alert('This Javascript can do anything!');</script> Monday, September 12, 11
Never trust user input 1. XSS Wro ng! <h1>Search results for: <?php echo $_GET['s']; ?></h1> http://mysite.com/?s=</h1><script>alert('This Javascript can do anything!');</script> get_search_query() Solution: Escape late, escape EVERYTHING <h1>Search results for: <?php echo esc_attr( $_GET['s'] ) ; ?></h1> Monday, September 12, 11
Never trust user input Monday, September 12, 11
Never trust user input 2.SQL Injection $wpdb->query( " UPDATE $wpdb->posts SET post_title = ". $POST['title'] ." WHERE ID = 1" ); Monday, September 12, 11
Never trust user input 2.SQL Injection $wpdb->query( ro ng! " UPDATE $wpdb->posts W SET post_title = ". $POST['title'] ." WHERE ID = 1" ); Monday, September 12, 11
Never trust user input 2.SQL Injection $wpdb->query( ro ng! " UPDATE $wpdb->posts W SET post_title = ". $POST['title'] ." WHERE ID = 1" ); Solution: • Use APIS ( $wpdb->update, $wpdb->prepare ) • Validate data ( whitelist > blacklist ) Monday, September 12, 11
Never trust user input Monday, September 12, 11
Never trust user input 3.CSRF Authorization VS Intention Monday, September 12, 11
Never trust user input 3.CSRF Authorization VS Intention Solution: Use nonces, not just current_user_can() wp_create_nonce(), wp_verify_nonce(), check_admin_referer() Monday, September 12, 11
8. Trunk? Monday, September 12, 11
Mac / Linux $ mkdir blog $ cd blog $ svn co http://core.svn.wordpress.org/trunk/ . Monday, September 12, 11
Windows / Tortoise SVN Monday, September 12, 11
Running on Trunk No, not for production Monday, September 12, 11
9. Not Contributing Monday, September 12, 11
Contributing Monday, September 12, 11
Contributing • Core patches/testing/documentation Monday, September 12, 11
Contributing • Core patches/testing/documentation • Release plugins and themes Monday, September 12, 11
Contributing • Core patches/testing/documentation • Release plugins and themes • Translations and i18n Monday, September 12, 11
Contributing • Core patches/testing/documentation • Release plugins and themes • Translations and i18n • Forums support Monday, September 12, 11
Contributing • Core patches/testing/documentation • Release plugins and themes • Translations and i18n • Forums support • Tip! (or Buy) Monday, September 12, 11
Questions ? Monday, September 12, 11

Recommended

Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql pptKarmatechnologies Pvt. Ltd.
 
Building maintainable javascript applications
Building maintainable javascript applicationsBuilding maintainable javascript applications
Building maintainable javascript applicationsequisodie
 
Java Applet
Java AppletJava Applet
Java Appletjalinder123
 
Zf2 phpquebec
Zf2 phpquebecZf2 phpquebec
Zf2 phpquebecmkherlakian
 
No, you be the hacker !
No, you be the hacker !No, you be the hacker !
No, you be the hacker !Maikel Ninaber
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hackXchym Hiệp
 
Portfolio
PortfolioPortfolio
Portfoliophpworm
 
Security testing ?
Security testing ?Security testing ?
Security testing ?Maikel Ninaber
 

Recommended

Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql pptKarmatechnologies Pvt. Ltd.
 
Building maintainable javascript applications
Building maintainable javascript applicationsBuilding maintainable javascript applications
Building maintainable javascript applicationsequisodie
 
Java Applet
Java AppletJava Applet
Java Appletjalinder123
 
Zf2 phpquebec
Zf2 phpquebecZf2 phpquebec
Zf2 phpquebecmkherlakian
 
No, you be the hacker !
No, you be the hacker !No, you be the hacker !
No, you be the hacker !Maikel Ninaber
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hackXchym Hiệp
 
Portfolio
PortfolioPortfolio
Portfoliophpworm
 
Security testing ?
Security testing ?Security testing ?
Security testing ?Maikel Ninaber
 
Symfony War Stories
Symfony War StoriesSymfony War Stories
Symfony War StoriesJakub Zalas
 
Coding For Config: Install Profile Development Using Features
Coding For Config: Install Profile Development Using FeaturesCoding For Config: Install Profile Development Using Features
Coding For Config: Install Profile Development Using FeaturesMyplanet Digital
 
Cloudstack talk
Cloudstack talkCloudstack talk
Cloudstack talkbodepd
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineStephen Pond
 
Building Custom PHP Extensions
Building Custom PHP ExtensionsBuilding Custom PHP Extensions
Building Custom PHP ExtensionsAzRy LLC, Caucasus School of Technology
 
Ext JS 4: Advanced Expert Techniques
Ext JS 4: Advanced Expert TechniquesExt JS 4: Advanced Expert Techniques
Ext JS 4: Advanced Expert TechniquesSencha
 
Rcos presentation
Rcos presentationRcos presentation
Rcos presentationmskmoorthy
 
Fork cli tool
Fork cli toolFork cli tool
Fork cli tooljelmersnoeck
 
Active Record Introduction - 3
Active Record Introduction - 3Active Record Introduction - 3
Active Record Introduction - 3Blazing Cloud
 
DrupalCon jQuery
DrupalCon jQueryDrupalCon jQuery
DrupalCon jQueryNathan Smith
 
Getting started with ClojureScript
Getting started with ClojureScriptGetting started with ClojureScript
Getting started with ClojureScriptSiva Jagadeesan
 
Coding, Scaling, and Deploys... Oh My!
Coding, Scaling, and Deploys... Oh My!Coding, Scaling, and Deploys... Oh My!
Coding, Scaling, and Deploys... Oh My!Mark Jaquith
 
Introduction to Twig
Introduction to TwigIntroduction to Twig
Introduction to Twigmarkstory
 
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and Mobile
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and MobileOpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and Mobile
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and MobileDierk König
 
Laying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentLaying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentTammy Hart
 
Ember and containers
Ember and containersEmber and containers
Ember and containersMatthew Beale
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé
 
Your First Gutenberg Block
Your First Gutenberg BlockYour First Gutenberg Block
Your First Gutenberg BlockYoav Farhi
 
[Atelier] Comment traduire un thème (ou une extension) WordPress
[Atelier] Comment traduire un thème (ou une extension) WordPress[Atelier] Comment traduire un thème (ou une extension) WordPress
[Atelier] Comment traduire un thème (ou une extension) WordPressYoav Farhi
 
Gender-fair WordPress: Fixing translation inequality at the core
Gender-fair WordPress: Fixing translation inequality at the coreGender-fair WordPress: Fixing translation inequality at the core
Gender-fair WordPress: Fixing translation inequality at the coreYoav Farhi
 
Right To Left Languages Support – The Right Way
Right To Left Languages Support – The Right WayRight To Left Languages Support – The Right Way
Right To Left Languages Support – The Right WayYoav Farhi
 
Localization: beyond translation
Localization: beyond translationLocalization: beyond translation
Localization: beyond translationYoav Farhi
 

More Related Content

Similar to WordCamp Jerusalem - Doing it Wrong

Symfony War Stories
Symfony War StoriesSymfony War Stories
Symfony War StoriesJakub Zalas
 
Coding For Config: Install Profile Development Using Features
Coding For Config: Install Profile Development Using FeaturesCoding For Config: Install Profile Development Using Features
Coding For Config: Install Profile Development Using FeaturesMyplanet Digital
 
Cloudstack talk
Cloudstack talkCloudstack talk
Cloudstack talkbodepd
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineStephen Pond
 
Ext JS 4: Advanced Expert Techniques
Ext JS 4: Advanced Expert TechniquesExt JS 4: Advanced Expert Techniques
Ext JS 4: Advanced Expert TechniquesSencha
 
Rcos presentation
Rcos presentationRcos presentation
Rcos presentationmskmoorthy
 
Active Record Introduction - 3
Active Record Introduction - 3Active Record Introduction - 3
Active Record Introduction - 3Blazing Cloud
 
Getting started with ClojureScript
Getting started with ClojureScriptGetting started with ClojureScript
Getting started with ClojureScriptSiva Jagadeesan
 
Coding, Scaling, and Deploys... Oh My!
Coding, Scaling, and Deploys... Oh My!Coding, Scaling, and Deploys... Oh My!
Coding, Scaling, and Deploys... Oh My!Mark Jaquith
 
Introduction to Twig
Introduction to TwigIntroduction to Twig
Introduction to Twigmarkstory
 
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and Mobile
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and MobileOpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and Mobile
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and MobileDierk König
 
Laying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentLaying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentTammy Hart
 
Ember and containers
Ember and containersEmber and containers
Ember and containersMatthew Beale
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé
 

Similar to WordCamp Jerusalem - Doing it Wrong (17)

Symfony War Stories
Symfony War StoriesSymfony War Stories
Symfony War Stories
 
Coding For Config: Install Profile Development Using Features
Coding For Config: Install Profile Development Using FeaturesCoding For Config: Install Profile Development Using Features
Coding For Config: Install Profile Development Using Features
 
Cloudstack talk
Cloudstack talkCloudstack talk
Cloudstack talk
 
TripCase Unit Testing with Jasmine
TripCase Unit Testing with JasmineTripCase Unit Testing with Jasmine
TripCase Unit Testing with Jasmine
 
Building Custom PHP Extensions
Building Custom PHP ExtensionsBuilding Custom PHP Extensions
Building Custom PHP Extensions
 
Ext JS 4: Advanced Expert Techniques
Ext JS 4: Advanced Expert TechniquesExt JS 4: Advanced Expert Techniques
Ext JS 4: Advanced Expert Techniques
 
Rcos presentation
Rcos presentationRcos presentation
Rcos presentation
 
Fork cli tool
Fork cli toolFork cli tool
Fork cli tool
 
Active Record Introduction - 3
Active Record Introduction - 3Active Record Introduction - 3
Active Record Introduction - 3
 
DrupalCon jQuery
DrupalCon jQueryDrupalCon jQuery
DrupalCon jQuery
 
Getting started with ClojureScript
Getting started with ClojureScriptGetting started with ClojureScript
Getting started with ClojureScript
 
Coding, Scaling, and Deploys... Oh My!
Coding, Scaling, and Deploys... Oh My!Coding, Scaling, and Deploys... Oh My!
Coding, Scaling, and Deploys... Oh My!
 
Introduction to Twig
Introduction to TwigIntroduction to Twig
Introduction to Twig
 
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and Mobile
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and MobileOpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and Mobile
OpenDolphin: Enterprise Apps for collaboration on Desktop, Web, and Mobile
 
Laying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme developmentLaying the proper foundation for plugin and theme development
Laying the proper foundation for plugin and theme development
 
Ember and containers
Ember and containersEmber and containers
Ember and containers
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
 

More from Yoav Farhi

Your First Gutenberg Block
Your First Gutenberg BlockYour First Gutenberg Block
Your First Gutenberg BlockYoav Farhi
 
[Atelier] Comment traduire un thème (ou une extension) WordPress
[Atelier] Comment traduire un thème (ou une extension) WordPress[Atelier] Comment traduire un thème (ou une extension) WordPress
[Atelier] Comment traduire un thème (ou une extension) WordPressYoav Farhi
 
Gender-fair WordPress: Fixing translation inequality at the core
Gender-fair WordPress: Fixing translation inequality at the coreGender-fair WordPress: Fixing translation inequality at the core
Gender-fair WordPress: Fixing translation inequality at the coreYoav Farhi
 
Right To Left Languages Support – The Right Way
Right To Left Languages Support – The Right WayRight To Left Languages Support – The Right Way
Right To Left Languages Support – The Right WayYoav Farhi
 
Localization: beyond translation
Localization: beyond translationLocalization: beyond translation
Localization: beyond translationYoav Farhi
 
WordPress in NOT English - WordCamp Hamburg 2014
WordPress in NOT English - WordCamp Hamburg 2014WordPress in NOT English - WordCamp Hamburg 2014
WordPress in NOT English - WordCamp Hamburg 2014Yoav Farhi
 
Contributing to WordPress (Hebrew)
Contributing to WordPress (Hebrew)Contributing to WordPress (Hebrew)
Contributing to WordPress (Hebrew)Yoav Farhi
 
WordPress: From Antispambot to Zeroize
WordPress: From Antispambot to ZeroizeWordPress: From Antispambot to Zeroize
WordPress: From Antispambot to ZeroizeYoav Farhi
 
Distributed: Reinventing the Workplace
Distributed: Reinventing the WorkplaceDistributed: Reinventing the Workplace
Distributed: Reinventing the WorkplaceYoav Farhi
 
וורדפרס.קום - אתרי וורדפרס בקלות
וורדפרס.קום - אתרי וורדפרס בקלותוורדפרס.קום - אתרי וורדפרס בקלות
וורדפרס.קום - אתרי וורדפרס בקלותYoav Farhi
 
התוסף הראשון שלי - וורדפרס
התוסף הראשון שלי - וורדפרסהתוסף הראשון שלי - וורדפרס
התוסף הראשון שלי - וורדפרסYoav Farhi
 
WordPress theme translation
WordPress theme translationWordPress theme translation
WordPress theme translationYoav Farhi
 
WordPress RTL
WordPress RTL WordPress RTL
WordPress RTL Yoav Farhi
 
WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1Yoav Farhi
 

More from Yoav Farhi (14)

Your First Gutenberg Block
Your First Gutenberg BlockYour First Gutenberg Block
Your First Gutenberg Block
 
[Atelier] Comment traduire un thème (ou une extension) WordPress
[Atelier] Comment traduire un thème (ou une extension) WordPress[Atelier] Comment traduire un thème (ou une extension) WordPress
[Atelier] Comment traduire un thème (ou une extension) WordPress
 
Gender-fair WordPress: Fixing translation inequality at the core
Gender-fair WordPress: Fixing translation inequality at the coreGender-fair WordPress: Fixing translation inequality at the core
Gender-fair WordPress: Fixing translation inequality at the core
 
Right To Left Languages Support – The Right Way
Right To Left Languages Support – The Right WayRight To Left Languages Support – The Right Way
Right To Left Languages Support – The Right Way
 
Localization: beyond translation
Localization: beyond translationLocalization: beyond translation
Localization: beyond translation
 
WordPress in NOT English - WordCamp Hamburg 2014
WordPress in NOT English - WordCamp Hamburg 2014WordPress in NOT English - WordCamp Hamburg 2014
WordPress in NOT English - WordCamp Hamburg 2014
 
Contributing to WordPress (Hebrew)
Contributing to WordPress (Hebrew)Contributing to WordPress (Hebrew)
Contributing to WordPress (Hebrew)
 
WordPress: From Antispambot to Zeroize
WordPress: From Antispambot to ZeroizeWordPress: From Antispambot to Zeroize
WordPress: From Antispambot to Zeroize
 
Distributed: Reinventing the Workplace
Distributed: Reinventing the WorkplaceDistributed: Reinventing the Workplace
Distributed: Reinventing the Workplace
 
וורדפרס.קום - אתרי וורדפרס בקלות
וורדפרס.קום - אתרי וורדפרס בקלותוורדפרס.קום - אתרי וורדפרס בקלות
וורדפרס.קום - אתרי וורדפרס בקלות
 
התוסף הראשון שלי - וורדפרס
התוסף הראשון שלי - וורדפרסהתוסף הראשון שלי - וורדפרס
התוסף הראשון שלי - וורדפרס
 
WordPress theme translation
WordPress theme translationWordPress theme translation
WordPress theme translation
 
WordPress RTL
WordPress RTL WordPress RTL
WordPress RTL
 
WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1WordPress Developers Israel Meetup #1
WordPress Developers Israel Meetup #1
 

Recently uploaded

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

WordCamp Jerusalem - Doing it Wrong

  • 1. You’re doing it wrong! ‫עשר טעויות נפוצות בפיתוח לוורדפרס‬ Monday, September 12, 11
  • 2. You’re doing it wrong! ‫עשר תשע טעויות נפוצות בפיתוח לוורדפרס‬ Monday, September 12, 11
  • 5. ‫ בחברת‬VIP ‫מפתח‬ Automattic ‫ מפקח בין‬VIP-‫צוות ה‬ WordPress ‫השאר על קוד‬ ‫שיוצר מעל‬ ‫ל-000,000,000,1 דפים‬ ‫נצפים בחודש‬ http://yoavfarhi.com @yoavf Monday, September 12, 11
  • 10. (wsod) 1. WP_DEBUG Monday, September 12, 11
  • 11. WP_DEBUG 1/2 define('WP_DEBUG', true); • Include notices • Bypasses some error suppression (ie WPDB ) • Triggers notices for deprecated functions ex: PHP Notice: get_links is deprecated since version 2.1! Use get_bookmarks() instead. in /Users/ yoavfarhi/Sites/trunk/wp-includes/functions.php on line 3409 Monday, September 12, 11
  • 12. WP_DEBUG 2/2 Don’t display define('WP_DEBUG_DISPLAY', false); Output to wp-content/debug.log define('WP_DEBUG_LOG', true); Monday, September 12, 11
  • 13. 2. Function Naming Monday, September 12, 11
  • 14. Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Monday, September 12, 11
  • 15. Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Fatal Error Monday, September 12, 11
  • 16. Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Angry Client Monday, September 12, 11
  • 17. Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Call From Client Monday, September 12, 11
  • 18. Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Time / Money Monday, September 12, 11
  • 19. Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } We don’t want that! Monday, September 12, 11
  • 20. Imagine... Plugin 1 Theme / Plugin 2 function custom_script() { function custom_script() { //... //... } } Solution: Prefix Monday, September 12, 11
  • 21. Prefix! Plugin 1 Theme / Plugin 2 function plugin1_custom_script() { function themename_custom_script() { //... //... } } Monday, September 12, 11
  • 22. Prefix! Plugin 1 Theme / Plugin 2 function plugin1_custom_script() { function themename_custom_script() { //... //... } } Happy! Monday, September 12, 11
  • 23. Or: Use a Class class my_plugin { function custom_script() { //... } function whatever() { //... } } new my_plugin; Monday, September 12, 11
  • 24. AND {$table_prefix} erms.term_id = $table_prefix} erm_taxonomy.term_taxonomy_ donomy.term_id Queries 3. Direct SQL AND {$table_prefix} osts.ID = {$table_prefix} ostmetata.post_id AND {$table_prefix} Monday, September 12, 11
  • 25. $last_posts = (array)$wpdb->get_results(" SELECT post_date, ID, post_title, name, {$table_prefix}terms.term_id FROM {$table_prefix}posts, {$table_prefix} term_relationships, {$table_prefix}terms, {$table_prefix} postmeta, {$table_prefix}term_taxonomy WHERE {$table_prefix}posts.ID = {$table_prefix} term_relationships.object_id AND {$table_prefix}term_taxonomy.term_taxonomy_id = {$table_prefix}term_relationships.term_taxonomy_id AND {$table_prefix}terms.term_id = {$table_prefix} term_taxonomy.term_id AND {$table_prefix}posts.ID = {$table_prefix} postmeta.post_id AND {$table_prefix}postmeta.meta_key = '_mini_post' AND {$table_prefix}postmeta.meta_value = 0 AND post_status = 'publish' AND {$table_prefix}terms.term_id != 25 AND {$table_prefix}terms.term_id != 24 AND {$table_prefix}term_taxonomy.taxonomy = 'category' "); Monday, September 12, 11
  • 26. $last_posts = (array)$wpdb->get_results(" SELECT post_date, ID, post_title, name, {$table_prefix}terms.term_id FROM {$table_prefix}posts, {$table_prefix} term_relationships, {$table_prefix}terms, {$table_prefix} postmeta, {$table_prefix}term_taxonomy WHERE {$table_prefix}posts.ID = {$table_prefix} term_relationships.object_id NG! AND {$table_prefix}term_taxonomy.term_taxonomy_id = O R {$table_prefix}term_relationships.term_taxonomy_id W AND {$table_prefix}terms.term_id = {$table_prefix} term_taxonomy.term_id AND {$table_prefix}posts.ID = {$table_prefix} postmeta.post_id AND {$table_prefix}postmeta.meta_key = '_mini_post' AND {$table_prefix}postmeta.meta_value = 0 AND post_status = 'publish' AND {$table_prefix}terms.term_id != 25 AND {$table_prefix}terms.term_id != 24 AND {$table_prefix}term_taxonomy.taxonomy = 'category' "); Monday, September 12, 11
  • 27. $args = array( 'post_type' => 'post', 'post_status' => 'publish', 'tax_query' => array( array( 'taxonomy' => 'category', 'terms' => array( '25', '24'), 'field' => 'id', 'operator' => 'NOT IN', ) ), 'meta_query' => array( array( 'key' => '_mini_post', 'value' => 0, ) ) ); $last_posts = new WP_Query( $args ); Monday, September 12, 11
  • 28. $args = array( 'post_type' => 'post', 'post_status' => 'publish', 'tax_query' => array( array( 'taxonomy' => 'category', 'terms' => array( '25', '24'), 'field' => 'id', 'operator' => 'NOT IN', ) ), 'meta_query' => array( array( 'key' => '_mini_post', 'value' => 0, ) ) ); $last_posts = new WP_Query( $args ); Monday, September 12, 11
  • 29. This is so much better because: Monday, September 12, 11
  • 30. This is so much better because: • It is easier to read, easier to change Monday, September 12, 11
  • 31. This is so much better because: • It is easier to read, easier to change • It is more secure Monday, September 12, 11
  • 32. This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster Monday, September 12, 11
  • 33. This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster • It is platform indifferent Monday, September 12, 11
  • 34. This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster • It is platform indifferent • It is future proof Monday, September 12, 11
  • 35. This is so much better because: • It is easier to read, easier to change • It is more secure • It Uses WP object caching and so faster • It is platform indifferent • It is future proof • It is bound to be improved Monday, September 12, 11
  • 36. 4. Loading JS/CSS/etc Monday, September 12, 11
  • 38. Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ themes/mytheme/js/newsletter.js'></script> Monday, September 12, 11
  • 39. Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro Monday, September 12, 11
  • 40. Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro function mytheme_load_script() { wp_enqueue_script( 'newsletter', 'http://thisismysite.com/wp-content/ themes/mytheme/js/newsletter.js', array( 'jquery' ), '0.1' ); } add_action( 'wp_enqueue_scripts', 'mytheme_load_script'); Monday, September 12, 11
  • 41. Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro function mytheme_load_script() { wp_enqueue_script( 'newsletter', 'http://thisismysite.com/wp-content/ themes/mytheme/js/newsletter.js', array( 'jquery' ), '0.1' ); } at i f ... add_action( 'wp_enqueue_scripts', 'mytheme_load_script'); but wh O k, Monday, September 12, 11
  • 42. Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro Monday, September 12, 11
  • 43. Javascript <script type='text/javascript' src='http://thisismysite.com/wp-content/ ng! themes/mytheme/js/newsletter.js'></script> W ro function mytheme_load_script() { wp_enqueue_script( 'newsletter', get_template_directory_uri() . '/js/newsletter.js', array( 'jquery' ), '0.1' ); } ht! add_action( 'wp_enqueue_scripts', 'mytheme_load_script'); Rig Monday, September 12, 11
  • 44. Use wp_enqueue_* because: • DRY - don’t repeat yourself • You can set dependencies • And manage versions • And easily move to the footer • And control where it loads (admin/page/...) Monday, September 12, 11
  • 45. Never assume a file location Monday, September 12, 11
  • 46. Never assume a file location • There’s a function for that: Monday, September 12, 11
  • 47. Never assume a file location • There’s a function for that: site_url() Monday, September 12, 11
  • 48. Never assume a file location • There’s a function for that: site_url() plugins_url() Monday, September 12, 11
  • 49. Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() Monday, September 12, 11
  • 50. Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * Monday, September 12, 11
  • 51. Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * get_theme_directory_uri() * Monday, September 12, 11
  • 52. Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * get_theme_directory_uri() * includes_url() Monday, September 12, 11
  • 53. Never assume a file location • There’s a function for that: site_url() plugins_url() content_url() get_theme_directory() * get_theme_directory_uri() * includes_url() admin_url() Monday, September 12, 11
  • 54. 5. Fetching remote content Monday, September 12, 11
  • 55. What’s your transport? file_get_contents() ? CURL ? fsockopen() ? stream_socket_client() ? Monday, September 12, 11
  • 56. What’s your transport? ! file_get_contents() ? W RO NG CURL ? fsockopen() ? stream_socket_client() ? Monday, September 12, 11
  • 57. The WP_Http class Helper functions //Simple Get $resp = wp_remote_get( 'http://example.com/' ); //Simple Post $args = array( 'body' => 'some data', 'user-agent' => 'your plugin' ); $resp = wp_remote_post( 'http://example.com', $args ); Monday, September 12, 11
  • 58. The WP_Http class Supports • Cookies • Headers • Authentication • Timeouts • Etc... * Add your own caching Monday, September 12, 11
  • 59. 6. Doing Ajax Monday, September 12, 11
  • 61. Doing Ajax front-end: <script> var ajaxurl = <?php echo plugins_url( 'ajax.php', __FILE__ ); ?> $('#button').click(function(){ $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> Monday, September 12, 11
  • 62. Doing Ajax front-end: <script> var ajaxurl = <?php echo plugins_url( 'ajax.php', __FILE__ ); ?> $('#button').click(function(){ $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> ajax.php: <?php require_once('../../../wp-load.php'); //... Monday, September 12, 11
  • 63. Doing Ajax front-end: <script> var ajaxurl = <?php echo plugins_url( 'ajax.php', __FILE__ ); ?> $('#button').click(function(){ $.post(ajaxurl, function(data) { $('.result').html(data); NG! }); }); RO </script> ajax.php: <?php W require_once('../../../wp-load.php'); //... Monday, September 12, 11
  • 65. Doing Ajax front-end: <script> var ajaxurl = <?php echo admin_url( 'admin-ajax.php'); ?> $('#button').click(function(){ var data = { action: 'my_action', }; $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> Monday, September 12, 11
  • 66. Doing Ajax front-end: <script> var ajaxurl = <?php echo admin_url( 'admin-ajax.php'); ?> $('#button').click(function(){ var data = { action: 'my_action', }; $.post(ajaxurl, function(data) { $('.result').html(data); }); }); </script> php: add_action('wp_ajax_my_action', 'plugin_action_callback'); add_action('wp_ajax_nopriv_my_action', 'plugin_action_callback'); function plugin_action_callback() { // do whatever echo $whatever; die(); } Monday, September 12, 11
  • 67. 7. Security? What ‘bout it? http://xkcd.com/327/ Monday, September 12, 11
  • 68. Never trust user input Monday, September 12, 11
  • 69. Never trust user input 1. XSS <h1>Search results for: <?php echo $_GET['s']; ?></h1> http://mysite.com/?s=</h1><script>alert('This Javascript can do anything!');</script> Monday, September 12, 11
  • 70. Never trust user input 1. XSS Wro ng! <h1>Search results for: <?php echo $_GET['s']; ?></h1> http://mysite.com/?s=</h1><script>alert('This Javascript can do anything!');</script> Monday, September 12, 11
  • 71. Never trust user input 1. XSS Wro ng! <h1>Search results for: <?php echo $_GET['s']; ?></h1> http://mysite.com/?s=</h1><script>alert('This Javascript can do anything!');</script> get_search_query() Solution: Escape late, escape EVERYTHING <h1>Search results for: <?php echo esc_attr( $_GET['s'] ) ; ?></h1> Monday, September 12, 11
  • 72. Never trust user input Monday, September 12, 11
  • 73. Never trust user input 2.SQL Injection $wpdb->query( " UPDATE $wpdb->posts SET post_title = ". $POST['title'] ." WHERE ID = 1" ); Monday, September 12, 11
  • 74. Never trust user input 2.SQL Injection $wpdb->query( ro ng! " UPDATE $wpdb->posts W SET post_title = ". $POST['title'] ." WHERE ID = 1" ); Monday, September 12, 11
  • 75. Never trust user input 2.SQL Injection $wpdb->query( ro ng! " UPDATE $wpdb->posts W SET post_title = ". $POST['title'] ." WHERE ID = 1" ); Solution: • Use APIS ( $wpdb->update, $wpdb->prepare ) • Validate data ( whitelist > blacklist ) Monday, September 12, 11
  • 76. Never trust user input Monday, September 12, 11
  • 77. Never trust user input 3.CSRF Authorization VS Intention Monday, September 12, 11
  • 78. Never trust user input 3.CSRF Authorization VS Intention Solution: Use nonces, not just current_user_can() wp_create_nonce(), wp_verify_nonce(), check_admin_referer() Monday, September 12, 11
  • 80. Mac / Linux $ mkdir blog $ cd blog $ svn co http://core.svn.wordpress.org/trunk/ . Monday, September 12, 11
  • 81. Windows / Tortoise SVN Monday, September 12, 11
  • 82. Running on Trunk No, not for production Monday, September 12, 11
  • 83. 9. Not Contributing Monday, September 12, 11
  • 85. Contributing • Core patches/testing/documentation Monday, September 12, 11
  • 86. Contributing • Core patches/testing/documentation • Release plugins and themes Monday, September 12, 11
  • 87. Contributing • Core patches/testing/documentation • Release plugins and themes • Translations and i18n Monday, September 12, 11
  • 88. Contributing • Core patches/testing/documentation • Release plugins and themes • Translations and i18n • Forums support Monday, September 12, 11
  • 89. Contributing • Core patches/testing/documentation • Release plugins and themes • Translations and i18n • Forums support • Tip! (or Buy) Monday, September 12, 11