Dino Termini | 31 Jul 17:00 2014

[Bug?] Selecting tax terms associated to a cpt

Hi list,

we have the following scenario: custom post type "tool" with a bunch of 
taxonomies attached to it (type, location, etc). Nothing new under the sun.

Using Members [1], I created a new role that has access to tools only, 
no pages, no posts. In the CPT definition, I set capability_type = 
'tool', and assigned edit_tools, delete_tools, etc to the corresponding 

Now, when I log into the system as a Tool Editor, I can add a new tool, 
but the sidebar taxonomy terms cannot be selected unless I add 
'edit_posts' to the list of capabilities associated to Tool Editor.

Am I missing something? Is this a bug in WP?


[1] https://wordpress.org/plugins/members/
Haluk Karamete | 30 Jul 20:27 2014

creating a text file within WordPress system - the right way - referring to Otto's article

Every once in a while, for whatever crazy reason happens to be, I need to
dig in and create a temporary-txt-file.  - for mostly debugging purposes
and it is temporary.

( I already got the database version taken care of for my needs but I would
love to explore and challenge myself the txt file implementation of it)

Now... creating a txt file on the server is easy enough,
but doing-it-right is pretty complicated.

I read Otto's article at
http://ottopress.com/2011/tutorial-using-the-wp_filesystem/  ( I had also
watched his video on this particular subject but a looong time ago )

Anyway, I downloaded his plugin code (which refers to from that article
above ) in which he clearly says, do-not-use-this-in-production.

There in the plug in code ( which I posted below), there is a section where
he explains step by step and I get it.

But that code is addressing the needs of an operation that is running
within the context of the admin dashboard - perhaps to take care of the
saving of some form post field data into a txt file. the article is all
about how to do this right,.

Well, in my case, I'm not firing the create text file from within the

I will be triggering the call ( such as blp_create_a_text_file($here) )
from a stand-alone php page like this
(Continue reading)

Dino Termini | 23 Jul 21:17 2014

WordPress, load balancer and domain names

Hi list,

I have a question for those who have dealt with MySQL replication. We 
would like to create an environment with three servers: 1 authoring 
server behind the firewall (server1.example.com), that only internal 
users can access, and 2 public-facing servers behind a load balancer 
(server2.example.com and server3.example.com, with load balancer 
responding to server.example.com). Filesystems are synchronized via NFS, 
and MySQL is set as master on the authoring and as slave on the two 
public servers. In order to avoid issues (apparently WP caches oEmbeds 
and other stuff when rendering pages), we set the slaves as read-only.

Now, content editors who access the authoring server, will type 
server1.example.com, which is also the address configured in WordPress. 
Unfortunately those URLs get copied over to the slaves. And that's were 
problems start to arise. Have you ever dealt with a similar situation? 
How did you solve the problem, or what would you recommend we change or 
adapt to implement this architecture?

Thank you,
Jacob Santos | 23 Jul 15:33 2014

Possible issue in remove_all_filters()

On line 312 of wp-includes/plugin.php (in my repository version).

if ( false !== $priority && isset( $wp_filter[ $tag ][ $priority ] ) ) {
// reset priority.
} else {
// remove all priorities and reset entire tag.

The issue is that it is possible that $priority will not be false, but that
priority not exist, which will remove all priorities and reset the entire

1: add_filter('some_tag', 'some_function', 1);
2: remove_all_filters('some_tag', 1);

If line 1 is removed at any point, then line 2 will reset the entire
'some_tag' action. This includes priority 10.

Is this the intentional behavior and if so, then why?

Jacob Santos
BenderisGreat | 22 Jul 23:52 2014

print_media_templates & filtering SPECIFIC post galleries by ID

I am trying to add a feature to a plugin, and just got stuck yesterday on how
to identify the specific post gallery ID that an option is being set for. 
In a nutshell, I added a checkbox to the Media Gallery ( see bottom right
checkbox here:  http://postimg.org/image/g423ozl5l/
<http://postimg.org/image/g423ozl5l/>   )

Now, I would like that option value to coincide with the specific post
gallery ID for filtering when the post is loaded.  This is where I am stuck. 
The print_media_templates filter accepts no arguments, and returns no value. 
So, I am not sure where the saving of that option value occurs at, or where
the galley ID is returned to.  

Could someone lend me a pair of eyes and share any possible solutions?  

View this message in context: http://wordpress-hackers.1065353.n5.nabble.com/print-media-templates-filtering-SPECIFIC-post-galleries-by-ID-tp44175.html
Sent from the Wordpress Hackers mailing list archive at Nabble.com.
David Anderson | 22 Jul 14:04 2014

Re: WP's XML-RPC functionality a security vulnerability?

> I've noticed a huge surge in trash traffic to /xmlrpc.php on my big sites.
> In my case they are coming from different IP's every time which makes them
> very hard to block (and indicating a DDOS or at least distributed intrusion
> attempt).

Distributed brute-force login attacks appear to have switched to using 
XMLRPC in the last couple of weeks. I'm seeing them on many sites. It 
seems reasonable to assume that this is because some of the solutions 
that protect against distributed and/or brute-force attacks aren't 
covering XMLRPC.

I posted this and asked (the very good) BruteProtect about their plans 
the week before last, but haven't heard what they think about it yet 
(the link also has more info about the attacks):


Best wishes,


UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net
Patty Ayers | 21 Jul 18:27 2014

WP’s XML-RPC functionality a security vulnerability?

If this is off-topic, I apologize. A web host I use sent me this "courtesy
security alert", copy-pasted below. Is this accurate? What about their
recommendations, do you agree with their advice? I have about 25 live WP
sites and want to keep them as secure as possible. I do use basic good
security measures (strong passwords, themes and plugins updated, nightly
off-site backups, etc.) already. Thanks very much in advance,


"Dear Customer,

Please consider this a courtesy security alert. This message only applies
to WordPress websites.

We wanted to make you aware of a vulnerability in WordPress that is
becoming an increasingly popular exploit for attackers.

The vulnerability is from WordPress’s XML-RPC
<http://codex.wordpress.org/XML-RPC_Support> functionality, a feature
enabled by default since version 3.5. Attackers are abusing the feature to
launch DDoS attacks against other sites.

It is important to note that XML-RPC does serve some legitimate purposes
<http://codex.wordpress.org/XML-RPC_Support>, including the pingback
<http://en.support.wordpress.com/comments/pingbacks/> feature and the
ability to post content remotely from various WebLog clients

Due to the scale and nature of the exploits, however, we would like to
(Continue reading)

Haluk Karamete | 20 Jul 15:42 2014

choosing plural vs singular words in taxonony names in URIs

I know this is very subjective, but the more I pick the highly up-scale
brains like the great minds of this list, the better it is. so excuse me if
you find this question a little odd.

here is the situation

say, you got a taxonomy called "Channels" and you got terms under it such
as "Debates", "Interviews", "PodCasts" etc...

should the url's for these terms read as




If this was a straight english grammar, we'd be saying "Debates Channel".
No dispute on that...

But here in a url structure, can't start with the term first.

So I'm wondering which of the above structures, in the
broken-english-structure-of URLs be better?  channels/debates or

Or is this something like case by case? What's the handle or guide in
deciding on these things?

I hope you don't find this question odd and shoot me down. :)
(Continue reading)

Haluk Karamete | 18 Jul 22:33 2014

do you guys distinquish between various PHP commenting options?

Commenting is great...

But do you have personal guidelines as to which of the 3 commenting options
that come with PHP when you comment on SINGLE LINES?

We got 3 to choose from.



/*  */

There must be a reason why we have 3 choices I'm thinking...

And I'm also curious if a leaner version of WordPress (with 0 comments & 0
unnecessary white space ) has been considered as an optional download for
those who choose to do so (from the repository) discussed any earlier.

For example, one can choose to download the minified version of 3.9.1 per

I'm just curious how that discussion went - if any.
BenderisGreat | 18 Jul 00:16 2014

filtering archive or category templates before the loop

Just a quick question.  I need to know if there is a way to add an HTML
Element before the loop begins on category and/or archive pages.  Looking
for a way to place a sorting dropdown box in a plugin.  Any help would be
great guys

View this message in context: http://wordpress-hackers.1065353.n5.nabble.com/filtering-archive-or-category-templates-before-the-loop-tp44148.html
Sent from the Wordpress Hackers mailing list archive at Nabble.com.
Nikola Nikolov | 17 Jul 17:29 2014

Re: running the themeunit.xml programmatically from the back end

Technically you can still do it from PHP as long as you can execute system
commands :) I'm not sure exactly how the WordPress importer plugin works

On Thu, Jul 17, 2014 at 6:28 PM, Haluk Karamete <halukkaramete <at> gmail.com>

> Nikola, thank you.. but I need to that from within the php script - as part
> of my  function.
> there must be an api for this.
> On Thu, Jul 17, 2014 at 8:21 AM, Nikola Nikolov <nikolov.tmw <at> gmail.com>
> wrote:
> > I'd use wp-cli for that and more specifically the "wp import" command -
> > http://wp-cli.org/commands/import/
> >
> >
> > On Thu, Jul 17, 2014 at 6:14 PM, Haluk Karamete <halukkaramete <at> gmail.com
> >
> > wrote:
> >
> > > I wrote a script which is when I run it, it puts my localhost
> > installation
> > > of the wordpress site back to the right after 5-min-install state.
> > >
> > > So it basically truncates most tables and bam brings to the fresh
> > state...
> > > ( I just won't touch the user stuff and the options table ) but
(Continue reading)