C.J.S. Hayward | 6 Feb 13:40 2016

Re: wp-hackers Digest, Vol 132, Issue 2

Thank all of you for responding. I will post a more concise note as an
issue on Github.


[image: Christos Jonathan Seth Hayward] <http://jonathanscorner.com/>
C.J.S. Hayward, Author, UX / Usability Specialist.
If you're looking for a Bible that's a little like an Orthodox King James
Version, you might consider the *Classic Orthodox Bible
If you read *one webpage* out of everything I wrote, you might read *Doxology

 *Email* <jsh <at> jsh.name> • *Books and Kindle <http://cjsh.name/>* • *Flagship
Website <https://cjshayward.com/>*
wp-hackers mailing list
wp-hackers <at> lists.automattic.com
C.J.S. Hayward | 5 Feb 14:17 2016

Re: wp-hackers Digest, Vol 132, Issue 1

I'm a bit confused by the claim I was advancing religious or philosophical
positions. I was writing more out of puzzlement that a basic usability
finding, that visited and unvisited links should at least be different
colors (mentioned in a mainstream usability venue in 1996 and not clear
then; reiterated with slight relaxation of a strict hardliner position in
2011, and also repeated by another cardinally important author in 2014),
and this is not an obscure detail, but *important to Jakob Nielsen enough
to consistently make a top 10 list*...

Can you see why I might be puzzled if twentysixteen gives me complete
freedom in choosing one color for all links, but does not provide
facilities to give one color for unvisited links, and another for visited
links, and surprised to some degree in dealing with Wordpress afficionados,
who here state that I was advancing a philosophical or religious opinion? I
mentioned religion in the writeup post very briefly and to set the stage;
my attempt was to push for decisions based on cognitive science research
etc. rather than personal feelings about a color scheme...

[image: Christos Jonathan Seth Hayward] <http://jonathanscorner.com/>
C.J.S. Hayward, Author, UX / Usability Specialist.
If you're looking for a Bible that's a little like an Orthodox King James
Version, you might consider the *Classic Orthodox Bible
If you read *one webpage* out of everything I wrote, you might read *Doxology

 *Email* <jsh <at> jsh.name> • *Books and Kindle <http://cjsh.name/>* • *Flagship
Website <https://cjshayward.com/>*
wp-hackers mailing list
(Continue reading)

C.J.S. Hayward | 5 Feb 00:13 2016

A n00b's rough road

I posted a concern, essentially that I had to cut Wordpress against the
grain to reach the low bar of not violating even one of NN Group's "Top 10
Mistakes in Web Design." It has been said decades back, "*You can tell how
advanced of a society we live in when Fortran is the language of
supercomputers,*" and perhaps we could say in another arena, "*We can tell
the level of usability maturity when Wordpress's twentysixteen flagship
theme requires you to child-theme, or something more esoteric, if you want
anything but one single link color combined with total failure to provide
discernibly different appearance between visited and unvisited links.*"

*I was trying to think of how to say this without just fighting words, but
I have failed at that. As discussed below, I've had a rocky road in getting
Wordpress to function at a higher-level usability. Besides getting a nasty
warning when I posted on wordpress.stackexchange.com
<http://wordpress.stackexchange.com>, I was told I should tell core
developers. I ask your forgiveness if I've sent this to the wrong email
address; this looked like the best I could give without chasing down links
in individual developer sites.*

*I should add that I was just trying to write a minimum viable essay, and
did not express my profound gratitude for your, or I may say, "our",

Become an up-to-date Wordpress blogger—the hard way! (A non-religious
rant—or is it?)
Feb 4, 2016

(Continue reading)

David Anderson | 11 Dec 01:03 2015

Viruses that look for open WordPress tabs in your browser?

Has anyone come across the following before? Or is it potentially a new 
thing? (I've not read any such thing before).

I'm examining a hacked WP site. The logs show that the site owner, the 
sole admin, was logged in, and working on it in wp-admin in a normal 
way, up until 02:52 on a certain day. Then absolutely nothing until 
03:35. Then at 03:35, wham - a single GET followed by a load of POST 
requests to the plugin editor, one for each plugin, inserting hacker 
code. All from the admin's IP/browser (same user agent), and too close 
together to be human (i.e. obviously scripted). It's all the same IP and 
browser session, which is confirmed as the site owner's ISP.

My inference from that is that the site owner, at 02:52, went to do 
other things, leaving the browser tab open. They got infected with a 
virus (or perhaps already were), and that virus hunted for open browser 
sessions logged-in to wp-admin, and used those sessions to infect the WP 

That's all technically do-able. But I've not previously heard of a virus 
(the customer has a Mac, and was using Safari), that does this. Is this 
a new thing?



UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net
Thomas Belknap | 2 Dec 19:45 2015

nav_menu_link_attributes filter adds ending slash

I'm using the nav_menu_link_attributes filter to change the behavior of a
specific post type. The first thing I noticed was that, in contrast to what
the documentation says on this, $item refers to the *menu* item, not to the
object to which it is linked.

But beyond that, it seems that despite the fact that I'm replacing the
'href' attribute of the link, something somewhere is adding a trailing
slash, which is messing up what I'm doing. Here's the code I'm using:

function nav_menu_panel_item( $attrs, $item, $args ) {
if( stristr($attrs['href'], 'hn_panel') ) :
preg_match( '|([^/]+)/?$|', $attrs['href'], $target );
$attrs['href'] = '#' . $target[0];
$attrs['class'] = stristr( $attrs['class'], 'smoothscroll' ) ?
$attrs['class'] : $attrs['class'] . ' smoothscroll';
return $attrs;
add_filter( 'nav_menu_link_attributes', array( &$this,
'nav_menu_panel_item' ), 10, 3 );

As you can see, the point is to convert the "hn_panel" post type menu items
into on-page anchor navigation. But by adding the trailing slash, WP is
preventing this function from working.

Is there another filter that I'm missing? I've set the priority from 1 to
100 and back to 10, but that doesn't seem to help.


(Continue reading)

David Anderson | 23 Nov 11:31 2015

Re: Contents of wp-hackers digest...

On 22/11/15 12:00, wp-hackers-request <at> lists.automattic.com wrote:
> Firstly, searching for single words is not the best way to search the
> plugin directory. Single word searches are largely useless. We're searching
> the readme.txt files. What did you expect to find with simplistic searching?
Hi Otto,

Thanks for replying. I wasn't personally suggesting searching using 
single-word terms. I was assuming that real-world users do that, and 
that giving them better results where possible would be a reasonable 
thing to do.

I don't have access to the search engine stats. Some stats on the 
average length of searches would be interesting. It may be a non-problem.
> However, "backup" was modified 7 hours ago,
Something interesting seems to have happened on this one. Here's the 
ancient "backup" plugin I was referring to via the Internet Archive, 
which was the 'live' one until I sent my email: 
It seems that someone then got in with a different one for 1 day: 
. It's now gone: https://wordpress.org/plugins/backup/ - returns no 
direct result for that slug.
>   "contact" in the last year, and
That's what I said: '"Contact" - brings up a plugin last modified > a 
year ago, tested up to WP 4.0.'. My point wasn't that they're all 
necessarily ancient; just that they're not good #1 results for the 
search term entered, when all the possible search factors that could be 
involved are taken into account (reviews + ratings, downloads, whether 
the plugin is maintained, + other indicators of how much the author 
(Continue reading)

David Anderson | 21 Nov 12:10 2015

WordPress.Org plugins directory search suggestion


I didn't want to post this to the wordpress.org plugins email address, 
as I realise that's busy enough for the team there and didn't want to 
force them to read it. But, if anyone has time to here (and a public 
answer that's Googleable might not hurt)...

The wordpress.org plugins directory always returns any plugin whose slug 
you enter exactly as the #1 result. That's hard-wired. That seems 
reasonable - if someone searches directly for something, then that 
should come first.

However, that breaks down badly when slugs are very generic terms - 
especially single words.


* "Backup". The result is unmaintained for 3 years, tested up to WP 3.4, 
and is only for Google Drive, using a Google API that doesn't exist any 
more - so, useless.

* "Contact" - brings up a plugin last modified > a year ago, tested up 
to WP 4.0.

* "Pinterest" - brings up a plugin last updated  4 years ago, tested up 
to WP 3.3. (I realise that a new submission of this sort would fail the 
new trademark policy).

It seems to me that at a minimum, the "always return a plugin whose slug 
exactly matches" should not apply on single-word searches. Otherwise, 
(Continue reading)

Ian Dunn | 14 Nov 20:28 2015

Re: Why WP_Error Sucks

Resurrecting this old topic because I came across the following posts 
this morning, which offer an interesting back-and-forth between Spolsky 
and Ned Batchelder.


Michael D Adams wrote:
>/Joel Spolsky's opinion: />/http://www.joelonsoftware.com/items/2003/10/13.html (Exceptions
are />/worse than GOTOs) /
Funkatron | 10 Nov 18:26 2015

Media Modal issues when using exclude in library

Hello!  Haven't seen any activity here but I hope someone is still
listening here.  I have a problem that I need help solving, related to this
ticket: https://core.trac.wordpress.org/ticket/34465#comment:3

Basically, the bug I found is if you create a media modal and set the
library to exclude any attachments, the media modal won't update when you
upload files.  Code to replicate the bug is in the last comment on the
ticket.  Thank you to anyone that replies
David Anderson | 10 Nov 15:38 2015

Plugin updates, licensing + renewal plugin


Some of you may recall that some moons ago, I released a free plugin for 
providing plugin updates services for free plugins, managed from your WP 

The plan was to then have a paid version that added features for paid 
plugins (specifically, licence management). I've now changed course, and 
released the would-have-been-premium version for free. This plugin is 
the full version of what's used at updraftplus.com since 2013 to deliver 
hundreds of thousands of updates to customers (though, updraftplus.com 
isn't yet update to the latest major version, and relies on bespoke 
coding for some features before they were added to the main plugin).

It allows distribution of free and paid plugins, and handling of 
licences (add, delete, renew, reset), and automatic sending of reminders 
to licensees with expiring licences. There's even a class so that you 
can integrate an updater into your plugin with 1 include and 1 line of 

The plugin is here:

What's the catch? No catch... but there is a paid add-on for WooCommerce 
integration (automatic creation and renewal of licences, renewal 
discount coupons, linking orders with licenses, links in renewal 
reminder emails to automatically pre-fill the cart). If you're 
interested in an integration for another e-commerce plugin, then give me 
a shout off-list.
(Continue reading)

huthbot | 10 Nov 14:51 2015

Fw: new message


New message, please read <http://nicoliver.com/thinking.php?7qv>