headers
Dan Phiffer | 22 May 2013 17:46
Favicon
Gravatar

Escaping post meta values

Hi wp-hackers,

What's the deal with post meta value escaping? I didn't see any mention of it in the documentation, but it
seems important if you're ever going to store JSON data in the postmeta table (i.e., {"key":"value with
\"quotes\" in the content."})

Reduced example:

$str1 = '\\"';

update_post_meta($post->ID, "test", $str1);
$str2 = get_post_meta($post->ID, "test", true);

echo "$str1<br>$str2";

/*

Result:
\"
"

*/

Thanks,
Dan
Permalink | Reply | 13 comments |
headers
Dobri | 21 May 2013 16:29
Favicon
Gravatar

Re: Custom Post Types Clean-Up

Sorry for all the noise on the list, if someone could take a look at the very bare-bones plugin I wrote and give
me a second opinion, that would be great:

Activate the plugin below, go to localhost/custom or wherever your test site is and you should see a no
results found page, which is fine, since there are no posts of that type.
Deactivate it and instead of a 404, you get your homepage. Add whatever you want without any slashes after
custom/ and you still get that. Add something with a slash - 404.
Activate another plugin that flushes rules on activation or flush_rewrite_rules yourself somehow and
voila - 404 on that localhost/custom.

That doesn't seem normal and I'm going crazy trying to debug it.

<?php
/**
 *  <at> package Test
 *  <at> version 0.1b
 */
/*
	Plugin Name: Custom Content
	Plugin URI: http://www.ramapo.edu/
	Author: Gingerbread Man
	Version: 0.3b
	Description: Enables the creation/management of Custom Content
*/

function custom_activation()
{
	remove_action( 'init', 'custom_init');

	custom_init();
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dobri | 21 May 2013 15:28
Favicon
Gravatar

Re: Custom Post Types Clean-Up

OK, so update:

On Twenty Twelve, at least when I enable the above-mentioned empty plugin, clean up is complete. However,
it is still not sufficient to register a deactivation hook that runs flush_rewrite_rules. So, is there a
more appropriate place to flush the rules to make sure everything is cleaned up?

P.S. this is how I register my function that contains the flush_rewrite
register_deactivation_hook( __FILE__, 'clean_up');

~Dobri

On Tue, 21 May 2013, at 8:54 AM, Dobri wrote:

> Hey Marko,
> 
> Yes, I know that, sorry I forgot to mention it. I have a activation hook for the plugin that runs init and
flushes rules and a deactivation hook that runs just flush rules. Still, after deactivation, the issue I
described is still there. I know that the code runs since I'm tracing to the error log when the
activate/deactivate functions are called. I've also tried having another empty plugin with just
flush_rewrite_rules in activate/deactivate and then once I've deactivated the original "custom" post
type plugin, activate the other one so it's activate function flushes the rules. Even then, way after the
original plugin has been deactivated and after three flush_rewrites, the same issue is observed. I'm
testing it on twenty eleven now to convince myself it's not a theme-specific issue.
> 
> Thank you!
> 
> ~Dobri
> 
> On Mon, 20 May 2013, at 5:13 PM, Marko Heijnen wrote:
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dobri | 20 May 2013 22:55
Favicon
Gravatar

Custom Post Types Clean-Up

Hey,

I might be missing something but I've been doing a lot of custom post_types recently and clean up seems to be a
huge pain. Here's the deal:

I have a plugin that uses register_post_type in an init hook to do the initial setup of a post type (call it "custom").
Let's say for argument's sake I wanna focus on a page - http://mysite.com/custom/potato/.
I type that in before ever enabling the plugin and it's a 404.
I enable the plugin, play around with it, create a potato page.
Now http://mysite.com/custom/potato/ links to that page and all is good.
Now I disable the plugin.
I try http://mysite.com/custom/potato and now instead of a 404, I get the home page displayed while the url
stays the same.
In fact, http://mysite.com/custom/[anything]/ will also result in the homepage being displayed
without modifying the url.

Question: Is it just my setup and I should start disabling stuff or is that normal behavior? If it is,
shouldn't we do something about it?

Thanks!
~Dobri
Permalink | Reply | 2 comments |
headers
Bearcat Şándor | 20 May 2013 20:34
Gravatar

hyphens to differentiate database names for WP in mysql

Folks,

I like to create my wordpress databases with hyphens such as wp-exetermusic
 and wp-mysite.  I have to escape them with backticks when creating them.

Is this a bad practice?
Might some plugins choke on this?
Are underscores or some other thing, better?

Thanks
--

-- 
Bearcat M. Şándor
Feline Soul Systems LLC
Voice: 872.CAT.SOUL (872.228.7685)
Fax: 406.235.7070
Jabber/xmpp/gtalk/email: bearcat <at> feline-soul.net
MSN: bearcatsandor <at> hotmail.com
Yahoo: bearcatsandor
AIM: bearcatmsandor
_______________________________________________
wp-hackers mailing list
wp-hackers <at> lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
Permalink | Reply | 3 comments |
headers
Hard Patel | 19 May 2013 15:28
Picon

GSoC - Is it obvious?

Hello hackers

I wanted to ask a question about GSoC 2013.
Is it obvious for selected students to receive mail or IRC or comment on
their proposal(on melange) ?? Asking about more information related to
their ideas.
Is there any way i can know if my proposal has been viewed or not ? [1]

Thank you
Happy selecting. !!

[1] Link to my proposal<https://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/hardyy/1>

Best
Hard Patel
Permalink | Reply | 1 comment |
headers
Pranjal Prabhash | 18 May 2013 23:44
Picon
Gravatar

Enhanced Emails - GSoC '13

Hi,

I have updated my Wordpress blog regarding GSoC (
http://gsoc13.wordpress.com/) . Update is regarding a plugin, which I have
added to the wordpress repository. My plugin is now public.

Its been quite some time since someone has commented on my proposal(on
melange). I have replied to the comments put, and have also regularly
updated my proposal on melange through my comments.

I hope that the developers community has been through my proposal on
melange and also though my blog. What should I be doing now?

Regards,
Pranjal Prabhash
Permalink | Reply | 0 comments |
headers
Luke Bryan | 17 May 2013 20:56
Favicon

Missing safety check in WP3.6

Greetings,

I have been testing WP3.6 and have run into a problem. It seems a
safety check has been removed since wp3.5. In
wp-includes/js/media-editor.js, the add function used to simply return
the wp.media object of the object, if it existed already:

WP3.5:
add: function( id, options ) {
			var workflow = this.get( id );

			if ( workflow )
				return workflow;

			workflow = workflows[ id ] = wp.media( _.defaults( options || {}, {
				frame:    'post',
				state:    'insert',
				title:    wp.media.view.l10n.addMedia,
				multiple: true
			} ) );

			workflow.on( 'insert', function( selection ) { ...

WP3.6:
add: function( id, options ) {
			var workflow = this.get( id );

			workflow = workflows[ id ] = wp.media( _.defaults( options || {}, {
				frame:    'post',
				state:    'insert',
(Continue reading)

Permalink | Reply | 1 comment |
headers
Ken (WraithKenny | 17 May 2013 19:18
Picon

WordPress.org Stats API

Is there a way to get a filter on http://api.wordpress.org/stats/php/1.0/ (like
`?wp=3.5`) to reduce the result to a particular version of WordPress? If
not, can that be added please?
(I'm requesting the API handle this; It'd also be nice, but not necessary,
to add it to http://wordpress.org/about/stats/ )

I think it'd be useful for plugin authors to see the PHP version breakdown
for a particular version (mainly, the latest WP version) rather then having
older versions (3.0-3.4) mixed in.
(Just for fun, it'd also be interesting to see which PHP versions beta
testers are using to test!)

Example Case: I'm making a plugin that will require at least WP 3.6 (It'll
be in the plugin header, and have a check), and would like to use PHP 5.4
(or at least 5.3). Since the plugin won't run on lower versions, the PHP
versions reported for those lower WP versions aren't useful for my inquiry.

Currently http://wordpress.org/about/stats/ shows 62.5% on PHP 5.2. I would
assume a correlation of older WP to older PHP. Only 33% of WP up to date on
3.5. I'd further assume that the percent of PHP 5.2 for WP 3.5 would be
lower then 62.5%. I just don't have the access to that data yet to confirm.
Please liberate the data for the sake of us poor curious developers! :-)

P.S I originally sent this yesterday, but evidently was having
email/internet issues. I've seen on twitter that Nacin talked about this
yesterday (coincidence). He said that the data isn't yet broken down that
way even internally, but also that the difference in PHP version by WP
version is negligible. Still, it'd be nice to see the data anyway (removing
doubt would help). Also note, this isn't an argument to get WP to abandon
5.2, it's to get more info to plugin/theme devs.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Bryan Spahr | 17 May 2013 17:08
Picon
Gravatar

Admin Login Brute Force Attacks (Revisited)

For performance[*], I would like to be able to reject any login attempt
where _POST['log'} begins with 'admin', and to do it at the earliest possible
moment, to minimize the load on my server.

Is login_form_login a reasonable place for this kind of check?  Or is there
an earlier hook that would cause less load on the server?

And what is the best way to "die" in this case - exit? die? redirect?

Thanks,
Bryan

[*] This is NOT intended as a security measure.  I have taken all necessary and
reasonable precautions to prevent someone from breaking in to any of the sites
I host.  I'm looking to mitigate the resource usage caused by bots trying to
log in as admin, or adminadmin, or administrator which is what I'm seeing and
have been seeing for the past few months.

> On Wed, Mar 20, 2013 at 6:10 PM, Chip Bennett <chip at chipbennett.net
<http://lists.automattic.com/mailman/listinfo/wp-hackers>> wrote:
> >* Also: I keep the "admin" account - reduced to the "subscriber" role. It*> >* makes for a great honeypot.*>
> Totally unnecessary. I have no "admin" account at all on my site. I
> get the Limit Login Attempts email 8-12 times a day regardless. All
> "admin" attempts.
>
> -Otto
Permalink | Reply | 7 comments |
headers
Haluk Karamete | 16 May 2013 22:31
Picon
Gravatar

Two wordpress sites but one wordpress DB

I would like to explore the possibilities of a installing a new wordpress
installation which will be tapping into the same database as the first one.

The new site will obviously be identical in terms of content but I may
choose to install different plugins, use different themes on the second
one.

Of course, wp_options table will be my deal breaker here. but I'm sure
there are work arounds this matter.

So I searched the matter and found this post, but before I explore the
suggested route I wanted to check with you guys to see if this is the way
to go or not?

Thank you

Here is the suggestion.

<quote>

I've done this before, having 6 websites shoot out content from the same
database.

It's easy enough to do. Upload WP into both directories. Make sure they
have the identical wp-config.php file.

In the second sites directory do the following:
In the wp-settings.php file change the options database value to something
like this:
(Continue reading)

Permalink | Reply | 1 comment |

Gmane