Haluk Karamete | 23 Apr 02:59 2015
Picon

esc_url or esc_attr or both

Say, you're  retrieving a value from the SB and you expect that to be in
the form of a URL

Let's assume that that value has to go in an img tag as its src attribute;

In this case, what's the recommended way to escape that from an XSS point
of view.

I provided 4 ways below;

1: just do esc_url
<img src="<?php esc_url($url_maybe);?>" >

2: just do esc_attr
<img src="<?php esc_attr($url_maybe);?>" >

3: do both but run esc_attr first
<img src="<?php esc_url(esc_attr($url_maybe));?>" >

4: do both but run esc_url first
<img src="<?php esc_attr(esc_url($url_maybe));?>" >

Similar confusion may occur in deciding esc_js and so on.
What simple guide can I use in situations like this?
David Anderson | 22 Apr 14:03 2015
Picon

Re: has anyone seen permalinks stop working with wp 4.1.2 update


On 22/04/15 13:00, Mickey Panayiotakis wrote:
> Howdy.
>
> Some permalinks, esp. custom post types, stopped working on a few sites we
> manage today. Re-saving the permalink settings/structure fixes the problem.
>
> Has anyone experienced similar? I'm not sure if 4.1.2 is the issue or not.
> But I've had this happen on 3-4 sites in the past 2 days.
>

I think I may have done. bbPress forum permalinks stopped working on 
updraftplus.com. I re-saved the permalinks, and all was well again. 
However, there was a bbPress update (the XSS security issue) the day 
before, and I can't remember the exact chronology.

David

--

-- 
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net
Mickey Panayiotakis | 22 Apr 01:34 2015

has anyone seen permalinks stop working with wp 4.1.2 update?

Howdy.

Some permalinks, esp. custom post types, stopped working on a few sites we
manage today. Re-saving the permalink settings/structure fixes the problem.

Has anyone experienced similar? I'm not sure if 4.1.2 is the issue or not.
But I've had this happen on 3-4 sites in the past 2 days.

mickey

--

Mickey Panayiotakis
Managing Partner
800.270.5170 x512
<http://www.infamia.com>
Nícholas André | 20 Apr 04:25 2015
Picon

WP Central Posts Network a WordPress Multisite Plugin

Hi guys, recently I develop a WordPress Plugin specifically for multisite.
I always wanted to use WordPress Multisite to create interconected sites.
And for a project I need to use Multisite in this way. So, I develop a
WordPress Plugin to accomplish this. I called it WP Central Posts Network.

It's a WordPress Multisite Plugin that let you choose any posts on any site
in the network to display on the main site.

Basically it allows you to define sections that will receive posts of any
site of the Network, then you can shows the posts associated with that
section on the main site.

It's on the official repository:
https://wordpress.org/plugins/wp-central-posts-network/

Docs to use it, are in my github repo:
https://github.com/nicholasio/wp-central-posts-network/blob/master/README.md

I'm Brazillian Developer, sorry for any english mistakes.

--

-- 
Nícholas André
Desenvolvedor Web especialista em WordPress
www.nicholasandre.com.br
_______________________________________________
wp-hackers mailing list
wp-hackers <at> lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
kchard | 18 Apr 03:47 2015

Page hierarchy

By default WordPress displays pages within wp-admin / edit.php  in
hierarchical order. Is it possible to disable this functionality to
have pages displayed in order without hierarchy. I need to have pages
support parent, child relationships however because I have 17,000
hierarchical posts the pages section no longer functions. Any ideas
would be great, 

Cheers
Kevin,

_______________________________________________
wp-hackers mailing list
wp-hackers <at> lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
Haluk Karamete | 17 Apr 14:25 2015
Picon

WP_DEBUG TRUE

Even though this constant and all of its brothers (WP_DEBUG_DISPLAY etc.. )
is set to FALSE at the wp-config, I'm getting a PHP notice on the admin
dashboard - from one of the plugins installed.

Notice: Undefined variable: img_width in
...\wp-content\plugins\xxxxx\functions\xxxx.php on line 81

Obviously, there is some poor coding on that plugin author's code (which I
masked above )/ However, that's a different point. ( I will contact him to
fix that error. )

My question is..

Why is it that while the WP_DEBUG gang is set to FALSE at the config, I
still get a PHP notice on the dashboard?
Greg Gibson | 15 Apr 03:16 2015

WP Backend "All Pages" Times Out From 6000+ Pages?

Hi,

Does anyone know if our problem below is due to Wordpress core?

We have 6000+ pages. No problems on the frontend. And no

problems on the backend, except "All Pages." When we try to access

All Pages (leading to our 6000 pages) it often times out after several 

minutes.

Godaddy and Cloudflare said it wasn't their problem. Cloudflare 

showed errors 504 and 520 which they explained.

"This indicates a timeout after establishing a TCP connection and waiting
for a response from your origin. If your origin does not return any data
after about a minute or so, we will close the connection and serve an error.
This can happen if your server is simply taking too long because it has too
much work to do - e.g. a large data query, or because the server is
struggling for resources and cannot return any data in time. You should
check your server health metrics such as available CPU & RAM and if you're
using a Database server that should be checked too for long running queries,
for example. An Error 520 happens when your origin returns a response that
is unexpected. Your web server or networking equipment (Firewall, Load
Balancer) reset the TCP connection after it was established. Sometimes when
a web server crashes it will reset the connection. Check your web server
error log for the timescale that the error occurred in and look for any
error messages.504 errors are normally caused by a 504 being presented on
(Continue reading)

David Anderson | 20 Mar 23:26 2015
Picon

Re: Hosting updates for your own plugins


Gerlando Termini wrote:
> Hi,
>
> I've been using this for a few years:
>
> https://github.com/YahnisElsts/plugin-update-checker/blob/master/plugin-update-checker.php
That's the client-side code - the plugin I linked to was a plugin for 
providing the *server* end, managed through a WP dashboard.

Best wishes,
David

--

-- 
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net
David Anderson | 19 Mar 11:17 2015
Picon

Hosting updates for your own plugins

Hi,

In case anyone's interested, an alert for a plugin I recently released...

https://wordpress.org/plugins/simba-plugin-updates-manager/

It allows you to host and manage plugin updates for (free) plugins that 
you distribute from your own site (instead of from wordpress.org). It's 
a cleaned-up + tweaked version of code that's been in use on 
updraftplus.com for 2 years, so is pretty stable.

Best wishes,
David

--

-- 
UpdraftPlus - best WordPress backups - http://updraftplus.com
WordShell - WordPress fast from the CLI - http://wordshell.net
Luke Bryan | 19 Mar 05:25 2015

A few 4.2 questions

Greetings all,

In testing the new 4.2 I've noticed some important differences from the
older 4.1:

First of all, the redesigned wp-views - they seem to break compatibility,
even with the old minimal example on github
<https://github.com/dtbaker/wordpress-mce-view-and-shortcode-editor/issues>
that has been working for a few versions now. Will there be a migration
guide for this view system soon?

Second, something I just now noticed, is the latest version seems to lack
the execCommands listing:
In WP4.1, you could run "tinymce.activeEditor.execCommands" in js console
and see what commands you could call execCommand( commandname ) on. In the
latest this seems to be missing. Was this replaced with something else?

Best regards,
Luke
Stephen Rider | 6 Mar 18:53 2015

Plugin not updating in repository

Hi --

I updated a plugin of mine a week ago and it's still not showing up on the WP Plugins site.  Anyone know who I
should talk to?

https://wordpress.org/plugins/quiz/

(A different plugin I updated showed up within hours.)

Thanks,

Stephen Rider

Gmane