Tools: cui-utils rev2

Write it, cut it, paste it, save it, Load it, check it, quick rewrite it, Drag it, drop it, zip, unzip it

For those who are using the windows platform, there is a set of useful command line utilities (CUI = Commandline User Interface) that were ported from GNU Linux. You get a bunch of tools to handle text and files. It ships with NC which is seen as malicious by some virus checkers, I suggest you better educate yourself. Can be disabled in the installer anyway because all this comes with a useful installer / uninstaller. I thought it’s nice to share: Continue reading →

Enhancing Feeds: Power of the Atom

There still is the 2+ years broken RSS 0.92 feed in wordpress (per default ?!). Otto to the rescue: Atom Default Feed. The plugin changes the default feed output to Atom format.

Via: #4967

New Trac Report: {37} Needs Unit Tests [UPDATED]

For the upcomming 3.0 Release there are still some tickets open, but it looks like this is getting closer to release. I just stumbled over a new report, that is listing all with the tag needs-unit-tests. The funny thing about this is, that officially there isn’t any testsuite with wordpress. At least none I’m aware of. So I must wonder where these unit-tests should actually go into and for what they are good for. Continue reading →

Stripslashed to death? – End the Madness!

Another highly biased post with much #WTF potential as it’s typed on twitter: In WordPress there is some pretty stinky code. I always make a joke about the plain wrong slogan “Code is poetry” [sic!] where if that would be, WordPress code is the scribbling you find on loo’s doors in bars while having a shit. WordPress is Artwork and not Software? Me is the prince of Wales, ja ja.

Do not say you can not run a business on WordPress!

Sir Spam-A-Lot

I put the finger on the strip-slash-madness long ago in (#5791). It’s one thing to do stuff plain wrong, but another to not correct mistakes made. And that is pretty much what is happening here. It’s all so outch since two years for that one. I must stop to rant right away or I’ll go on till midnight. Let’s stick a bit more on topic: Continue reading →

Line Endings in diverse Operating Systems

While coding some XML stuff lately (if you’re into PHP and XML, get a grip on FluentDOM if you have not already) I ran about some line ending issues. That [NEL] thingy was new to me, so I just wanted to get the whole picture. There is always something to discover Continue reading →

PHP: Casting vs. intval()

Doing a cast like (int) $var instead of the intval($var) function is about 300% to 650% faster. I did some tests out of curiousity in #13317 and those are the results: Continue reading →

Mr. Damien Katz and the cutest picture on Google images.

Damien Katz is a developer. He invented CouchDB (currently a project hosted under the apache umbrella) and put much traction on the nosql “movement”.

But what’s more important then some tech facts is his very open style to actually talk about intentions and personal motivation. I must admit, he has something of Tom Cruise round about ’99 but younger. Just enjoy the talk about how he did it (incl. slides, this one is actually quite new from 2009). Ca. 30 minutes worth paying attention to.

It covers personal motivation as well as programing practices, job choosing, dealing with the company you’re working for, the enterprise, and naturally licensing issues and how to get your project on the run. A link worth to share.

WPAAA.PHP – WordPress Access All Areas

Time to open my toolbox. There is one tool I pretty much use in doing wordpress support. It’s called WP Access All Areas and exists for the sole purpose to get administrative access to a worpdress blog by uploading a PHP file via FTP. It’s there to handle this task quick and with ease. Continue reading →

WordPress 3.0 and PHP 4 – What’s the deal?

I know that more and more wordpress developers are complaining about that coding policy to support PHP 4 in wordpress. Yes, you’re right, it’s pretty much useless these days. And it makes things complicated. But WordPress Development is not done the way that developers can actually decide on the topic. I hope this changes with more “open source development” in the project.

There is updated information: WordPress drops PHP 4 in Q1 2011 (by hakre; 14 Jul 2010)

I must admit, that this story is really old. We had the one or other shizophrenic situation already and yes, it creates a more and more floweriness garden. Springtime is over soon in the northern hemisphere but not yet. Today I stumbled over some wordpress 3.0 fresh in this cycle added code that looked like it wanted to “handle PHP 4 code” properly. But as I showed in my previous post about PHP References, just passing an argument as PHP variable reference does not do the trick.

So what to say? This PHP 4 compatibility is too complicated for todays wordpress developers to manage properly. I mean it’s totally stupid for a PHP developer to care about that carefully 2010, so I hope those guys do not take an offence when I write this. I can totally understand that this topic is too complicated that you want to learn the details and how to properly deal with it. My suggestion here is clear: Drop PHP 4 support with WordPress. Just drop it. Do the step ahead on the 3.0 release. It’s about time.

If you’re still running your wordpress blog and PHP scripts on PHP 4, consider to read on in codex on how to switch to PHP5.

Related tickets are: #13319; #9751. Related articles are: WordPress and PHP 5: Be the Change You Want to See; WordPress System Requirements.

Read on: PHP 4 end of life announcement (on my Blog, 31 May 2010)

Nette Latte

About a week ago I blogged about a Ctemplate influenced template language called mustache. It is naturally implemented in PHP. Now I stumbled over another PHP implemented and Ctemplate influenced template language again. It’s called Nette Latte and it is part of the Nette PHP Framework. It ships with some more logic compared to mustache (a little bit) and it contains context-aware HTML escaping. A feature worth considerable in a template language, Twig for example is offering it as well.

Via: Context-aware HTML escaping by Jakub Vrana

Tweak Internet Explorer 6 for todays use

I didn’t knew this great Setting for years: As describben in the MSDN, with a simple registry tweak you can disable stylesheets in Internet Explorer 6.

Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Name: Use StyleSheets
Value-Type: REG_SZ
Possible Values: no or yes

Set it to no and your internet explorer can surf everywhere again: Continue reading →

The Myth of the Genius Programmer

A talk by Brian Fitzpatrick and Ben Collins-Sussman on the 2009 Google I/O Conference:

A pervasive elitism hovers in the background of collaborative software development: everyone secretly wants to be seen as a genius. In this talk, we discuss how to avoid this trap and gracefully exchange personal ego for personal growth and super-charged collaboration. We’ll also examine how software tools affect social behaviors, and how to successfully manage the growth of new ideas.

The Myth of the Genius Programmer / Slides / All Info

Cheap Hack/Worm Protection for your WordPress Blog

This on its own might be only security done half, but I thought the idea is not that bad to spread the word. It can be normally setup in seconds on the various linux based hostings out there: disable eval.

Most WordPress exploits are used to place Worms or Backdoor scripts onto the server. They turn it into a Web-Drone to hack other Blogs, send Spam, deeper attack your server, store payloads for other attacks and all that stuff. You just do not want that.

Example Eval Code found on a hacked WordPress Blog

Most of the backdoor-scripts I’ve seen on hacked wordpress installations make heavy use of the eval language construct in PHP. So the simple idea is to disable eval. This works well with WordPress, because since some month the code is eval-free^™. Related ticket is #9602.

For example this can be done with a PHP Extension called Suhosin:

suhosin.executor.disable_eval = On

The Suhosin configuration can be edited within your php.ini file. If you’re unsure wether or not your changes did work, use phpinfo() to display all the configuration settings (if it’s not disabled 😉 ).

“If eval() is the answer, then you asked the wrong question”.

If you think things can not be done w/o eval, take a look on this sample code I provided to patch wordpress core to remove eval out of permalinks parsing. That eval in there has been used for many wordpress exploits and it was long overdue to be removed.

So again: It’s possible to remove eval very often, just throw it out of your plugins and themes if you have it in there. And do yourself a favor and do not use Themes or Plugins that contain eval.

But I’ve already been hacked!

Especially when your Blog got hacked, this suhosin setting comes in handy. As reported in a previous post, hacked blogs can contain tons of eval-code after being attacked. With that suhosin setting, those attacks are removed w/o actually removing the code. That’s somehow dirty but in case you’ve been attacked, this can save you at least some more headaches in a snap of a second.

Read on: Comprehensive WordPress Guide with many Ideas how to secure a Blog (19 APR 2010).

Must-Use Plugins and Drop-Ins

Just two simple questions: What are must-use (mu) plugins and what are drop-ins? I’ll answer both right away:

Must Use Plugins

The MU or Must-Use Plugins is a principle that has moved from WordPress MU into WordPress core long before the 3.0 merge. These are standard wordpress plugins files, that are loaded regardless if they have been configured in your blogs backend or not. They only need to be placed in a specific directory, the mu-plugins folder: wp-content/mu-plugins. That feature is available since WordPress 2.8 if I remember correctly. At least since 2.8 it can be configured with the WPMU_PLUGIN_DIR and WPMU_PLUGIN_URL constants.

The plugin files do not need to contain plugin headers, so you just need to create a PHP file and that’s all.

Drop Ins

This term is not that well known. Some core functionality of the WordPress core can be replaced by so called Drop-Ins. Those are PHP files on specific locations that get included if they exist. The inclusion is done for a specific task, for example db.php get’s loaded to replace the default PHP database class. So you can replace it with one that is faster, more stable and secure for example. Drop-Ins exist since various versions, depending on them. The Multi-Site since 3.0 naturally.

List of all WordPress Drop-Ins

File	Type of Plugin	Loaded	Context
advanced-cache.php	Advanced caching plugin.	on WP_CACHE value	Single
db.php	Custom database class	always	Single
db-error.php	Custom database error message	on error	Single
install.php	Custom install script	on install	Single
maintenance.php	Custom maintenance message	on maintenance	Single
object-cache.php	External object cache	always	Single
sunrise.php	‘Executed before Multisite is loaded	on SUNRISE value	Multi
blog-deleted.php	Custom blog deleted message	on deleted blog	Multi
blog-inactive.php	Custom blog inactive message	on inactive blog	Multi
blog-suspended.php	Custom blog suspended message	on archived or spammed blog	Multi

Source: Data taken from global function _get_dropins() in wp-admin/includes/plugin.php.

All files need to be placed in the wordpress content directory (wp-content by default, defined in constant WP_CONTENT_DIR). Drops-Ins do not need to be full plugin files, they can be just standard PHP files.

WordPress 3.0 will ship with a better plugin listing by the way. It reveals which of those non-standard-plugin extensions are loaded.

mustache — Logic-less templates.

Another minimalistic template lanugage I stumbeled over: mustache. It’s so reduced it has the tagline “logic-less templates” and really, it is reduced. Reduced in features but not in implementation languages: Continue reading →

phpSysInfo

Phpsysinfo is a PHP script that displays information about the host being accessed. That are things like Uptime, CPU, Memory, SCSI, IDE, PCI, Ethernet, Floppy, and Video Information. Continue reading →

WordPress 3.0 Beta Test on wordpress.com [UPDATED]

According to the last weeks developer chat, some tests of WordPress 3.0 have been run on a subset of sites on wordpress.com (and still ongoing). A number of plugins and themes were run on WP-3.0 as well. Continue reading →

Living With Legacy Code by Rowan Merewood

Rowan Merewood uploaded slides from his PHP Benelux ‘10 Presentation “Living With Legacy Code”.

Legacy code is a hard to handle topic, that’s why normally we as developers would like to walk around that. Continue reading →

FluentDOM Usage: The id() Problem

There is a node-set function called id() in xpath. It might be the case that it does not work on your data if you load in HTML documents into FluentDOM / DOM-XML. The result is that you do not get any result, no nodes are returned by the find() function. That’s a pitty because you can use it to access elements in a short notation. There are two ways to deal with the problem: Continue reading →

WordPress 3.0 Release Schedule Changes

Please take note of this Report as well: WordPress 3.0 released (June 17).

The last wordpress 3.0 planned release date for May 1st has been postponed again according to the official development schedule. Wording changed from release to first RC. The next written release date is now May 15th, but that date has already been flagged with a question mark. Continue reading →