Category Archives: WordPress

WordPress news, updates, etc.

Important Security Update For SyntaxHighlighter Evolved

SyntaxHighlighter Evolved, , ,

If you use my SyntaxHighlighter Evolved WordPress plugin, please update ASAP. There’s a security issue with the Flash file that is used by version 2 of the highlighting library. This file is meant to be used for allowing one-click copying of the code to your clipboard (since normal copy/paste doesn’t work with it) but the file reportedly suffers from a cross-site scripting security issue.

Even if you use the better version 3 of the library (the default for my plugin), the file from version 2 of the library will still be included in the plugin’s files.

As a temporary fix, I have emptied out the file. This unfortunately means your visitors will not easily be able to copy any code you paste. I recommend switching to the superior version 3 via my plugin’s settings page. Code highlighted using the newer version can be selected and copied normally.

Feel free to leave any questions you have about this security issue on this post but please leave other general SyntaxHighlighter comments on the plugin’s homepage. Thanks.

WordPress: Debug Functions Attached To A Filter

WordPress,

I was debugging something in WordPress, trying to figure out what callback function was applying a change to a filter (in this case a post’s content). To get a list of what functions were hooked into the filter, I threw together a quick helper function and I thought I’d post it here incase anyone else found it useful.

function viper_debug_filter( $filter ) {
	add_filter( $filter, function( $value ) {
		global $wp_filter;

		$filters = array();

		foreach ( (array) $wp_filter[ current_filter() ] as $priority => $functions ) {
			foreach ( (array) $functions as $function => $args ) {
				$filters[$priority][] = $function;
			}
		}

		var_dump( current_filter(), $filters );

		return $value;
	} );
}

// Pass the filter name here
viper_debug_filter( 'the_content' );

Nothing fancy like excluding itself from the output — it was just a quick and dirty hack. Use it as you see fit.

Debugging WordPress HTTP API Remote Requests

WordPress, , ,

If you’re writing WordPress code that makes remote requests and need to easily debug the requests, here’s some helper code to do it. This requires that you’re using WordPress’s HTTP API which you should already be doing — directly using cURL or other methods is wrong and a great way to make your code not cross-server compatible.

add_action( 'http_api_debug', 'viper_http_api_debug', 10, 5 );

function viper_http_api_debug( $response, $type, $class, $args, $url ) {
	// You can change this from error_log() to var_dump() but it can break AJAX requests
	error_log( 'Request URL: ' . var_export( $url, true ) );
	error_log( 'Request Args: ' . var_export( $args, true ) );
	error_log( 'Request Response : ' . var_export( $response, true ) );
}

That will log the request URL, the request arguments, and the whole response HTTP_API object to your error log file. The last message one will be pretty long/spammy but it’ll give you headers, the body, and everything else. Since it’s an instance of HTTP_API, you can also do things like this if you want to:

error_log( 'Response Code: ' . wp_remote_retrieve_response_code( $response ) );

Installing PHPUnit On Windows

WordPress, , ,

I wanted to start contributing to the WordPress unit tests so I needed to install PHPUnit. Turned out it was harder than it might seem (I had a tough time getting it all working) so I thought I’d blog what finally ended up working for me to help save some people some time.

Assuming you already have PHP and MySQL installed, here’s the steps you need to take:

  1. Install PEAR, a dependency for PHPUnit:
    1. Visit http://pear.php.net/go-pear.phar in your browser and save the file into your PHP directory. This is the folder where you can find php.exe.
    2. Open an administrator command prompt. On Vista or Windows 7, hit your Windows key, type “cmd”, right-click the resulting “cmd.exe” search result, and select “Run as administrator”. Navigate to the folder where you have PHP installed, the same folder where you saved the file in the previous step.
    3. Type the following command to execute the file you just downloaded: php go-pear.phar
    4. After a moment, you should start being prompted for some things. The installer is pretty self-explanatory and I think you want a system installation rather than a local one.
    5. Open the folder where PHP is installed and double-click the PEAR_ENV.reg file that has been created. This allows you to run the pear command from any folder.
    6. Verify PEAR is working by running the command pear version
  2. Install PHPUnit:
    1. Turn on auto_discover in PEAR by typing the following command at the command line: pear config-set auto_discover 1
    2. Download and install PHPUnit by running the following command: pear install pear.phpunit.de/PHPUnit
    3. In order to be able to run the phpunit command from any folder, you need to add it to your Windows Path value. Right-click My Computer → Properties → Advanced system settings → Environmental Variables → select “Path” under “System Variables” → Edit → Add a semi-colon (;) and then the full path to your PHP folder onto the end of the value, for example like this: ;D:\Webserver\php
    4. Verify PHPUnit is working by running the command phpunit --version
  3. Set up the WordPress unit tests by following the rest of the steps on the WordPress Core Contributor Handbook now that you have PHPUnit installed.

Done!

jQuery Lightbox For Native Galleries Plugin Discontinued

My WP Plugins, , ,

With the release of Jetpack 1.5, Jetpack now supports the awesome carousel feature that you may have seen running on WordPress.com. It’s superior to my jQuery Lightbox For Native Galleries plugin in my opinion so I am opting to discontinue development on my plugin.

My plugin should continue to work for the indefinite future but I will no longer be maintaining it.

WordPress License Plates

Automotive, Personal, WordPress, , ,

I moved my “IM STIG” license plates over to my Dodge Viper so I had to get new plates for my Ford Mustang. What to get on my plates this time around seemed like an obvious choice! :)

WordPress License Plates

UPDATE: It looks like I’m the fifth sixth person to get WordPress license plates! Ryan Duff (Pennsylvania), Jonathan Dingman (California), Michael Torbert (North Carolina), AJ Morris (Michigan), and Jesse Friedman (Rhode Island) also have them. Awesome. :cool:

JW FLV Player Removed From My “Viper’s Video Quicktags” Plugin

Video Quicktags, ,

JW FLV Player has been removed from the latest version of my Viper’s Video Quicktags plugin. The player is not compatible with the GPL license and as a result cannot be included in plugins that are hosted in the WordPress.org plugin repository. I shouldn’t have added the player to my plugin in the first place but it was the only decent player at the time oh so many years ago. Today I have rectified that mistake by removing it from my plugin’s download.

However do not fear — I have not actually removed the functionality, I just no longer bundle it with my plugin. If you wish to continue to use the player to embed .flv and .mp4 files after upgrading to version 6.4.0 of my plugin, you will need to download this ZIP file and extract it to your wp-content folder, resulting in /wp-content/jw-flv-player/player.swf. I’m hosting the ZIP file since my plugin uses an old version of the player that is no longer available for download from the official site.

This is a temporary band-aid fix. The eventual plan is to switch to the GPL-licensed Flowplayer but that won’t happen until I complete the latest recode of my plugin which introduces many much-needed features. Whether I’ll actually ever finish version 7.0 of my plugin is another matter though.

If you have any questions or need any help, please post over on the Viper’s Video Quicktags page.