WordPress Question
06-04-2014, 12:28 PM, (This post was last modified: 06-04-2014, 12:28 PM by FunkyRes.)
Post: #1
WordPress Question
Need to write a plugin for a page that does a very specific thing. Say, display a calendar generated via php.

From what I can tell, I actually have to create a template file that includes the headers and sidebar and footer and stick it in the theme directory that is currently selected?

So it breaks if I change the theme without copying the template to a new theme, is that really how it works?

What I want is -

Code:
$nodelist = $dom->getElementsByTagName('div');
$j = $nodelist->length;
for ($i=0; $i<$j; $i++) {
  $node = $nodelist->item($i);
  if ($node->hasAttribute('role') {
    $role = strtolower($node->getAttribute('role'));
    if (strcmp('content', $role)) {
      $main = $node;
    }
  }
}

The just add my custom stuff to the child of $main and not have to worry about what theme is being used.

I know WordPress doesn't use DOMDocument, but does it really not have a way to say "Use the default template for a page for theme selected, but execute this code instead of getting content from the DB" ?

I can't seem to find any way to do that.

Admittedly I don't do a lot with WordPress, but that seems like a simple thing, but I can't find it, not without making a template to put inside a theme that is then specific to that theme.

Thanks for suggestions
Welcome to the dark side. Are you surprised we lied about having cookies?
06-04-2014, 02:55 PM,
Post: #2
RE: WordPress Question
A template is too much. You can get this done pretty easily with hooks & filters. You can make WP do anything with hooks and filters. I loves me some hooks and filters.

It doesn't really sounds like you just need to be able to inject a calendar in to the main content area. You can go about this a few different ways:

1. a filter on the_content. http://codex.wordpress.org/Plugin_API/Filter_Reference/the_content You could apply some post-meta or a special category to a post, sniff that meta or category, then inject the calendar in to the output.
2. a shortcode. http://codex.wordpress.org/Shortcode_API You define a function that does stuff, then you add [my_shortcode_tag] in to your post content and wordpress will run you function in that spot and inject whatever your function returns in to the content.
3. maybe a widget? Do you care if the calendar shows up in a sidebar? You can build a widget that sniffs the current post, and like the first one you can use post-meta or categories to sniff and control the widget display: http://codex.wordpress.org/WordPress_Widgets

Just read the docs. Its all there and easy to use.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 03:23 PM,
Post: #3
RE: WordPress Question
The more I read the docs, the more pissed at WordPress I get...

They run all ajax in an admin context whether or not you send a cookie associating you with an admin account. So if you use ajax for anything that really does require admin context, you have to be very careful that the call is genuine and not from a forged request.

You can do that with a nonce - but you have to code that yourself because wordpress had the bright idea to make their nonce's live for 12 hours regardless of whether they are used. Morons.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-04-2014, 03:36 PM, (This post was last modified: 06-04-2014, 03:37 PM by Gippy.)
Post: #4
RE: WordPress Question
Well, then, you should just write it all yourself from scratch instead of using a pre-built framework. You can surely do better.

What is a seasoned veteran like you doing messing around with a child's toy, anyway? Have you no pride?
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 03:36 PM, (This post was last modified: 06-04-2014, 03:39 PM by FunkyRes.)
Post: #5
RE: WordPress Question
I suspect what they are trying to do is reduce caching issues and load on servers in generating a nonce but it is still stupid especially how they handle ajax requests.

(06-04-2014, 03:36 PM)Gippy Wrote: Well, then, you should just write it all yourself from scratch instead of using a pre-built framework. You can surely do better.

I probably can. I'd use DOMDocument to generate it and PDO for database so it isn't stuck to one backend etc.

Here's one I started years ago but got bored, it's still active -

http://www.domblogger.net/

Notice the user can pick the theme they want - not stuck to a theme the blog admin wants.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-04-2014, 03:41 PM,
Post: #6
RE: WordPress Question
So avant garde! How is it that any other framework ever thrived in your shadow?
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 03:42 PM,
Post: #7
RE: WordPress Question
Wow. I am pissy tonight.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 03:44 PM,
Post: #8
RE: WordPress Question
Still, you shouldn't post a "I can't figure this shit out post" and then go on to dictate from on high about the framework's design decisions and quality of their developers.

Get over it. Come back when you've achieved something.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 03:47 PM,
Post: #9
RE: WordPress Question
Oh I figured out how to get something -

Code:
<?php
/*
Template Name: sexyCalendar_
*/
get_header();
if(function_exists('some_weird_function')) {
    some_weird_function();
} else {
    echo '<p>Plugin blah is not enabled.</p>';
}
get_footer();
?>

That just seemed like there could be a much better way, and it breaks if you change themes.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-04-2014, 03:52 PM,
Post: #10
RE: WordPress Question
get < achieved
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 03:58 PM, (This post was last modified: 06-04-2014, 04:03 PM by FunkyRes.)
Post: #11
RE: WordPress Question
Fair enough, it just seems that WordPress makes things a lot more complicated than they need to be, like its a patchwork of a bunch of different philosophies roughly glued together in a weird asinine way.

It also doesn't always seem to respect the user request - e.g. telling it to put my JS in the head where it belongs rather than the footer, it still sometimes puts it in the footer,

JS should never be in the footer. The argument is that in the footer the page loads faster but it creates usability problems because the content can be rendered before the JS is ready to use resulting in users clicking on things and not having it work because the page load hasn't yet fired.

Besides, forbidding JS that isn't in the head avoids most injection attacks, but that breaks if you have it in the footer.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-04-2014, 04:10 PM,
Post: #12
RE: WordPress Question
You're probably enqueueing your scripts after the header has been built which is why you should learn about the hooks and filter and how you manipulate the WP environment, the query, and template loading to your advantage.

And, yes, its a bit kludgy at times, but if you think about the legacy of backwards compatibility they've got I marvel at how my old plugins still just work because, gasp, they were written to take advantage of the full API that's available.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 04:11 PM,
Post: #13
RE: WordPress Question
Also, if your page content fully renders before your footer scripts have loaded you've got bigger problems than WP.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 05:26 PM, (This post was last modified: 06-04-2014, 05:27 PM by FunkyRes.)
Post: #14
RE: WordPress Question
(06-04-2014, 04:10 PM)Gippy Wrote: You're probably enqueueing your scripts after the header has been built which is why you should learn about the hooks and filter and how you manipulate the WP environment, the query, and template loading to your advantage.

And, yes, its a bit kludgy at times, but if you think about the legacy of backwards compatibility they've got I marvel at how my old plugins still just work because, gasp, they were written to take advantage of the full API that's available.

Well if they used DOMDocument their enquing could be

$head = $dom->getElementsByTagName('head')->item(0);
$head->appendChild($script);

Generating content as an object has so so so so many advantages over the way WordPress and so many others do it.

But yeah, you are right, the get_header(); being called in the template before the content generating function and that they aren't building the page as an object is what is happening.

So I have to add those before the get_header() is called in the template - but using a template is a hack anyway.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-04-2014, 05:30 PM,
Post: #15
RE: WordPress Question
I think I recall someone in this thread saying something about hooks, filters, and how you can make this work without touching the theme at all...
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-04-2014, 05:46 PM, (This post was last modified: 06-04-2014, 05:49 PM by FunkyRes.)
Post: #16
RE: WordPress Question
Oh - and the reality is 90+ % of the time, JS is cached anyway and whether in head / footer makes 0 performance difference.
Well, if you have it set up properly so JS is sent with cache forever, and you use a CDN for big stuff like jQuery (especially since stuff like jQuery is on free CDNs like google).

(06-04-2014, 05:30 PM)Gippy Wrote: I think I recall someone in this thread saying something about hooks, filters, and how you can make this work without touching the theme at all...

Well yes, I use hooks and filters for other plugins that run on every page - e.g. my plugin that obfuscates gravatar so it doesn't expose the hash of the e-mail address ( http://wordpress.org/plugins/smartava/ ).

But I only want these to run when this one special specific page is called, so I can't load the JS until I know THAT page has been called, it is inefficient to have it run every fricken page load on the CMS and check to see if it is the one page that will actually use them.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-04-2014, 11:34 PM,
Post: #17
RE: WordPress Question
This thread delivers.
bedstuy Wrote:mocking a pair of $500 jeans is a form of class warfare... why do you hate my social status?
06-04-2014, 11:55 PM,
Post: #18
RE: WordPress Question
Its a shame that we shouldn't be using code to do our heavy lifting... code is special and should be coddled.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-05-2014, 01:32 AM,
Post: #19
RE: WordPress Question
How much is Res paying you guys for all this advice?
ClubbieClubbieClubbieClubbieClubbieClubbieClubbie
ClubbieClubbieClubbieClubbieClubbieClubbieClubbie
ClubbieClubbieClubbieClubbieClubbieClubbie
06-05-2014, 03:32 AM, (This post was last modified: 06-05-2014, 03:44 AM by FunkyRes.)
Post: #20
RE: WordPress Question
(06-05-2014, 01:32 AM)Alien Wrote: How much is Res paying you guys for all this advice?

Your thoughts are not wanted. You are a blowhard who doesn't like me, I don't understand why you even read my threads. I don't like you so I no longer read yours. We'd both probably be happier if you reciprocated.

(06-04-2014, 11:55 PM)Gippy Wrote: Its a shame that we shouldn't be using code to do our heavy lifting... code is special and should be coddled.

The heavy lifting should be done intelligently. Running all ajax in admin context like WordPress does ACCORDING TO THEIR OWN DOCS is not doing it intelligently.

I do appreciate the help you gave, but yes I have been reading the docs quite a bit and the more I read them the more I realize it is one of the worst open source projects I have ever used.

It may be popular and used to make a lot of money, but so was Windows 95 and Microsoft Frontpage.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-05-2014, 07:59 AM,
Post: #21
RE: WordPress Question
What really gets me, WordPress uses mod_rewrite - so why not just use that for things like ajax scripts and completely eliminate the need for their complex bloated and insecure handling of ajax?

Why not simply have /wordpress/foo/ajax.php execute the php script in plugins/superCoolCamelCode/ajax/ajax.php

and let the plugin developer do his thing? He could require just what was needed to run his ajax and return the result, and check the cookie to make sure it is valid session if it is an admin function, all without need to load any of wordpresses bloat.

It's KISS.
Welcome to the dark side. Are you surprised we lied about having cookies?
06-05-2014, 08:05 AM,
Post: #22
RE: WordPress Question
You should provide this feedback to the dev team. It's a no-brainer that they've overlooked. Maybe they'll give you money!
bedstuy Wrote:mocking a pair of $500 jeans is a form of class warfare... why do you hate my social status?
06-05-2014, 12:06 PM,
Post: #23
RE: WordPress Question
Heh. The advocation for pushing plugin debs outside of a central Ajax handler is rather comical. I'd much rather everything go through the Ajax handler that gives you the opportunity as a security minded developer to lock down the install as you see fit. If every Tom Dick and Asshole went straight for a plugin file (and they do because, well, it's very easy to do in a generic fashion) then you've got no way to enforce any standards if you want.

Your gripes are of convenience but you say they're around security. You amuse me.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-05-2014, 12:09 PM,
Post: #24
RE: WordPress Question
Plus you get the framework to set up all the cruft shit that I don't want to deal with. Man, you're asking to reinvent the wheel with every plugin. That's moronic.
The chaos army seems suspiciously well organized.
flickr | Stupid Blog | Twitter
06-05-2014, 12:43 PM, (This post was last modified: 06-05-2014, 12:55 PM by FunkyRes.)
Post: #25
RE: WordPress Question
lock down?

Originally ajax was only for admin tools, but people obviously wanted it for not admin use - but rather than open it up the right way, they opened it up so that ACCORDING TO THEIR OWN DOCUMENTATION EVERYTHING RUNS IN ADMIN CONTEXT which means if you DO use Ajax for admin interface stuff, you have to be extra careful because it runs in admin context even if the request didn't come with a cookie with the right credentials.

If you are security minded, stay the hell away from WordPress. The devs only want stuff to work, that's all they give a damn about. They don't give a damn about providing a secure framework to start with. It's a hack job, and a poor one. Unfortunately it is wildly popular, but most people are too stupid to evaluate the backend.

Me, my biggest flaw is I get too hung up on the backend. That's something I can't help, little details for some reason are something I tend to over-focus on. But these security issues aren't unknown to them, they are fricken documented.

-=-

Know what happens when a WordPress.com hosted plugin is found to be malicious or have a gapingly bad security hole? They pull the plugin.
Is there any mechanism within WordPress that a user can use to determine if a plugin they installed was pulled?

No, even though it would be incredibly easy to do. And that problem has been known for at least four years.

They don't give a damn.

(06-05-2014, 08:05 AM)roo Wrote: You should provide this feedback to the dev team. It's a no-brainer that they've overlooked. Maybe they'll give you money!

Unfortunately apathy of the masses is one of the problems of open source software. People just don't care.

If I or someone else were to submit patches that fix their problems, those fixes would break a lot of plugins. Since a lot of the developers also write plugins that would then need maintenance, they won't accept these patches because as long as user are apathetic to the issues, users continue to use the product.

You Roo are the perfect example of the apathetic attitude I am talking about.

So there is no point in people who give a shit in providing patches that fix the problem because the patches would be rejected so it would be wasted effort.
Welcome to the dark side. Are you surprised we lied about having cookies?


Forum Jump: