Developers Review
by curtismchale
Theme or Plugin???
Does that custom code go in a theme or a plugin?
- In your functions.php
- A fully custom plugin
If you want the functionality to live past this current theme
then it goes in a plugin
If it's specific to this site design, it goes in the theme
WordPress Actions
Actions indicate that something happened
Like the 'pre_get_posts' action that runs before WordPress gets posts
You can add_action to catch 'pre_get_posts' and change the posts WordPress is getting
Action example
Lets get published and scheduled posts
Wordpress Filters
Filters allow you to change things as they run
Like 'wp_mail_from' which allows you to change who the WordPress stock emails come from
So you add_filter with 'wp_mail_from' and change the email
Filter example
Lets make WordPress use my email as the send from email
Site Security Rules
1. Never trust the User
2. Never Trust the User!
3. Escape as Late as Possible
4. Use Nonces
Number Used Once
Tie them to a $post_id
We'll cover nonces more later
5. Never Trust the User
6. Whitelist
But blacklisting??
- infinite amounts of options you don't want
- have to maintain that infinite list
7. Check Formats
8. Sanitize on Input Validate on output
When we output use the esc_* functions
When we are doing input (saving) we sanitize
- check to make sure we have the expected data
9. Never Trust the User
Now Lets Try It
Answers
Roles and Caps
Roles are things like:
Administrator, Author, Subscriber
Caps are things that the roles can do like:
activate_plugins, read, save_post
Check for Caps not Roles
Add Caps when you Add functionality
Development Review
By curtismchale
Development Review
Quick review of actions and filters then we talk about sanitization and validation.
