Arrrrgh! Kill it! Kill wp_attempt_focus with fire!

Somewhere around version 2.8.4 or something, WordPress introduced a "feature" to focus the username form and wipe the username. I dont want to type my username every time again and again and again. So what can we do to kill wp_attempt_focus? There is no hook available to disable that part of the code, but we can use some dirty tricks:

I created the following 'plugin' to get rid of it:
function kill_wp_attempt_focus($in){
return preg_replace('/function wp_attempt_focus/','function wp_attempt_focus(){} function wp_attempt_focus_killed',$in);
}
if($_SERVER["PHP_SELF"]=='/wp-login.php'){
ob_start('kill_wp_attempt_focus');
}

It grabs the output of /wp-login.php, renames the original wp_attempt_focus() to wp_attempt_focus_killed() and creates a new empty function to prevent errors.

© GeekLabInfo Arrrrgh! Kill it! Kill wp_attempt_focus with fire! is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

WordPress timezone problems: fixed

I'm using WordPress as a framework for a website that reaches over 30.000 readers daily over several media. Some over the web, but most users receive posts by mail, sms or twitter using custom-made plugins. Since I can't have a broken mail sent to thousands of users, I rather don't upgrade WordPress, except when security issues have been found. Every single WordPress upgrade I've done has broken something, like when plugin hooks are renamed, and renamed back later....

Timezone support broken

After my latest upgrade, the sending queue got seriously screwed up. SMS messages that should have been sent around 8am, got send around midnight. Why? Because WordPress timezone support screws up the time!

WordPress gave me my WTF moment while testing with date(). I've been testing what was wrong, and came across a situation where a simple reload caused the timezone to shift 2 hours. This simple line of code echoed 1:30:00 at 1:30:00 while echoing 3:30:01 at 1:30:01:
<?php echo date("H:i:s"); ?>

This isn't such a problem for simple posts on a weblog, but for sending queued mail and sms messages this is fatal.

My solution

Screw WordPress. It'll get fixed in some future version of WordPress. For now I'll get a date I can actually trust from mysql:
$wpdb->getvar('select DATE_FORMAT(current_timestamp,"%H:%i:%s");');

I also replaced several other instances of date(), like:
"select * from wp_receipients where time_to_sent<".date("Hi")."'";
to
'select * from wp_receipients where time_to_sent<DATE_FORMAT(current_timestamp,"%H%i")';

© GeekLabInfo WordPress timezone problems: fixed is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

WordPress: Pass variables by reference with apply_filter

WordPress has this great filtering system which allows you to write plugins. Yesterday, I was writing a plugin that has the ability for other plugins to change it's behaviour.

For the particular functionality, it would be very nice to use two parameters, which should both be changable.

Standard PHP

In standard PHP, you could do:

function doit($in, &$var2){
    $var2=true;
    return $in+1;
}
 
$changed=false;
echo doit(1,$changed);
echo $changed;

Pass by reference: Not working with WordPress

The WordPress apply_filter and add_filter functions do not allow variable passing by reference. Therefore, the following code will not work.

function doit($in, &$var2){
    $var2=true;
    return $in+1;
}
 
add_filter('myfilter','doit',10,2);
$changed=false;
echo apply_filters('myfilter',1,$changed);
echo $changed;

Dirty solution

You could use $GLOBALS to overcome this problem. I would not recommend this method, as it's not flexible, not safe to re-use and requires the function and the main code to be synchronized.

function doit($in){
    global $changed;
    $changed=true;
    return $in+1;
}
 
add_filter('myfilter','doit');
$changed=false;
echo apply_filters('myfilter',1);
echo $changed;

The good solution

The correct solution to this problem, is to combine all variabled in one array, and use this array as the first variable.

Example 1: For a few parameters

function doit($in){
    list($in,$var2)=$in;
    $var2=true;
    return array($in,$var);
}
 
add_filter('myfilter','doit');
$changed=false;
list($in,$changed)=apply_filters('myfilter',array(1,$changed));
echo $in;
echo $changed;

Example 2: For more complex situations

function doit($in){
    $in['changed']=true;
    $in['in']+=1;
    return $in;
}
 
add_filter('myfilter','doit');
$changed=false;
$in=1;
extract(  apply_filters('myfilter',compact('in','changed'))  );
echo $in;
echo $changed;

This last method may impose a security risk if you use third party plugins.

© GeekLabInfo WordPress: Pass variables by reference with apply_filter is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (7 votes, average: 3.71 out of 5)
Loading...

WordPress spam filtering: improved.

On this WordPress blog, I'm running the WP Hashcash plugin to prevent spam. Recently, I've seen a lot more spam, I guess spambots now recognise WPHC encryption.

WPHC encryption could be upgraded to withstand spam again. But new bots will break new encryption. The biggest problem is that all blogs using WPHC use the same javascript to decode the key. If only you could be a liiiiittle different from other blogs, standard bots wouldn't have a chance.

My solution is to include a few filters in WPHC. This allows for weblog owners to write a tiny plugin to have slightly different antispam than other weblogs. For instance, at this moment, my extension is as simple as:

<?php
/*
Plugin Name: WPHC Extension
Plugin URI: https://www.geeklab.info/2010/04/wordpress-spam-filtering/
Description:
Author: GeekLab.info
Version: 1.0
Author URI: https://www.geeklab.info
License: GPL
*/
function wphc_jskey_ext($js){
for($i = 0; $i < count($js); $i++)
$js[$i]--;
return $js;
}
function wphc_getjs_ext($in){
return preg_replace(';//WPHC2;','wphc_data[i]=wphc_data[i]+1;',$in);
}
add_filter('wphc_jskey', 'wphc_jskey_ext');
add_filter('wphc_getjs', 'wphc_getjs_ext');
?>

You may use substraction, addition, xor, byte-swapping or any other method you like to improve security. The security is not so much what is done to the key, but that the routine is slightly different from other blogs.

Changes to WP Hashcash required for this to work:
Patch file (only changes)
Whole file

© GeekLabInfo WordPress spam filtering: improved. is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...