• Do all the running all the logic server side, which means caching is no longer possible via a proxy server.
• Rendering the new content under the same domain. In essence restructuring an entire sites markup and outputting the new content. This could be seen as duplication within the same product.
• Use static formulas for user agent detection.

Let’s take a look at the reasons I think these are mistakes.

First, running the logic on the server side produces an outcome…if that outcome is cached then someone else will see that outcome even if it doesn’t fit their situation. This means you can’t cache from an external server, it has to be done at the object level within WordPress. Which may not be ideal given that WordPress is using MySQL and in some cases, Apache which can only handle a (relatively) small load.

For high traffic sites, caching is a must.

Rendering a completely new layout for a specific use case and not changing the location seems like a horrible idea. Consider every domain a product, self contained with a primary subject. If you change the product on the fly without letting search engines know that the context has changed you will no doubt be shooting yourself in the foot. It’s best to use a subdomain, subfolder or some identifier to declare “Yo dawg, we’re showing the mobile view.”

You wouldn’t show your site mydomain.com with one layout and then if google reader hits it, completely change how it displays right? If you said “Yeah, why not?”, then slap yourself. You should redirect them to an RSS feed or a path that’s dedicated to handling that rendered view.

Context matters and so does location.

Lastly, many people use bloated static regular expressions for determining whether or not the UserAgent of the browser is, in fact, mobile. Which means, as new mobile devices hit the market OR as users of those mobile devices install new browsers, the owner of the plugin will need to continuously send out updates to his previous formula in order to keep up.

That’s AWESOME! That’s like every time someone updates their status on Facebook, an employee has to go in and manually add the new status to each of their friends page! If they don’t have time to do it, the user can just suck it up!

Constantly evolving data should not be encapsulated within a plugin. It should be a service.

So what did we do? Well we did some digging and found the guys over at www.handsetdetection.com

We did the trial, liked what we saw and started playing with it.

We decided to host a server dedicated to rendering mobile views and just send mobile users to that server whilst providing them a way to get back to the main site.

Here’s some Javascript that I wrote up to do that:

(function () {'use strict'; var head, script, siteid, domain, internal, mobilesite; siteid = 123456; domain = new RegExp('mydomain.com', 'i'); mobilesite = 'http://m.mydomain.com'; head = document.getElementsByTagName('head')[0]; script = document.createElement('script'); internal = document.referrer.search(domain); script.type = 'text/javascript'; script.src = 'http://api.handsetdetection.com/sites/js/' + siteid + '.js'; if (internal === -1) {head.appendChild(script); }script.onload = function () {if (HandsetDetection.ismobile === true) {document.location = mobilesite; }}; }());

So basically what this does is after putting in the main sites url, the mobile url and the ID for the mobile detection script, it checks if the user is coming from an internal page (it treats the mobile view as an internal page) and if they are, it doesn’t try to redirect them to the mobile view. But if they come directly to the site or from a search engine, or other, it will shoot them over to mobile. Then at the bottom of the mobile view they can click the View Full Site link to get back to the main domain.

In order to not bloat our API requests, because there is a quota, we decided to only load the Javascript file if it was needed. So the script sees that it will need the Javascript file and appends it to the sites head element. Then after the external script is loaded, it runs through and if the site is mobile it redirects.

It was short, sweet and simple – a bit of fun.

Here’s a link to the gist if you need something to play with: https://gist.github.com/1245942

The folks over at Smashing Magazine put out quite a bit of quality content.

Today I decided to get back into the flow of reading at least an article a day. They posted an article from Richard Shepherd covering the CSS3 Flexible Box concept. A worthwhile read, and as I was doing such it occurred to me I should start posting some of the worthwhile reads and sending users who are interested in learning over to their site

The flexible box layout module?—?or “flexbox,” to use its popular nickname?—?is an interesting part of the W3C Working Draft. The flexbox specification is still a draft and subject to change, so keep your eyes on the W3C, but it is part of a new arsenal of properties that will revolutionize how we lay out pages. At least it will be when cross-browser support catches up.

In the meantime, we can experiment with flexbox and even use it on production websites where fallbacks will still render the page correctly. It may be a little while until we consider it as mainstream as, say, border-radius, but our job is to investigate new technologies and use them where possible. That said, when it comes to something as fundamental as page layout, we need to tread carefully.

CSS3 Flexible Box Layout Explained by Richard Shepherd

Catch the rest of the article here!

Like the Goddamn Batman, my services are required yet again.

It’s plugin judgment day!

Sometimes users need to use HTML/CSS/Javascript in pages or posts. While this is no doubt going to produce quality worse than the anything containing Kyra Sedgwick (seriously this will RUIN your acting career), sometimes people need to do what they need to do.

The plugin in the spotlight today: Raw HTML Snippets

What does this slice of evil do?

Create a library of raw HTML snippets that you can easily insert into any page/post content using a shortcode:

[raw_html_snippet id="my-snippet"]

Snippets consist of a unique ID (e.g. “my-snippet”) and raw HTML code. This plugin was written to stop using hacks that override WordPress’ core content filters and affect shortcode output.

This plugin will NOT taint your content or the output of other shortcodes. If you delete a snippet, any existing shortcodes with that snipet’s ID will output an empty string.

Remember, this allows you to output raw HTML. Use at your own risk. It will not check for malicious HTML/CSS/Javascript!
Raw HTML Snippets

Please note that warning at the bottom. It’s important and the author is doing you a favor by reminding you of this fact.

The Review

The Walkthrough

This plugin is pretty new, created on the 11th of May of this year, so as of this post, only a few months old.

No reported problems, just feature requests – so it’s hard to gauge if it’s actively maintained or if it’s already collecting dust.

No activation errors.

Settings page at: /wp-admin/options-general.php?page=raw-html-snippets

Options Page

To use this plugin:

• Go to the settings and add a snippet. There’s a handy dandy “Add a New Raw HTML Snippet” button.
• After you are done, go back to that settings page and it will give you the shortcode you need to use.
• Find a page or post and just inject the shortcode into the post where ever you want to.

I tried the following:

<div style="font-weight:bold; color:red;"> OMGWTFBBQ! </div> <script type="text/javascript"> alert('all your base are belong to us'); </script>

It works!

The Basics

• +1 Point: The author appears to be actively supporting the plugin, as far as I can tell.
• +1 Point: There were no notices/warnings produced from the plugin.
• +1 Point: Does what it said it would do.
• +1 Point: Appears to be as well documented.

The Code

• -1 Point: Going to dock it on this, even though it’s a VERY small plugin (240 lines) -> Uses prefixed functions instead of objects. But it is a documented practice.
  

  Clearly, the class method is very clean. You can name methods after hooks and action verbs, working within that namespace as if it is a blank slate (because it is). Classes are very helpful in WordPress plugins even if you are not using object-oriented concepts.

  At one plugin competition … multiple plugins by the same author could not even be run on the same blog, since they conflicted with each other. Don’t do that. If you have the same function in two different plugins, consider wrapping both in a function_exists check, that way both plugins can use whichever is defined first. Some do that with every function or class they define, just as a precaution. Fatal core errors from redefinition of functions will take a blog down real quick.

  Andrew Nacin

• +1 Point: Conforms to the WordPress coding standards for formatting: WordPress Coding Standards: Indentation
• +1 Point: Code quality seems to be decent (aside from prefixed functions) and is easy to follow.
• +/-1 Point: The code is trusting all user input. The author DID warn you. So if your site get’s infiltrated like some epic nerdy espionage, that’s YOUR FAULT!
• +1 Point: No deprecated calls were made!

The Results

Passed!

• The Basics: +4 Points
• The Code: +3 Points

Total: +7 Points

I love high scoring plugins!

This one is simple, does it’s job of making your site customizable and insecure. Which is what we wanted!

If you need to use a plugin to do such a thing, I recommend this one. If you’re going to be evil, at least do it well

With respects to the author and the WordPress community, these are my opinions and my thoughts – in no way is the review a personal matter – never take it personally. I also have and do make mistakes when it comes to the readability of code and security, but that’s why we use version control, refactor and so on.

Sterling Hamilton

Today I’ll be reviewing the Members plugin.

Description:

Members is a plugin that extends your control over your blog. It’s a user, role, and content management plugin that was created to make WordPress a more powerful CMS.

The foundation of the plugin is its extensive role and capability management system. This is the backbone of all the current features and planned future features.

Members

Let’s get this show on the road!

The Review

The Walkthrough

Actively maintained – so that’s cool: Last Updated: 2011-6-13

No activation errors.

Settings page at: /wp-admin/options-general.php?page=members-settings

Settings Page

“Your roles and capabilities will not revert back to their earlier settings after deactivating or uninstalling this plugin, so use this feature wisely.” -> But it’s enabled by default? WTF?

To use this plugin:

• Go to WordPress’ default post: /wp-admin/post.php?post=2&action=edit
• Set the restrict checkbox to ‘Administrator’ then click update.
• Create new user as subscriber – login as that new user.
• Try to go to page: http://subdomain.wordpress.local/?page_id=2

We get: Sorry, but you do not have permission to view this content.

Logout and see if the public can view it: Nope.

Log back in as administrator and we can see the page!

Restricted Page!

Success! It works!

You can add roles!

Wordpress Plugin: Members - Roles

Things that you may not think you are able to restrict:

• Media Uploads
• Links
• Comments
• Themes
• Plugins
• Widgets
• Categories
• Tags
• Administrator Screens

Things you can restrict specifically:

• Pages
• Posts

How to restrict most of those things you thought you couldn’t:

• Role Capabilities: which may or may not allow you to restrict most of the items listed above.

I really hate that there are 50 checkboxes and the only way to go through them is to select them one by one. It would be cool to either clone off a previous role or have a select all button. Just something to save time. Not worth losing a point over.

Users cannot belong to multiple roles.

Changing the roles took a second or two to find:

Change Roles

Based on the comment “Your roles and capabilities will not revert back” it seems like that when the plugin is deactivated…it litters the database.

I’ll check that out… yep it litters the database and doesn’t clean up after itself! FOR SHAME!

The functionality of everything goes back to being public – but the data is not as it was. My recommendation to the author is that if your plugin changes data and it’s easy to undo that (which in this case it is) then you should clean up after yourself when being removed.

No blatant errors:

$ find . -name '*.php' -exec php -l {} \; No syntax errors detected in ./admin/admin.php No syntax errors detected in ./admin/meta-box-plugin-settings.php No syntax errors detected in ./admin/meta-box-post-content-permissions.php No syntax errors detected in ./admin/role-edit.php No syntax errors detected in ./admin/role-new.php No syntax errors detected in ./admin/roles-list-table.php No syntax errors detected in ./admin/roles.php No syntax errors detected in ./admin/settings.php No syntax errors detected in ./includes/admin-bar.php No syntax errors detected in ./includes/capabilities.php No syntax errors detected in ./includes/comments.php No syntax errors detected in ./includes/content-permissions.php No syntax errors detected in ./includes/deprecated.php No syntax errors detected in ./includes/functions.php No syntax errors detected in ./includes/private-site.php No syntax errors detected in ./includes/shortcodes.php No syntax errors detected in ./includes/template.php No syntax errors detected in ./includes/update.php No syntax errors detected in ./includes/widget-login-form.php No syntax errors detected in ./includes/widget-users.php No syntax errors detected in ./includes/widgets.php No syntax errors detected in ./members.php

The Basics

• +1 Point: The author appears to be actively supporting the plugin.
• +1 Point: There were no notices/warnings produced from the plugin.
• +1 Point: Does what it said it would do.
• +1 Point: Appears to be as well documented as it needs to be.

The Code

• -1 Point: Uses prefixed functions instead of objects. Also does not check to see if functions exist. This make it easier to have bad interactions with other plugins. I do not recommend it – especially in this case where the prefix is ‘member’. But it is a documented practice.
  

  Clearly, the class method is very clean. You can name methods after hooks and action verbs, working within that namespace as if it is a blank slate (because it is). Classes are very helpful in WordPress plugins even if you are not using object-oriented concepts.

  At one plugin competition … multiple plugins by the same author could not even be run on the same blog, since they conflicted with each other. Don’t do that. If you have the same function in two different plugins, consider wrapping both in a function_exists check, that way both plugins can use whichever is defined first. Some do that with every function or class they define, just as a precaution. Fatal core errors from redefinition of functions will take a blog down real quick.

  Andrew Nacin

• +1 Point: Conforms to the WordPress coding standards for formatting: WordPress Coding Standards: Indentation
• +1 Point: Code quality seems to be decent (aside from prefixed functions) and is easy to follow.
• -1 Point: The code is trusting all user input. It’s not making any attempts to sanitize the data. Never trust the user (yes – even in the administration area): Andrew Nacin: WordCamp Seattle
• +1 Point: No deprecated calls were made!
• -1 Point: The plugin litters the database. EVILLL!!!

The Results

Passed!

• The Basics: +4 Points
• The Code: +1 Points

Total: +5 Points

The plugin adds some basic functionality to sites that need more than the built in role capability from WordPress.

It does do some dirty thing like the prefixed function names and database littering. But other than that it seems pretty solid.

Check it out and let me know if you find anything worth mentioning!

With respects to the author and the WordPress community, these are my opinions and my thoughts – in no way is the review a personal matter – never take it personally. I also have and do make mistakes when it comes to the readability of code and security, but that’s why we use version control, refactor and so on.

Sterling Hamilton

Today I decided to update an old script that I had been using.

Time to bring on the Ruby goodness!

Note: I updated the repository with the latest stuff.

It makes some assumptions. It has a hard coded default remote name of “origin” since that seems to be the most common. It also assumes that you want to pull all branches.

If any of these things are not true, feel free to alter the script to fit your needs.

Here’s what it ends up looking like:

Repository Updating Ruby Script

Here’s the code:

#!/usr/bin/env ruby require 'rubygems' require 'colored' require 'fileutils' old_pwd = `pwd` default_remote = 'origin' $highlight = '# '.magenta_on_black def do_pull( repository = nil )if repository.nil? target = 'Pulling: '.cyan.bold + `git remote -v | grep fetch`.white_on_black.bold puts target.sub( "\t" , ' -> ' ).sub( '(fetch)' , '' ).strip puts $highlight + `git pull` + "\n" else target = 'Pulling: '.cyan.bold + `git remote -v | grep #{repository} | grep fetch`.white_on_black.bold puts target.sub( "\t" , ' -> ' ).sub( '(fetch)' , '' ).strip puts $highlight + `git pull #{repository}` + "\n" end end ARGV.each do|path| puts $highlight + "Checking given path.,,".white_on_black if File.directory?( path )puts $highlight + '[ SUCCESS ]'.green_on_black + ' ' + path.bold.white_on_black + "\n\n" FileUtils.cd path `find . -maxdepth 1 -mindepth 1 -type d`.each do |repository| repository = path.to_s.strip + repository.to_s.strip repository = repository.gsub( /.*\// , '' ).strip puts $highlight + "Checking: #{repository}".white_on_black FileUtils.cd repository remotes = `git remote` if remotes.include? default_remote do_pull default_remote else case remotes.to_a.count when 1do_pull when 0puts '[ FAIL ] '.red_on_black.bold + "Unable to locate any remote branches.\n".white_on_black.bold else puts "Default Remote \"#{default_remote}\" not detected. Too many alternative remotes to pull automatically.\n".white_on_black.bold end end FileUtils.cd old_pwd.strip end puts $highlight + "Do work son!\n".green.bold else puts '[ FAIL ] '.red_on_black.bold + "You must include a path containing repositories! #{path}".white_on_black.bold end end

It may not be as efficient or as clever as it should be, but it does work.

Please let me know if you see any room for improvement!

Under the hood there have been a number of improvements, not the least of which is the streamlining enabled by our previously announced plan of retiring support for PHP4, older versions of MySQL, and legacy browsers like IE6, which allows us to take advantage of more features enabled by new technologies.

Matt Mullenweg

Aside from those major anouncements, I’ve been actively using WordPress 3.2 for weeks now and it’s awesome. I like the UI enhancements as well as the new distraction-free writing mode.

Here’s a glimps into some of the latest and greatest from the WordPress dev team.

The focus for this release was making WordPress faster and lighter. The first thing you’ll notice when you log in to 3.2 is a refreshed dashboard design that tightens the typography, design, and code behind the admin. (Rhapsody in Grey?) If you’re starting a new blog, you’ll also appreciate the fully HTML5 new Twenty Eleven theme, fulfilling our plan to replace the default theme every year. Start writing your first post in our redesigned post editor and venture to the full-screen button in the editing toolbar to enter the new distraction-free writing or zen mode, my personal favorite feature of the release. All of the widgets, menus, buttons, and interface elements fade away to allow you to compose and edit your thoughts in a completely clean environment conducive to writing, but when your mouse strays to the top of the screen your most-used shortcuts are right there where you need them. (I like to press F11 to take my browser full-screen, getting rid of even the OS chrome.)

Matt Mullenweg

Head on over to wordpress.org to see the full article.

The code is much smaller and concise, I pulled the original source form stackoverflow:

#!/usr/bin/ruby def colorize(text, color_code) "\e[#{color_code}m#{text}\e[0m" end def red(text); colorize(text, 31); end def green(text); colorize(text, 32); end # Actual example puts 'Importing categories [ ' + green('DONE') + ' ]' puts 'Importing tags [' + red('FAILED') + ']'

But this is a bit primitive.

Alternatively you can use this gem, which is much cleaner and in my opinion, more ruby-ish.

#!/usr/bin/ruby require 'rubygems' require 'colored' puts "This is some red text: " + "OMG it's SO RED!".red

Example output using the Colored Gem

For more information on the Colored Gem, see its documentation. You can also view their repository.

Prefatory

Like a sweet twitching energy drink induced digital coma, I’ve been trippin balls the entire day with the plugin reviews!

I have had a few requests today – so this will probably be the last – then … MOAR CODING!

Now I’m reviewing Iframe Embedder!

Developer Note: I hate iFrames with a BURNING passion. Sometimes they are needed, but when all parties involved have done things properly – this is not the case.

Iframe Embedder lets you embed an iframe in a post by typing [iframe http://server/page.htm 100% 200px]

You can use % or px as units for width and height. If you omit unit- it will default to px. You cannot omit width and height values. You can use relative paths.

Iframe Embedder

The Review

The Walkthrough

It turns the plugin on or it gets the hose again!

No errors, no warnings and no deprecated calls. Yet another “oh so fine” plugin.

The options page is very simple. So let's move on to using the plugin.

[iframe http://google.com 800px 200px]

I hate attributes without context. I’d prefer this:

[iframe src="http://google.com" width="800px" height="200px"]

But, that is just a preference and they won’t lose points for it!

Yay it works!

That’s all to the plugin!

Check the code!

find . -name '*.php' -exec php -l {} \; No syntax errors detected in ./embedder.php

No blatant errors.

The code itself is prefixed functions, sloppy and hard to read.

The Basics

• -1 Point: The author does not seem to be actively supporting the plugin.
• +1 Point: There were no notices/warnings produced from the plugin.
• +1 Point: Does what it said it would do.
• +1 Point: Appears to be as well documented as it needs to be.

The Code

• -1 Point: Uses prefixed functions instead of objects. Also does not check to see if functions exist. This make it easier to have bad interactions with other plugins. I do not recommend it. But it is a documented practice.
  

  Clearly, the class method is very clean. You can name methods after hooks and action verbs, working within that namespace as if it is a blank slate (because it is). Classes are very helpful in WordPress plugins even if you are not using object-oriented concepts.

  At one plugin competition … multiple plugins by the same author could not even be run on the same blog, since they conflicted with each other. Don’t do that. If you have the same function in two different plugins, consider wrapping both in a function_exists check, that way both plugins can use whichever is defined first. Some do that with every function or class they define, just as a precaution. Fatal core errors from redefinition of functions will take a blog down real quick.

  Andrew Nacin

• -1 Point: Does not conform to the WordPress coding standards for formatting: WordPress Coding Standards: Indentation
• -1 Point: Code quality is lacking. It’s messy and hard to follow. Unnecessarily. It’s very “scripty”.
• -1 Point: The code is trusting all user input. It’s not making any attempts to sanitize the data. Never trust the user (yes – even in the administration area): Andrew Nacin: WordCamp Seattle
• +1 Point: No deprecated calls were made!

The Results

Failed!

• The Basics: +2 Points
• The Code: -3 Points

Total: -1 Points

An old plugin encouraging evil. EEEEEVVVIIIILLLL!!!

My personal prejudices aside, the plugin does what it says to do without making PHP or WordPress barf. The code on the other hand and having to deal with iFrames did not save me from such a fate though. If you absolutely need iFrame, you could use this plugin.

But I strongly recommend looking into ways around it. Injecting 3rd party/external content into posts/pages is a HUGE security whole and a bad practice in general. It hurts usability and impacts how search engines crawl your sight in a negative way.

With respects to the author and the WordPress community, these are my opinions and my thoughts – in no way is the review a personal matter – never take it personally. I also have and do make mistakes when it comes to the readability of code and security, but that’s why we use version control, refactor and so on.

Sterling Hamilton

This one will be pretty quick. The plugin author(s) did a great job on this one.

I’m reviewing MapPress Easy Google Maps

What is it?

MapPress adds an interactive map to the wordpress editing screens. When editing a post or page just enter any addresses you’d like to map.

The plugin will automatically insert a great-looking interactive map into your blog. Your readers can get directions right in your blog and you can even create custom HTML for the map markers (including pictures, links, etc.)!

MapPress Easy Google Maps

The Review

The Walkthrough

Once activated no error or warnings. No deprecated calls.

Go to settings page. There’s documentation! C0o0o0o0l. Upon looking at the documentation it is a little confusing.

Here’s the steps they have posted on how to use their plugin:

MapPress is easy to use. Basically, the steps are:

1. Edit the post or page and create a map
2. Add markers to your map
3. Optionally add the MapPress shortcode
4. Publish your post

MapPress Documentation

Then it explains how to make a map.

Here’s what I ended up doing.

MapPress Screenshot 2: Click to View Larger

• Grab a page or post.
• Below the content area there’s a new section called “MapPress”.
• Click New Map.
• Type in a location.
• Hit “Add”.
• Type in a title and some dimensions and hit “Save”.
• Then you can mouse over the newly saved map name and then click “insert into post” when it shows up.

MapPress Screenshot 3: Click to View Larger

Pretty good usability. But the options page stink! Poor layout

It shows up on the page, it’s fast and it works!

Let’s check the code!

Objects! Yay!

Not syntax errors! Yay!

find . -name '*.php' -exec php -l {} \; No syntax errors detected in ./mappress.php No syntax errors detected in ./mappress_api.php No syntax errors detected in ./mappress_updater.php

Included a core file, which I am very against – but it might be needed to accomplish what they need to.

./mappress.php:801: include_once(ABSPATH . WPINC . '/feed.php');

The Basics

• +1 Point: The author appears to still be actively supporting the plugin.
• +1 Point: There were no notices/warnings produced from the plugin.
• +1 Point: Does what it said it would do.
• +1 Point: Appears to be well documented, though a bit confusing in some areas, and it has an active support community.

The Code

• +1 Point: Uses classes! Yay!
• +1 Point: Conforms to the WordPress coding standards.
• +1 Point: Code quality is decent in most places and easy to read.
• -1 Point: The code is trusting all user input. It’s not making any attempts to sanitize the data. Never trust the user (yes – even in the administration area): Andrew Nacin: WordCamp Seattle
• +1 Point: No deprecated calls were made!

The Results

Passed!

• The Basics: +4 Points
• The Code: +3 Points

Total: +7 Points

A high score! Props to the developers. It looks like a good plugin that will only get better with time.

I recommend you check it out and if you get confused by the documentation or find a problem with the plugin, please let me know!

I got through a whole post without throwing a picture your way? WTF?

Here’s a kitten:

With respects to the author and the WordPress community, these are my opinions and my thoughts – in no way is the review a personal matter – never take it personally. I also have and do make mistakes when it comes to the readability of code and security, but that’s why we use version control, refactor and so on.

Sterling Hamilton