While writing a plug-in for WordPress recently I came across a very strange error message:
Are you sure you want to do this?
Now my initial reaction was “Well yes, I do want to do this!”. Unfortunately that wasn’t an option. It just told me to try again… same message… ad nauseam. What I was actually trying to do was pass some form information from the plug-in dashboard panel to the plug-in tables in the database.
After searching the web for a while and not having much luck I decided to ‘view source’ on the Quickpress widget which was doing a similar function. I noticed these two hidden inputs:
After a brief search in google about ‘Cryptographic nonce‘ it occurred to me that’s what was missing. A vital security feature that WordPress uses to validate that the form information came from the current site rather than an external source. Very clever, but quite frustrating if you don’t know about it.
Adding the following to the form code fixed the issue.
Simple when you know about it! The ‘wp_nonce_field‘ function is documented in the WordPress codex.
Update: Just to make it a bit clearer I added the code to the plug-in file that was generating my form. So for example:
1 2 3 4 5 6 7 8
<form name="our_form" method="post" action="http://oururl.com/action"> <?php if(function_exists('wp_nonce_field')){ $content.= wp_nonce_field('hidden_input_name_here'); } ?>
<!-- Other relevent code for the generated form -->
</form>
The hidden inputs are inserted into the form allowing WordPress to validate where the request came from.
While testing a WordPress theme in various browsers (IE) I noticed a strange issue that was occurring in IE6, but fine in IE7+. After a little head scratching I realised IE6 doesn’t recognise the abbreviation(abbr) tag. I’d never noticed before as I very rarely use the tag.
As a quick fix you could edit your theme:
1 2 3 4 5 6 7
<!-- From --> <abbr>Abbreviation here</abbr>
<!-- To --> <abbr> <span>Abbreviation here</span> </abbr>
Then apply any styles to the inner span rather than the abbr. Or if hard coding a span isn’t your thing you could always use a little bit of jQuery(1.2+) goodness to add the spans for you:
I’ve been learning Processing on and off for three or four months now since i started reading ‘Learning Processing‘ by Daniel Shiffman. A great book that makes learning easy and fun. One thing that frustrated me from the start was Processing’s own IDE (Integrated Development Environment).
The default Processing GUI (Windows)
Now there’s nothing wrong with PDE, it’s just quite limited. Having come from Aptana (and before that Eclipse) it’s missing quite a few features I’m used too. The main two being code complete and line numbers (Your current line number is displayed in the bottom left, but that’s it). Lucky it is possible to use either Aptana or Eclipse (since Aptana is a modivied version of Eclipse) to program Processing.
The Processing website has a great step by step tutorial on how to do this ‘Processing in Eclipse‘.
Aptana and Processing in harmony
Once complete you have all the features of the Eclipse IDE, including auto complete and line numbers (yay!). It will be a shame to not have all the code examples from PDE, but it’s always possible to copy and paste where needed.
The two highlights for me were the very entertaining talk on ‘Optimising where it hurts’ by Jake Archibold and a great introduction to node.js by Simon Willison. It was quite a technical talk and after a long day of listening to various people present it did make my brain hurt a little. I’ve added node.js to the ‘TODO’ list of things to look at… eventually.
Hopefully there will be another Full Frontal in 2010, if there is I’ll be going again.
It’s always interesting running ySlow on a website you are working on, getting that ‘warm fuzzy feeling’ when you finally get that ‘A’. I noticed while using it on nooshu that jQuery was being included twice. Version 1.4 by me in the footer.php and version 1.3.2 being included by a plug-in (or WordPress itself). Not Good. The user gets an extra 40Kb download and an added HTTP request.
A quick way to fix this is to add this to your functions.php file (located in the theme directory). The admin section will still be able to use it’s own version of jQuery due to the if statement.
If you don’t have a functions.php file you can create a new one and paste that code inside. While in there you may also want to include this:
1
remove_action('wp_head','wp_generator');
That will remove your current WordPress version from your ‘head’ tag in your templates. Not a big issue but could be useful information to a malicious individual.
