WordPress Functions 3.0

June 30, 2010 – 6:39 pm

A plugin searched 269 PHP files, of which 167 contained classes and functions, and found 168 classes and 3,856 functions.

WordPress version 3.0 has significant differences from earlier versions, perhaps most importantly, multisite support.

The PHP Classes and Functions of WordPress 3.0

* Note *
The list does not include any found in plugin or theme files as these will differ from blog to blog. Nor does it differentiate between "stand alone" functions and functions that are members of a class, such as the Snoopy functions.

If you know of any Core functions that are not in the list, please leave a comment so I can modify the regex used to find them.

Technorati Tags: , ,
By Mittineague | Posted in Uncategorized | Comments (0)

Error Reporting Plugin Release Candidate

February 10, 2010 – 2:47 am

The first version of the Error Reporting plugin became available in March of 2007. Since then there have been a few changes, most notably, the Ping Error with dashboard widget feature, and an Auto Delete of old error log files feature that has been added in response to Alex Kah's suggestion. And thanks to Frank's comment, a deprecated parameter has been replaced. It wouldn't do to have the Error Reporting plugin causing errors now would it?

Some known issues remain. With WordPress' switch to SimplePie, many E_STRICT errors are thrown as a result of WordPress maintaining support for PHP 4. In order to avoid Internal Server errors, the Error Reporting plugin does not handle any E_SRICT errors from the class-simplepie.php file. Until WordPress no longer supports PHP 4, this can not be changed.

Perhaps more troublesome is reading the log files under certain configuration settings. Because every error changes permissions to read from, and write to, the error log files, and then makes them secure, if an error occurs after the permissions have been set to "NOT secure" to allow reading, they still can't be accessed. This requires temporarily reconfiguring the Error Reporting plugin's settings so as to not include whatever is causing the error.

TO DO: Find some way to temporarily disable the Error Reporting plugin while the permissions are "NOT secure" and then restore the configuration when made "secure" or after a period of time.

Possible solution: Adding another option or two, i.e. "user's preferred settings" and / or "current settings" to hold configuration settings. This could be "set" by a plugin user and could then later be used to reset the settings after they have been changed.

Alex Kah also suggested that the Error Reporting plugin have a way to send email notifications to an address other than the blog's "admin_email" address. I am hesitant to make this too easy to do, as it would introduce the potential of sending many, many, many, many, many emails to a wrong email address. It's one thing to accidentally flood your own inbox, quite another to flood someone else's. Not to mention sending information about your blog that may create a security risk.

TO DO: Seriously consider adding a "send email notifications to" feature.

Possible solution: As it is now, the plugin can be hacked to hard code an email address in place of the "admin_email". This could be replaced with a CONSTANT that could be defined near the beginning of the script to make changes easier. Or an option could be added so hacking wouldn't be required.

Any comments regarding these issues, or other suggestions, are most welcome and will be greatly appreciated.

For more information please visit the Error Reporting Plugin page.
This post is for comments, suggestions etc. If you need support for the plugin
- please visit the Mittineague Forums (registration required to post).

Technorati Tags: , ,
By Mittineague | Posted in Scripting | Tagged , , | Comments (2)

WordPress Functions 2.9

December 26, 2009 – 5:55 pm

A plugin searched 252 PHP files, of which 161 contained classes and functions, and found 174 classes and 3,677 functions.

WordPress version 2.9 no longer has these 7 files:

wp-admin/edit-form-advanced.php
wp-admin/edit-link-form.php
wp-admin/edit-page-form.php
wp-admin/import/btt.php
wp-admin/import/jkw.php
wp-includes/gettext.php
wp-includes/streams.php

and now has these files:

wp-admin/includes/image-edit.php
wp-admin/includes/meta-boxes.php
wp-includes/class-json.php
wp-includes/class-oembed.php
wp-includes/default-embeds.php
wp-includes/meta.php
wp-includes/post-thumbnail-template.php

Many previously existing files have a new function or more. Several files no longer have a setDefaultPermissions function, and several others now have a _normalize_tag function.

Some of the files containing new functions include:
wp-includes/media.php which has another class and 25 more functions.
wp-includes/pomo/streams.php which has 2 more classes and 12 more functions.
wp-includes/pomo/translations.php which has another class and 11 more functions.
wp-includes/kses.php which has 4 more functions.

Also of interest is the replacement of SimplePie version 1.1.3 with SimplePie version 1.2, which has 4 more classes and 37 more functions than the previous version.

The PHP Classes and Functions of WordPress 2.9

* Note *
The list does not include any found in plugin or theme files as these will differ from blog to blog. Nor does it differentiate between "stand alone" functions and functions that are members of a class, such as the Snoopy functions.

If you know of any Core functions that are not in the list, please leave a comment so I can modify the regex used to find them.

Technorati Tags: , ,
By Mittineague | Posted in Scripting | Tagged , , | Comments (1)

DOING_AUTOSAVE E_WARNING

August 9, 2009 – 5:22 pm

The wp-includes/post.php file contains 4 error suppressors. The wp_save_post_revision function contains the line

if ( @constant( 'DOING_AUTOSAVE' ) )

When it is defined, it is when the wp-admin/admin-ajax.php file's _wp_ajax_delete_comment_response function defines it as boolean true. This is the only other place where the DOING_AUTOSAVE constant can be found within the WordPress core files.

Because I can see no reason why this couldn't be written as

if ( defined( 'DOING_AUTOSAVE' ) && constant( 'DOING_AUTOSAVE' ) )

I left a Trac Ticket, but as of yet, it is still unanswered.

UPDATE: As of WordPress 2.9 this E_WARNING error has been fixed. The line is now

if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
Technorati Tags: ,
By Mittineague | Posted in WordPress Core Errors | Tagged , | Comments (2)

WordPress and Suppressed Errors

August 3, 2009 – 3:59 pm

One of the errors found by the Error Reporting plugin was an E_WARNING thrown by the constant() function. Upon investigation, it was discovered that the core file had the function call prefixed with the "@" error control operator. The log file also contained a few database function errors. The corresponding lines for those were found to have the error control operator prefixed to the calls as well.

Curious, I decided to see just how often error suppression was used in WordPress core files. After what proved to be a tedious undertaking, the error control operator was found in 53 files, including 26 under the wp-admin folder, and occurred anywhere from only once up to 146 times per file. No doubt, as the search was not thorough, some were not found.

What does the PHP documentation have to say? From Error Control Operators:

Warning
Currently the "@" error-control operator prefix will even disable error reporting for critical errors that will terminate script execution. Among other things, this means that if you use "@" to suppress errors from a certain function and either it isn't available or has been mistyped, the script will die right there with no indication as to why.

I imagine that if any of the core files caused such an event, there would be a large number of "I get a blank screen" complaints almost as soon as a version was released. Still, the number of variables, objects, PHP functions and WordPress functions is quite extensive.

I agree that it is better to suppress errors than to show them in a live blog. They would only confuse most visitors, and there's no need to help the script kiddies. And I also agree that although it might be preferrable to deal with errors in a better fashion, it is not always possible, especially as WordPress still supports PHP version 4. Yet, I can't help but think that in some cases at least, the code could be written differently without the need to suppress an error. I also have mixed feelings about the use of them in files under the wp-admin folder. On the one hand, presumably only an authorized admin would see them, and could benefit from seeing them, if and when they happened. On the other hand, every level of security, even by obscurity, is a good thing.

@$_GET['attachment_id']
@$_GET['m']
@$_GET['p']
@$_GET['page_id']
@$_POST['_page']
@$_POST['_per_page']
@$_POST['_total']
@$_POST['_url']
@$call['class']
@$datefunc
@$desc
@$fd
@$kellogs
@$mail
@$phpmailer->Send
@$widgets['dashboard_incoming_links']
@$widgets['dashboard_secondary']
@chdir
@chgrp
@chmod
@chown
@closedir
@constant
@copy
@count
@crc32
@date_default_timezone_set
@define
@dir
@dl
@each
@error_log
@exif_read_data
@extract
@fclose
@fetch_feed
@fflush
@fgets
@file
@file_exists
@file_get_contents
@fileatime
@filegroup
@filemtime
@fileowner
@fileperms
@filesize
@fopen
@fputs
@fread
@fseek
@fsockopen
@ftell
@ftp_chdir
@ftp_chmod
@ftp_connect
@ftp_delete
@ftp_fget
@ftp_fput
@ftp_login
@ftp_pasv
@ftp_pwd
@ftp_rawlist
@ftp_rmdir
@ftp_site
@ftp_ssl_connect
@func_get_arg
@func_num_args
@fwrite
@get_magic_quotes_runtime
@getcwd
@gethostbyaddr
@gethostbyname
@getimagesize
@gzclose
@gzdeflate
@gzinflate
@gzopen
@gzputs
@gzread
@gzwrite
@header
@html_entity_decode
@htmlspecialchars
@http_chunked_decode
@http_request
@iconv
@include
@include_once
@ini_get
@ini_set
@is_dir
@is_file
@is_link
@is_readable
@is_uploaded_file
@is_writable
@isset
@mb_convert_encoding
@mb_internal_encoding
@mkdir
@mktime
@move_uploaded_file
@mysql_connect
@mysql_fetch_field
@mysql_fetch_object
@mysql_free_result
@mysql_num_fields
@mysql_query
@mysql_select_db
@ob_end_flush
@opendir
@openssl_pkcs7_sign
@parse_url
@preg_match
@readdir
@rename
@rewind
@rmdir
@set_magic_quotes_runtime
@set_time_limit
@socket_bind
@socket_close
@socket_connect
@socket_create
@socket_getsockname
@socket_listen
@socket_read
@socket_set_option
@socket_write
@ssh2_auth_password
@ssh2_auth_pubkey_file
@ssh2_connect
@ssh2_sftp_rename
@stat
@stream_set_timeout
@strpos
@substr
@touch
@unlink
@unpack
@unserialize
@vsprintf
@wp_mail
@wp_read_image_metadata
@xml_parser_create
Technorati Tags: ,
By Mittineague | Posted in WordPress Core Errors | Tagged , | Comments (2)