Plugins Updated For WordPress 4.2

WordPress With the update of WordPress to version 4.2 I have re-tested all of my plugins against this version and updated the tested against version number accordingly.

All azurecurve plugins are working against WordPress 4.2 and are available for download from the WordPress.org Plugin Directory.

Anatomy Of A WordPress Plugin: Adding Admin Submenus For Options Pages

WordPressI have not yet written a plugin for WordPress that is complex enough to require the settings to be broken down over multiple pages in the Admin area, but this is something that is possible to do fairly easily.

In the last post we covered adding a link on the menu using the add_options_page function.

This function works for a single options page, but this function doesn’t work for submenus.

Instead we need to use add_menu_page to add the top level menu and add_submenu_page.

As with add_options_page, these functions are called using the add_action function with the admin_menu hook to call a custom function.

The code below shows the two functions being called for a mocked up example:

add_action("admin_menu", "azc_create_menus");

function azc_create_menus() {
    add_menu_page( "azurecurve Menu"
			, "azurecurve Menu"
			, 0
			, "azurecurve-menu-slug"
			, "azurecurveMenuPageFunction"
			, plugins_url( '/images/favicon.ico', __FILE__ ) );
    
	add_submenu_page( "azurecurve-menu-slug"
			, "azurecurve Submenu"
			, "azurecurve Submenu"
			, 0
			, "azurecurve-submenu-slug"
			, "azurecurveSubmenuPageFunction" );
}

Continue reading

Anatomy Of A WordPress Plugin: Adding Admin Menu For Options Page

WordPressAll but the most simple of WordPress plugins will require an options page in the Admin area which will need to be made accessible to the admin users. The main way this would be done is to add an entry to the admin menu.

This is done using the add_action function with the admin_menu hook to call a custom function.

This custom function then uses the add_options_page function to add the options page to the Settings menu.

The code below is from my RSS Suffix plugin where a menu option called azurecurve RSS Suffix is calling a function called azc_rss_config_page:

add_action( 'admin_menu', 'azc_rss_settings_menu' );

function azc_rss_settings_menu() {
	add_options_page( 'azurecurve RSS Suffix'
						,'azurecurve RSS Suffix'
						,'manage_options'
						,'azurecurve-rss-suffix'
						, 'azc_rss_config_page' );
}

Continue reading

Avoiding The Critical Issue Found In 600,000+ Download Plugin

WordPressHaving recently started doing development of WordPress I am tending to read a fair number of posts and news stories on it. One of the stories from a couple of weeks ago was about a critical security issue in the Custom Contact Forms plugin.

From what I have read, the security issue likely stemmed from a misunderstanding of the is_admin() function. On the surface is_admin() looks like it could be used to see if the user is an admin and can therefore change settings on the plugin; however, is_admin() is really intended for checking to see if the page being displayed is in the admin area.

When I am writing plugins, I use a lot of different resources, from the WordPress Function Reference to a couple of WordPress books and the results of online searches. However, when I do find an example somewhere I will use the Function Reference to ensure it does what I think it does.

I’ll admit when I read this story the first thing I did was to check my plugins and make sure I hadn’t made the same error. Fortunately, looking back at my code is_admin() was not a function I have used. To check if the user had permissions to change settings I am doing the following:


	if ( !current_user_can( 'manage_options' ) ){
		wp_die( 'Not allowed' );
	}

The current_user_can function is used to determine what rights the user has. In the example above, I’m checking for manage_options which when the function returns true means the user has permissions to maintain the WordPress options; if the function returns false then wp_die() is called to stop all further processing ()within the brackets you pleace the message which should be displayed to the user.

Anatomy Of A WordPress Plugin: Shortcode Extract Of Parameters

WordPressIn my last post I discussed adding a shortcode to the plugin and covered how to extract the parameters passed into the function from the shortcode.

There is one variation to this example which it is probably worth mentioning. In the last post I showed that the width parameter could be extracted using the following code:

extract(shortcode_atts(array(
		'width' => '75%'
	), $atts));

This extracts the parameter so it can be used as $width; if multiple parameters were extracted then they would all be used in a similar way.

However, you can also extract the parameters into an array for use:

$parameters = shortcode_atts(array(
		'width' => '75%'
	), $atts);

This would make the width parameter available by referencing the array:

return $parameters['width']};

I typically use the former approach, but using the latter would make it more readily apparent when the variables being used had been passed in from the shortcode or set within the function.

Click to show/hide the Anatomy Of A WordPress Plugin Series Index

Anatomy Of A WordPress Plugin: Adding A Shortcode

WordPressAdditional functionality can be added to posts and pages through the use of shortcodes. Up to now I have created and published six plugins of which two thirds use a shortcode to add easy-to-use additional functionality.

For example the Series Index plugin uses a [series-index] shortcode to display the series index for the posts. To use a shortcode, it first needs to be added and then the function itself which does the action specified by the shortcode is created.

A shortcode is added using the add_shortcode() function:

add_shortcode( $tag, $function );

The structure of the function call is:

  • $tag – the shortcode tag is searched for in the post or page and will be replaced with the return of the $function.
  • $function – is the hook called when the tag is found in the post or page.

In the Series Index plugin, the add_shortcode() call looks like this:

add_shortcode( 'series-index', 'azc_display_series_index' );

The tag series-index causes the plugin to look for [series-index] in a post and page and then call the function azc_display_series_index to perform the required action.

Which segues us nicely into the second part of required code which is the function which executes the shortcode. At the simplest level the function needs the following:

function shortcode_function( $atts ){
	return "shortcode output";
}

$atts are the attributes passed in via the shortcode with the return line passing back the content which will replace the shortcode.

The Series Index plugin was created to take a number of parameters. This would be done by expanding the [series-index] shortcode to include them. For example, one of the parameters is the width; if we wanted the series index to be 80% of the width of the containing div, this would be added by adding width=’80%’ to the shortcode:

[series-index width='80%']

The atributes can be extracted from the $atts using the following code:

extract(shortcode_atts(array(
		'width' => '75%'
	), $atts));

This code extracts the $width parameter from the $atts and also sets a default of 75% if the width parameter is not supplied.

After the parameters have been extracted they can be used in the function to generate any output required. The Series Index function is a bit longer and more complex than I want to post here. So instead below is a section of the shortcodes function with several parameters being passed in:

function azc_display_series_index($atts, $content = null) {
	extract(shortcode_atts(array(
		'title' => "",
		'replace' => "",
		'width' => '75%,
		'toggle' => 1,
		'heading' => ""
	), $atts));
	
	{code excised for brevity}
	
	return $output;
}

The code which uses the parameters and sets the output has been excised for purposes of brevity.

Click to show/hide the Anatomy Of A WordPress Plugin Series Index

Anatomy Of A WordPress Plugin: Loading CSS & JavaScript Together

WordPressIn the last couple of posts in this series I’ve taken a look at using wp_enqueue_scripts to load the CSS and JavaScript files.

In those examples, the CSS and JavaScript were loaded via different functions. However, we could use add_action to call one function to load both the CSS and JavaScript.

If I were to amend the Floating Featured Image plugin to load the CSS and JavaScript in one function it would look like the following:

add_action('wp_enqueue_scripts', 'azc_ffi_load_css_and_javascript');

function azc_ffi_load_css_and_javascript(){
	wp_enqueue_script( 'azurecurve-series-index', plugins_url('jquery.js', __FILE__), array('jquery') );
	wp_enqueue_style( 'azurecurve-floating-featured-image', plugins_url( 'style.css', __FILE__ ) );
}

We use the add_action to call the azc_ffi_load_css_and_javascript function which now contains both wp_enqueue_script and wp_enqueue_style calls.

This isn’t necessary, as we could continue using separate add_action calls, but it does reduce the number of calls to wp_enqueue_scripts and the number lines of code required without adding any real complexity.

Click to show/hide the Anatomy Of A WordPress Plugin Series Index