Testing how long it takes to assign a variable versus assigning through WordPress’ apply_filters(). Filters are core to WordPress, but I haven’t yet looked at the total number of apply_filters() calls used throughout the code. The answer to this question is that calling a non-existing filter before assignment is about 21 times more costly than […]
An argument has erupted over the WordPress actions wp_enqueue_scripts and admin_enqueue_scripts vs. init. One of the points was about specificity, and how wp_enqueue_scripts and admin_enqueue_scripts can reduce ambiguity. I didn’t realize I had strong opinions on it until the issue was pressed, but it turns out I think wp_enqueue_scripts and admin_enqueue_scripts are unnecessary and unfortunate additions […]
I’ve been pretty aware of the risks of SQL injection and am militant about keeping my database interactions clean. Mark Jaquith today reminded me about the need to make sure my browser output is filtered through clean_url(), sanitize_url(), and attribute_escape(). Furthermore, we all need to remember current_user_can(), check_admin_referer(), and nonces.
Somewhere in the WordPress code extra slashes are being added to my query terms. I’ve turned GPC magic quotes off via a php_value magic_quotes_gpc 0 directive in the .htaccess file (we have far too much legacy code that nobody wants to touch to turn it off site-wide). And I know my code is doing one […]
An entry at the WordPress support forums gave me the list I needed. How do they work? “You can use [these] in a conditional to display certain stuff only on [certain] page[s], or to omit certain stuff on [those] page[s].” Here’s the list: is_404() is_archive() is_author() is_category() is_date() is_day() is_feed() is_home() is_month() is_new_day() is_page() is_search() […]