WORDPRESS and plugin
I just learning WORDPRESS a month recently, there are some aspects in WORDPRESS:
WORDPRESS theme
WORDPRESS security
SEO for WORDPRESS
WORDPRESS plugin
其中WORDPRESS plugin 应该是最麻烦的。它有太多的API,因此当你不了解WORDPRESS plugin的API时,there are too many difficulties in it.
其中WORDPRESS plugin需要考虑的API包括
1. create menu:
1. create a top-level menu (add_menu_page –> function )
2. create a submenu (添加子菜单到一个新创建的菜单中—>并且要有menu icon) –>add_submenu_page
3. 添加子菜单到已经存在的一级菜单中(add_options_page -->function)
2. create widget or gadget
1.在后台创建widget,包括后台widget的显示,form(),display(),widget(),update()方法等
2.在dashboard 创建 widget.
3. widget 结合option 一起应用
3. add custom meta field
1. build a form( it contains select,text field,multiple text,checkbox, upload file etc.)
2. make custom form field value filled in database.
3. use WORDPRESS UI to beautify the form
4. accomplish Internationalization
5. add plugin security
6. integrate custom table in WORDPRESS
7. manage users
1. add user role
2. add user(add_user_meta,delete_user_meta),modify user,delete user etc.
3. check user permission
8. add new custom type
1.create new type( for example: add music type)
2. add SHORTCODE
9. create new rewrite rule
1. write a new rule for page path.
8. 添加插件的设置,插件的删除,插件的激活配置等一系列的action.
对于常见hook的总结:
action:
plugins_loaded 当插件加载时
init 当WORDPRESS运行时发生
wp_head
wp_foot
add_admin 当登陆到管理员后台时发生
filter:
the_content 当网页的内容加载时
the_title 当页面标题加载时
sing_template 当应用sing template时发生
验证
数字(不包括浮点)判断: intval() or is_int() ctype_digit( $num )
return( ctype_alpha( $num ) );
// Validate phone numbers like 123-456-7890
function boj_validate_phone( $num ) {
return preg_match( ‘/^\d{3}-\d{3}-\d{4}$/’, $num );
}
电话号码:
function boj_validate_phone( $num ) {
return preg_match( ‘/^\d{3}-\d{3}-\d{4}$/’, $num );
}
邮箱:
sanitize_email:Filtered email address.
for example:
<?php
$sanitized_email = sanitize_email(' éric@loremipsum.com!');
print $sanitized_email; // will output: 'ric@loremipsum.com'
?>
判断邮箱:
is_email(sanitize_email($email) )
HTML:
force_balance_tags :对HTML来进行修正
URL:
esc_url() : The URL to be cleaned.
esc_url() converts ampersands and single quotes into HTML entities to make sure
displaying the URL will not break any output. To
$url = ‘javascript:alert(“XSS”);’;
< ?php echo esc_url( $url ); ? >
$url1 = ‘http://example.com/” < script > alert(\’XSS\’) < /script > ’;
var_dump( esc_url( $url1 ) );
// string(54) “http://example.com/scriptalert(‘XSS’)/script”
跳转
wp_redirect( “http://example.com/profile.php?user=$user” );
SQL注入的安全性
esc_sql() escapes content for inclusion into the database, which means it adds backslashes
before characters that need to be quoted in queries
$sql = ‘SELECT * FROM `users` WHERE `login` = “’. esc_sql( $login ) .’”’;
// string(55) “SELECT * FROM `users` WHERE `login` = “back\\slash””
like_escape() takes care of escaping text used in LIKE clauses, where special characters
percent % and ampersand are used:
1: < ?php
2: $pattern = ‘joe’;
3: $like = like_escape( ‘LIKE “%’.$pattern.’%”’ );
4: $sql = ‘SELECT * FROM `users` WHERE `username` ‘.$like;
5: var_dump( $sql );
6: // string(53) “SELECT * FROM `users` WHERE `username` LIKE “\%joe\%””
7: ? >
sanitize_sql_orderby() sanitize_sql_orderby() sanitizes ORDER BY clauses before they are included into an
SQL string:
$order = sanitize_sql_orderby( “$order_by $order_sort” );
$sql = ‘SELECT * FROM `users` ORDER BY ‘. $order;
var_dump( $sql );
// string(45) “SELECT * FROM `users` ORDER BY last_name DESC”
content filter: strip_tags( $_POST[‘boj_mbe_costume’] )
错误与配置的提示信息
add_settings_error
国际化常量:
在HTML中输出, 如: username: 需要考虑到国际—>法语,英语,中文,德语等
esc_attr__() is the internationalization equivalent of the esc_attr() . It escapes HTML attributes, so anything passed to it won ’ t break
HTML validation standards or open a site up to potential security vulnerabilities.
DEMO:
'<input type="button" onclick="boj_show_alert_box_1()" value="' . esc_attr__( 'Press me!', 'boj-alert-box' ) . '" />';
适合:input元素中的value等
esc_html_e() esc_html_e() behaves the same as the esc_html__() function except that it displays the translated
text on the screen instead of returning it. For example, you may be adding a form with some
default text in a < textarea > but want to make sure no HTML is shown.
DEMO:
< textarea name=”boj-text” id=”boj-text” >
< ?php esc_html_e( ‘Please input a description.’, ‘boj-plugin’ ); ? >
< /textarea >
JS显示内容的国际化:
function boj_show_alert_box_1() {
alert( boj_alert_box_L10n.boj_box_1 );
}
/* Get script path and file name. */
$script = trailingslashit( plugins_url( 'boj-alert-box' ) ) . 'boj-alert-box-script.js';
/* Enqueue our script for use. */
wp_enqueue_script( 'boj-alert-box', $script, false, 0.1 );
/* Localize text strings used in the JavaScript file. */
wp_localize_script( 'boj-alert-box', 'boj_alert_box_L10n', array(
'boj_box_1' => __( 'Alert boxes are annoying!', 'boj-alert-box' ),
'boj_box_2' => __( 'They are really annoying!', 'boj-alert-box' ),
) );
插件引入其它文件的路径(包括在插件中引入JS,CSS,图片等)
plugin_dir_url
$plugin_url = plugin_dir_url( __FILE__);
// Enqueue script
wp_enqueue_script( ‘boj_script’, $plugin_url.’js/script.js’ );
整合插件中的JS文件,并且提供国际化JS的输出内容
// Enqueue the script, in the footer
add_action( 'template_redirect', 'boj_arm_add_js' );
function boj_arm_add_js() {
// Enqueue the script
wp_enqueue_script( 'boj_arm',
plugin_dir_url( __FILE__ ).'js/script.js',
array('jquery'), BOJ_ARM_VERSION, true
);
// Get current page protocol
$protocol = isset( $_SERVER["HTTPS"]) ? 'https://' : 'http://';
// Output admin-ajax.php URL with same protocol as current page
$params = array(
'ajaxurl' => admin_url( 'admin-ajax.php', $protocol )
);
wp_localize_script( 'boj_arm', 'boj_arm', $params );
}
//css的引入
wp_enque_style function we've used before to include it into a plugin or your theme through the functions.php page:
Include a UI theme into a WordPress theme from the theme's functions.php page using wp_enqueue_style:
...
<?php
function addUIstyles(){
wp_enqueue_style('ui-theme', bloginfo('stylesheet_directory')
'/js/smoothness/jquery-ui-1.8.custom.css', array('style'), '1.0', 'screen');
}
add_action('init', 'addUIstyles');
?>
Including a UI theme into a WordPress plugin using wp_enqueue_style, is
similar to the above example, but be sure to use WP_PLUGIN_DIR to target
your plugin directory.
...
wp_enqueue_style('ui-theme', WP_PLUGIN_DIR .
.'/js/smoothness/jquery-ui-1.8.custom.css',
array('style'), '1.0', 'screen');
function authorCSS() {
//These variables set the url and directory paths:
$authorStyleUrl =
WP_PLUGIN_URL . '/add_author_bio-tbs/authover.css';
$authorStyleFile =
WP_PLUGIN_DIR . '/add_author_bio-tbs/authover.css';
//if statement checks that file does exist
if ( file_exists($authorStyleFile) ) {
//registers and evokes the stylesheet
wp_register_style('authorStyleSheet', $authorStyleUrl);
wp_enqueue_style( 'authorStyleSheet');
}
}
wp_register_style与wp_enqueue_style 一般都结合起来使用
优质内容筛选与推荐>>1、万马齐喑究可哀-中文编程的又一波"讨论"
2、solidworks 基准面
3、liunx详解-2
4、WINCE开机显示logo之前先显示白屏的问题
5、spring-boot2代码