This is the third in a series of periodic posts where we will highlight new support documentation and/or any changes made to existing docs. This is a great way to stay up-to-date with the latest VIP coding standards. Here are the latest updates:
1. Code Review: What We Look For
Addition to: Using rawurlencode() on the values passed to it prevents this.
Using rawurlencode on any variable used as part a the query string, either by using
add_query_arg()
or directly will also prevent parameter hijacking.
Clarification to: Encoding values used when creating a url or passed to add_query_arg():
Encoding values used when creating a url or passed to
add_query_arg()
Using rawurlencode on any variable used as part a the query string, either by using
add_query_arg()
or directly by string concatenation will also prevent parameter hijacking.
Clarification to: Check for is_array(), !empty() or is_wp_error()
Here are some common functions / language constructs that are used without checking the parameters before hand:
foreach()
,array_merge()
,array_filter()
,array_map()
,array_unique()
,wp_list_pluck()
Always check the values passed as parameters or cast the value as an array before using them.
Additions:
–
get_pages()
: As with get_posts(), WP_Query should be used instead.
–get_next_post()
,previous_post_link()
,next_post_link()
–url_to_post_id()
Andurl_to_post_id()
Clarification:
wp_get_object_terms()
: Useget_the_terms()
along withwp_list_pluck
to extract the IDs or use the equivalent get_the_* version instead (e.g.get_the_category()
3) Security Overview
New addition: Secure Access and Users
4) Creating Cache Groups with vary_cache_on_function
New addition: Common Example
5) New Plugin WP-SEO:
WP SEO is designed for professionals who want to build a solid foundation for an SEO-friendly website.
It allows you to create templates for the title tag, meta description, and meta keywords on your posts, pages, custom post types, archives, and more. The templates can be populated dynamically with built-in formatting tags like #title#
or #author_name#
. You can even allow authors to create custom title and meta values for individual entries.
If there are any questions about the updates above, please feel free to reach out!