Comments (3)
mgibbs189
commented on August 11, 2024
@guillaumemolter can you confirm that WP-CLI's search-replace doesn't support JSON? I don't see why it wouldn't...
This amounts to a difference in opinion. We either manually run json_decode, or WP automatically runs unserialize. The same amount of processing is done regardless.
Plus the Postmark plugin's UI is javascript based, and uses the unmodified JSON settings (makes thing a lot simpler).
from postmark-wordpress.
guillaumemolter
commented on August 11, 2024
can you confirm that WP-CLI's search-replace doesn't support JSON? I don't see why it wouldn't...
Yeah no you right...thinking about it twice...I don't see why it would be an issue.
This amounts to a difference in opinion. We either manually run json_decode, or WP automatically runs unserialize. The same amount of processing is done regardless.
Well until you need to do some data validation, escaping etc... see https://github.com/wildbit/postmark-wordpress/blob/master/postmark.php#L95 where the json is decoded only to check that it's valid... and then if you want to sanitize the data properly, on need to decode and re-encode.
Once again there is nothing wrong with JSON ( I work with JSON on all my JS projects) and PHP serialized strings are a pain to work with, but my opinion or yours don't really matter here, it's the WordPress way of doing things. And in my experience, when you work with complex CMS/Frameworks, if you don't have a really good reason not to,it's always a good idea to embrace the philosophy of the project.
If anything else it would make the code easier to read and understand for WordPress devs so they can more easily contribute to a plugin that wildbit clearly doesn't have time to update/improve.
Plus the Postmark plugin's UI is javascript based, and uses the unmodified JSON settings (makes thing a lot simpler).
Yes, as you will see I have refactored this, to be able to properly escape the data before displaying it. Once again security good practice never trust the data (especially when this data hasn't been validated and sanitized properly on the back end. Also IMO easier to understand.
Some extra resources to justify all this:
- https://codex.wordpress.org/Data_Validation
- WCB2015 XSS, CSRF, SQLI, WTH(?!?) - The Truth on Theme Security
from postmark-wordpress.
cfoellmann
commented on August 11, 2024
I am biased - being a WordPress dev - but I am support the opinion to go the WordPress way.
Main points by @guillaumemolter I support are
- reusing data validation and escaping already proven in Core and
- lowering the threshold for contributors from the WP space by doing it the WP way !!!!
Especially not using the helpers provided by WP core is bad. WP is already bad when it comes to dependencies and reusability so we shouldn't make it worse by ignoring working concepts for code reuse.
ALSO: a change here will not break anything anyone could have extended upon the plugin. No API/hooks will be affected.
from postmark-wordpress.
Related Issues (20)
- Add option to setup settings on wp-config file
- Many notices related to the constants being already defined.
- POSTMARK_DIR is undefined when upgrading plugin via CLI HOT 2
- Improve handling of errors when Postmark API is timing out HOT 2
- Add stream name as a 'recognized' header
- Clearly indicate errors in the logs page UI
- Support wp_mail_from_name filter
- Wordpress Error on Upgrade to v1.13.0 HOT 3
- Support for WP_Environment_Type
- Plugin not working - because it is overwritting the wp_mail() function HOT 3
- Environment based settings HOT 5
- Obfuscate API Token in Settings Page
- Add Message Stream Support HOT 2
- Show error message if plugin cannot be enabled HOT 1
- Postmark not pruning old log entries HOT 3
- Graceful timeout handeling HOT 1
- Apply pre_wp_mail filter to wp_mail() override HOT 6
- Manage Templates and Layouts from WordPress
- E_ERROR from file class-postmark-debug.php HOT 1
- Undefined Constants Warning HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from postmark-wordpress.