Git Product home page Git Product logo

boros-add-to-pocket's Introduction

Boros Add to Pocket

WordPress plugin to add URL to Pocket via API. Created because the official Chrome extension stopped working ๐Ÿ˜ข.

Create a Pocket App

Visit https://getpocket.com/developer/, create new app and copy the "consumer key"

Method 1: wp-config.php installation:

Generate API keys via curl or Postman (ref: https://getpocket.com/developer/docs/authentication)

Register constant BOROS_POCKET in wp-config.php:

define( 'BOROS_POCKET', array('consumer_key' => 'XXXX', 'access_token' => 'XXXX', 'ajax_action' => 'XXXX') );

Access ajax address to get the bookmarklet: SITE.com/wp-admin/admin-ajax.php?action=batp

Method 2: wp-admin installation:

Acess "Settings > Add to Pocket"

  1. Save Consumer key field
  2. Click "Obtain a Request Token" button
  3. Click the "Authorize App" link and confirm authorization in Pocket page. You will be redirected back to WordPress
  4. Click "Obtain a Access Token" button

All steps are autosaved.

ToDo

  • Move boros_add_to_pocket() functionality into a class
  • Bookmarklet page design
  • Add tags controls in results page
  • Better design in results page
  • Custom ajax action name
  • Uninstall/Delete wp functions
  • Internationalization

Goals

My goals with this plugin are:

  1. Solve a problem: save links in GetPocket via API.
  2. Study some common challenges in WordPress development:
    • Authentication and queries to an external API.
    • WordPress options page creation, using native functions.
    • Dynamic interaction with form controls using AJAX requests.
  3. Maintain a public plugin with Github releases.
  4. Challenge: maintain all code in on file.

boros-add-to-pocket's People

Contributors

alexkoti avatar

Watchers

avatar avatar

boros-add-to-pocket's Issues

CSRF vulnerability in boros_add_to_pocket()

The function boros_add_to_pocket() execute wp_remote_post() without check user intent with nonce or token, example:

<img src="http://example.com/wp-admin/admin-ajax.php?action=batp&url=https://nastylink.com/" alt="">

Solutions:

  1. Custom ajax action
  2. Append fixed token/secret in bookmarklet url

Maybe a optional measure:
Add a step in popup, forcing the user click in a "confirm" button, that link will have a regular timed _wpnonce

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.