WordPress.org

Ready to get started?Download WordPress

Forums

User Meta Manager
[resolved] Short evaluation + warning to admins (8 posts)

  1. Frank P. Walentynowicz
    Member
    Posted 2 years ago #

    Hi Jason.

    First of all do not take my harsh words personally but your plugin in its current state ( version 1.2 ) is very dangerous! Just reading its code could cause me a heart attack. You've violated so many rules of plugin development that I don't even know where to start. Before I begin explaining what's wrong with this plugin:

    WARNING: to all admins who installed and activated it. DO NOT try to edit your own meta data! The very moment you hit Update button you will not have access to your site ( both back and front end ). If you did it, don't panic. To regain access you will have to edit the user_meta table of your database ( phpMyAdmin or whatever you normally use ). Find a record with your user id and a key: dbprefix_capabilities. You'll have to modify its value part to be an array not a string. It should read a:1:{s:13:"administrator";s:1:"1";}. Save it and you'll be ok. After that you'll have to check other records with values which are supposed to be serialized arrays and modify them by removing surrounding string delimiters. I'm sure you'll figure it out.

    Now back to the author:

    • use hooks provided! Not everything can be loaded just at any place. Use init to load_plugin_textdomain and use its correct format. Right now you use deprecated format + you're trying to load a .pot file rather than .mo file (???)
    • do not make assumptions! The following line might not work: define("UMM_PATH", ABSPATH . 'wp-content/plugins/user-meta-manager/'); as wp-content can be moved!
    • enqueue scripts in right places! add_action( 'admin_enqueue_scripts', 'umm_enqueueScripts' ); after add_submenu_page. Within umm_enqueueScripts callback function check first that you're on your own admin page then enqueue scripts.
    • avoid using $wpdb unless it is absolutely necessary. You can still get all user meta with get_user_meta function.
    • when you serialize a form in AJAX jQuery do not forget to maybe_unserialize it on server side before updating database! Not doing it leads to the situation explained in my warning to admins

    These are just some things I've discovered ( not all ). I did modify your code so it is working for me. For now I would suggest that you pull the plugin from repository until it is really ready and well tested.

    Funny! 4 people said that it works. Good luck folks!

    http://wordpress.org/extend/plugins/user-meta-manager/

  2. President McCheese
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for your wordy critique of this free and opensource plugin. I'll be sure to consider the issues and "rules" you mentioned for future versions of this free and opensource plugin. I'm glad you were able to modify the code to suit your needs and therefore found it useful. That truly is the beauty of free and opensource software, isn't it? May I see some of yours?

  3. Frank P. Walentynowicz
    Member
    Posted 2 years ago #

    Sure Jason. There are three in WordPress repo: FPW Category Thumbnails, FPW Honey Pot Links, and FPW Post Instructions. I see you have version 1.3 out. I'll test it and let you know what I think. My apologies for such strong words used in my first message.

  4. Frank P. Walentynowicz
    Member
    Posted 2 years ago #

    Version 1.3
    Thank you for "fixing" the most critical issue. Why fixing in quotes? Well, you've fixed a symptom not a cause. You could fix it by adding 19 charcters to updateusermeta function:

    update_user_meta($user->ID, $key, trim(stripslashes($_POST['meta_value'][$x])));

    could be changed to:

    update_user_meta($_POST['u'], $key, maybe_unserialize(trim(stripslashes($_POST['meta_value'][$x]))));

    This is just for a single user. Same modification should be applied in other places as well. Now you do not present serialized arrays and objects for editing. This way you avoid the problem rather than solving it.

    You are still loading plugin text domain incorrectly which messes up other translations. Not much but just enough to stop showing UTF-8 characters correctly. On top of it your plugin cannot be translated.
    Try to change:

    load_plugin_textdomain('user-meta-manager', '/wp-content/plugins/user-meta-manager/user-meta-manager.pot');

    to

    add_action( 'init', 'umm_init' );

    function umm_init() {
    load_plugin_textdomain( 'user-meta-manager', false, 'user-meta-manager/' );
    }

    This will load .mo ( not .pot!!!! ) file correctly from your plugin's folder.

    Now enqueuing scripts. The way you do it is incorrect. Have you tried to test it in WP 3.4? Well 3.4 would not load your scripts at all. Pre 3.4 versions are more forgiving which does not mean that you are doing it right. This is how you do it:

    function umm_admin_menu(){

    add_submenu_page('users.php', 'User Meta Manager', 'User Meta Manager', 'publish_pages', 'user-meta-manager', 'umm_ui');
    add_action( 'admin_enqueue_scripts', 'umm_enqueue_scripts' );

    }

    function umm_enqueue_scripts( $hook ) {
    if ( 'users_page_user-meta-manager' == $hook ) {
    wp_enqueue_script('jquery');
    wp_enqueue_script('scriptaculous');
    wp_enqueue_script('scriptaculous-effects');
    // wp_enqueue_script('thickbox');
    // wp_enqueue_style('thickbox');
    add_thickbox();
    }
    }

    This will load scripts correctly and on your page only. Please notice add_thickbox function doing a job of two commented out lines before it.

    Again this is just a tip of an iceberg but enough to get started. I'm sorry but I have to change this topic's status back to 'not resolved'. I'm looking forward to seeing the next version. Please do not forget to reinstate editing of serialized arrays and objects. Keep it up.

  5. President McCheese
    Member
    Plugin Author

    Posted 2 years ago #

    Hi,

    Thanks for your follow-up comments and examples, which are much more productive.

    From your first post, I gathered there was really only one CRITICAL issue and the rest was nit-picking.

    I didn't have time immediately to achieve the phd in WP etiquette, but I did release a patch to prevent the issue you described. So, that issue IS temporarily resolved. Not fixed, but patched.

    When I have more time to sift through the volumes of out-of-date and incomplete WP documentation, I'll chip-away at the rest.

  6. Frank P. Walentynowicz
    Member
    Posted 2 years ago #

    Version 1.4

    Thank you for making update function safe and moving css out of the code. That makes version 1.3.001 only. Things not working or being in desperate need of improvement:

    1. javascript should be moved out of the code and minified as well.
    2. split your code into separate back-end and front-end and load them based on context. Your front-end code is 2kb only. Loading extra 30kb + ( admin part + include of the WP_List_Table class ) in front-end simply qualifies as frivolous.
    3. now you don't load plugin textdomain at all! This is again avoiding rather than solving. Why there is a .pot file included if the language file .mo cannot be loaded?
    4. Items Per Page form never worked and still does not work. You should consider using Screen Options to control number of items.
    5. I would recommend to move the content of Info ( '?' button ) into contextual help

    Above remarks are far from nit-picking as you call it. In one of previous posts you've used the phrase free and open source three times. If your meaning was that open source can be of inferior quality then we are in disagreement.

  7. President McCheese
    Member
    Plugin Author

    Posted 2 years ago #

    Thanks for taking such a strong interest in my plugin and work. Also thanks for emailing me to offer your own version of my plugin. However, I'm not interested and I'm sorry you're now obviously upset.

    Let me be clear on a few points:
    1) You are under the mistaken impression I care what you think.
    2) If you don't like it, don't use it, don't install it, don't activate it. Obviously you DO like it since you're on it like white on rice.
    3) You should use your obvious expertise helping to keep WP documentation up to date as opposed to playing asinine, self-proclaimed critic.
    4) I'm ignoring you from this point forward, so if I don't reply again, don't wonder why. Don't email me again because it'll go straight to my spam box, stalker. Any further contact from you will be considered harassment.

  8. President McCheese
    Member
    Plugin Author

    Posted 2 years ago #

    Resolved.

    Post any future support requests at http://jasonlau.biz/home/wordpress/user-meta-manager.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic