Coding Projects: November 2019

At any point in time I usually have a few coding projects on the go. Over the last two years I’ve made a conscious effort to focus on a few projects instead of trying to do everything, so I don’t spread myself too thinly.

Here’s a list of projects I’m working on currently.

I’m also hoping to pick back up some projects that I’m interested in but haven’t had the time to work on recently:

The Unprofessional Web

You may have heard some news over the last few days about obfuscated and malicious code allegedly being found within a WordPress plugin published by a theme shop called pipdig. Jem Turner covered it here and Wordfence Security covered it here, although the latter chose to only use the word “peculiar” as I suspect they’ve drawn the same conclusion that I have.

As the company is not claiming that their plugin was compromised — therefore ruling out third party interference — there are two possible reasons that they would publish a plugin containing code that’s capable of performing DDoS attacks, nuking customers’ websites, rewriting links, and resetting administrator passwords:

  1. Malicious intent.
  2. Incompetence and hopeless naïvety.

Let’s rule out malicious intent for now. My gut feeling says that this small theme shop is above board and would gain little from trying to take down competitors. I’m happy to be proven wrong, and time may tell, but let’s park that option.

So that leaves us with a business that defends its inability to react professionally to the situation it’s found itself in by describing itself thusly:

We’re just 4 people that really love cat memes

https://www.pipdig.co/blog/sad-times/

I love cats and I love cat memes, but I’m also able to recognise that if I wish to operate a business that employs staff and provides products and services to other businesses that in many cases are foundational to their business, then I need to have a good understanding of what my business is providing to its customers.

Huge swathes of web-based businesses operate in an unprofessional manner: either by being incompetent at the technical aspect of what they’re providing, or being naïve of their responsibilities to their customers and their staff, or both. By shipping code that can perform destructive actions and either being too incompetent to realise it or too naïve to consider your responsibilities regardless of your intent, you open up yourself and your staff to legal and financial problems.

The web industry is a festering pile of unprofessionalism, and we’ll carry on seeing more of this sort of news for years to come unless web-based businesses recognise the fact that transitioning a hobby into a business requires you to also transition your business and your technical competence from that of a hobbyist to that of a professional, and that general ignorance of quality control, information management, and business responsibilities isn’t good enough.

And don’t get me started on open-source projects 😬.

Brief Thoughts on a Ten Year Old WordPress Plugin

Today my User Switching plugin for WordPress turns ten years old.

Its active user base passed 100,000 last year which I think classifies it as moderately popular. For a plugin that’s primarily developer-oriented that’s a good number.

User Switching is a very tightly focused plugin. It allows users to:

  • Switch to other users
  • Switch back again
  • Switch off (temporarily log out)

I consider the plugin was feature complete just a few weeks after the first version. Version 0.2 in 2009 added the ability to switch back to the user’s previous account, and with that addition the plugin did all that I wanted it to do. So what’s changed over the last ten years?

Actions and Filters

Several hooks have been added to User Switching so other developers can trigger actions when a user switches between accounts. The hooks were added in version 0.6 in 2012 and are documented here in the FAQ.

Stacked Switching

If you switch to another user that has the ability to manage users on the site (for example by switching to another Administrator), you can subsequently switch from that account into another. You can then switch back to the administrator you first switched to, and switch into another account again, or switch back to your original account to complete the switching process.

Sure this workflow isn’t a particularly common one, but it’s been fully supported by User Switching since version 0.8 was released in 2013.

Session Re-Use

Expirable user sessions were implemented in WordPress 4.0 in 2014. When switching between users with User Switching, this meant that an extra user session was created every time you switched, and also every time you switched back.

It took me three attempts, four years, and a test-driven development approach to finally implement the retention, reuse, and destruction of user sessions when switching (to avoid extra sessions being created every single time you switch or switch back), and this was finally added in version 1.4 in 2018.

Not Much Else

That’s about it. All the other changes that have been made to User Switching over the years have been relatively minor tweaks and support for changes in or additions to WordPress core, plus a bit of extended support for Multisite, BuddyPress, and bbPress to ensure the process of switching between users is as seamless as possible.

What’s Next

I’m wary of calling anything “complete’, but User Switching is about as close to complete as I’ll ever get with any piece of code.

That said, I’m waiting for the release of WooCommerce 3.6 which will allow me to release an update to User Switching so it will more gracefully handle the shopping basket contents when switching between users. Supporting third party plugins greatly increases the maintenance burden, but WooCommerce is sufficiently popular (and this bug is sufficiently annoying) for me to decide to address it.

Here’s to ten more years of WordPress plugins! (Query Monitor also turns ten later this year.)

My Code Extensions

I’ve previously written about my Sublime Text packages, but I’ve since switched to the excellent Code editor. If you’ve not heard of this editor before, you may be surprised by it. It’s a fast, lightweight, powerful, well supported, free, open source, cross platform, MIT licensed, Electron powered editor, and it’s built by Microsoft. A few years ago nobody would have believed Microsoft would build such a product, but they have, and it’s excellent.

Continue reading “My Code Extensions”

Rendering Dynamic Gutenberg Blocks in Theme Template Parts

Gutenberg is an ambitious project that aims to completely overhaul the experience of writing content in WordPress.

One of the problems you’ll soon run into when building a block for Gutenberg is that as a block becomes more complex, storing its complete output statically becomes undesirable. If a block contains several fields or its output contains HTML markup, you don’t want to find yourself in a situation where this output needs to be changed at some point in the future and you need to retrospectively apply changes to stored block output in every post.

Gutenberg supports dynamic block rendering so that you can perform more complex output rendering on the fly, without having to store the complete output when the block is saved. This is the same method that shortcodes in WordPress use and allows you to move away from static block output. If you’re building a block for Gutenberg that uses anything more than very simple output, you should consider using dynamic rendering.

Continue reading “Rendering Dynamic Gutenberg Blocks in Theme Template Parts”

A Collection of My Talks

Last updated February 2019.

Here’s a list of the various talks (mostly WordPress) that I’ve given in the past, along with the video recordings and slides when they’re available.

Zen Mode: Developing While You’re Offline

Those of us who work in the web industry find that we’re online a huge amount of the time. Going offline can make us feel disconnected. But what about going offline while we’re working? Right at the time when we think we’re most likely to need an internet connection: to get our job done.

Working offline can be highly productive, and is often calming and focused. Whether we choose to go offline, or whether our surroundings make it necessary — such as while we’re traveling — having the right tools, environment, and frame of mind allows you to make working offline a joy.

In this talk, I cover the tools and approaches that I use to develop while I’m in zen mode and not connected to the internet.

Continue reading “A Collection of My Talks”

Misleading Code Coverage Reports for Switch Statements

I was recently investigating the code coverage of the map_meta_cap() function in WordPress’ core unit test suite — particularly the large switch statement contained within the function. I was surprised to see that the coverage was higher than I was expecting, because I know for a fact that several meta capabilities aren’t tested.

It turns out there is a subtle code coverage reporting issue for switch statements that allow multiple conditions to trigger one action.

Continue reading “Misleading Code Coverage Reports for Switch Statements”