Javascript para programadores impacientes

JavaScript for impatient programmers — a pesar del título, explica con harto detalle incluso los aspectos más básicos del lenguaje. Está actualizado hasta ES 2019 por lo que es especialmente útil para refrescar cosas de sintaxis y nuevas funcionalidades que se han ido incorporando al lenguaje. El libro está prácticamente entero, sólo hay un par… Continue reading Javascript para programadores impacientes

Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd

Early in 2018, Barak Tawily published a possible DoS attack for WordPress, that basically works by requesting all possible scripts on the /wp-admin/load-scripts.php, a script that fetches and concatenates javascript files — there’s also a load-styles.php file that does the same for styles. His vulnerability report was rejected by the WordPress team, on the account… Continue reading Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd

Big companies that use PHP

Every now and then there’s still some people who can’t believe PHP can be used for a big, successful project, when actually there are several examples of huge sites using PHP. Here’s how some of them share their experience. Facebook With over 1.49 billion active users, Facebook has been forced into finding creative, out-of-the-box solutions… Continue reading Big companies that use PHP

The challenges of formatting currency data

Localization and internationalization of an app or site it’s a challenge that’s not specially hard on the technical side, but that it can ceirtanly become difficult for social and behavioral aspects, such as our own etnocentrism, lack of standardized standards, or even standards that conflict with actual use or user expectations.

The development team at Etsy identified three attributes that affected currency formatting: the currency, user location and user language. Their post on How Etsy Formats Currency shows how to correctly format currency and some of the practical decisions that are involved in the process.

Basic Authentication it’s often used as a simple security measure or as a temporary authentication method while developing with certain APIs.

While the WordPress HTTP API doesn’t have explicit support for basic authentication, it’s still possible to use it as a header:

$request = wp_remote_post(
  $remote_api_endpoint,
  array(
    'body'    => array( 'foo' => 'bar' ),
    'headers' => array(
      'Authorization' => 'Basic '. base64_encode( $username .':'. $password )
    )
  )
);

Remember that if you’re sending an unencrypted request, all the headers will be sent in plain text, so you should only use it over HTTPS.

Use get_the_terms() instead of wp_get_object_terms()

I was recently debugging the front page of a WordPress site and found a lot of queries to the terms and term relationships database tables. Digging a little deeper, I found that the culprit were a set of functions that were calling wp_get_object_terms() to get the terms from a set of looped posts… and then… Continue reading Use get_the_terms() instead of wp_get_object_terms()

Unified search with Elasticsearch and WordPress

During the last months of 2012, and as a part of AyerViernes, we worked on one of those projects that is as challenging as delightful to take part in, developing a unified search system for a network of over 200 WordPress sites (both single-install and multisite).

We developed a real-time sync plugin integrating the WordPress sites with an Elasticsearch instance with different content types (mappings) that give us plenty of room to index and search in hundreds of thousands documents generated by the university staff.

You can read the complete post (in spanish) on Medium: Desarrollo de sistema de búsqueda transversal: +200 sitios a un clic de distancia

Envoy is a task runner originally developed for Laravel, but that you can also use on any other kind of project.

It’s a very easy way to define tasks with Blade syntax and simple terminal commands, which you can run on remote servers via SSH (including parallel execution) or locally.

Thanks to its simplicity, it’s great to quickly automate repetitive tasks. For instance, this is something I use for importing a replica of the production DB of a site:

@servers(['production' => 'foobar.com', 'local' => 'localhost'])

@macro('sync-db')
    dump-production-db
    get-production-db
    import-production-db
@endmacro

@task('dump-production-db', ['on' => 'production'])
    echo 'Creating production DB dump';
    cd ddbb
    mysqldump --no-autocommit --skip-extended-insert --single-transaction --ignore-table=foobar.wp_simple_history_contexts --ignore-table=foobar.wp_simple_history_history foobar_production | gzip > foobar.production.sql.gz
@endtask

@task('get-production-db', ['on' => 'local'])
    echo 'Copying DB dump from production server';
    cd ddbb
    rsync -P foobar:~/ddbb/foobar.production.sql.gz .
@endtask

@task('import-production-db', ['on' => 'local', 'confirm' => true])
    cd ddbb
    gzip -d -f foobar.production.sql.gz
    sed 's/www.foobar.com/www.foobar.lo/g' -i foobar.production.sql
    echo 'Importing production DB replica';
    mysql -v foobar_development < foobar.production.sql
@endtask