WORDPRESS and plugin

I just learning WORDPRESS a month recently, there are some aspects in WORDPRESS:

WORDPRESS theme

WORDPRESS security

SEO for WORDPRESS

WORDPRESS plugin

 

WORDPRESS plugin should be the most troublesome. It has too many APIs, so when you do not know the APIs of WORDPRESS plugin, there is too difficulties in it.

 

The APIs to be considered for WORDPRESS plugin include:

1. create menu:

1.Create a top-level menu (add_menu_page-> function)

2. create a submenu (add the sub menu to a newly created menu> and have a menu icon)-> add_submenu_page

3. Add a sub-menu to an existing level-1 menu (add_options_page --> function)

 

2. create widget or gadget

1. Create widgets in the background, including the display, form (), display (), widget (), and update () Methods of the background widgets.

2. Create a widget on the dashboard.

3. widgets are applied together with option

 

3. add custom meta field

1. build a form (it contains select, text field, multiple text, checkbox, upload file etc .)

2. make custom form field value filled in database.

3. use wordpress ui to beautify the form

 

4. accomplish Internationalization

 

5. add plugin security

 

6. integrate custom table in WORDPRESS

 

7. manage users

1. add user role

2. add user (add_user_meta, delete_user_meta), modify user, delete user etc.

3. check user permission

 

8. add new custom type

1. create new type (for example: add music type)

2. add response code

 

9. create new rewrite rule

1. write a new rule for page path.

 

8. Add plug-in settings, plug-in deletion, plug-in activation configuration, and a series of actions.

 

 

 

Summary of common hooks:

Action:

Plugins_loaded when the plug-in is loaded

Init occurs when WORDPRESS runs

Wp_head

Wp_foot

Add_admin occurs when you log on to the admin background.

 

Filter:

The_content when the webpage content is loaded

The_title when the page title is loaded

Sing_template occurs when sing template is applied.

 

 

Verify

Number (excluding floating point) Judgment: intval () or is_int () ctype_digit ($ num)

 

Return (ctype_alpha ($ num ));

 

// Validate phone numbers like 123-456-7890
Function boj_validate_phone ($ num ){
Return preg_match ('/^ \ d {3}-\ d {3}-\ d {4} $/', $ num );
}

 

Phone number:

Function boj_validate_phone ($ num ){
Return preg_match ('/^ \ d {3}-\ d {3}-\ d {4} $/', $ num );
}

 

 

Email:

sanitize_email:Filtered email address.

for example:

<?php$sanitized_email = sanitize_email('        éric@loremipsum.com!');print $sanitized_email; // will output: 'ric@loremipsum.com'?>

Email judgment:

Is_email (sanitize_email ($ email ))

 

HTML:

Force_balance_tags: Modify HTML

 

 

URL:

Esc_url (): The URL to be cleaned.

Esc_url () converts ampersands and single quotes into HTML entities to make sure
Displaying the URL will not break any output.

 

 

$ Url = 'javascript: alert ("XSS ");';

<? Php echo esc_url ($ url );? >

 

$ Url1 = 'HTTP: // example.com/" <script> alert (\ 'xss \ ') </script> ';
Var_dump (esc_url ($ url1 ));
// String (54) "http://example.com/scriptalert ('xss')/script"

 

 

Jump

Wp_redirect ("http://example.com/profile.php? User = $ user ");

 

 

SQL Injection Security

Esc_ SQL () escapes content for compression sion into the database, which means it adds backslashes
Before characters that need to be quoted in queries

 

$ SQL = 'select * FROM 'users' WHERE 'login' = "'. esc_ SQL ($ login ).'"';

// String (55) "SELECT * FROM 'users' WHERE 'login' =" back \ slash ""

 

Like_escape () takes care of escaping text used in LIKE clses, where special characters
Percent % and ampersand are used:

 

   1: < ?php

   2: $pattern = ‘joe’;

   3: $like = like_escape( ‘LIKE “%’.$pattern.’%”’ );

   4: $sql = ‘SELECT * FROM `users` WHERE `username` ‘.$like;

   5: var_dump( $sql );

   6: // string(53) “SELECT * FROM `users` WHERE `username` LIKE “\%joe\%””

   7: ? >

 

Sanitize_ SQL _orderby () sanitizes ORDER BY clocses before they are supported ded into
SQL string:

 

$ Order = sanitize_ SQL _orderby ("$ order_by $ order_sort ");

$ SQL = 'select * FROM 'users' ORDER BY '. $ order;
Var_dump ($ SQL );
// String (45) "SELECT * FROM 'users' order by last_name DESC"

 

Content filter: strip_tags ($ _ POST ['boj _ mbe_costume '])

 

 

Error and configuration prompt information

Add_settings_error

 

 

 

 

Internationalization constant:

Output in HTML, such as: username: must take into account international-> French, English, Chinese, German, etc.

 

 

Esc_attr _ () is the internationalization equivalent of the esc_attr (). It escapes HTML attributes, so anything passed to it won't break
HTML validation standards or open a site up to potential security vulnerabilities.

DEMO:

'<Input type = "button" onclick = "boj_show_alert_box_1 ()" value = "'. esc_attr _ ('Press me! ', 'Boj-alert-box').' "/> ';

Suitable for: Values in input Elements

 

 

Esc_html_e () behaves the same as the esc_html _ () function variable t that it displays the translated
Text on the screen instead of returning it. For example, you may be adding a form with some
Default text in a <textarea> but want to make sure no HTML is shown.

 

DEMO:

<Textarea name = "boj-text" id = "boj-text">
<? Php esc_html_e ('Please input a description. ', 'boj-plugin ');? >
</Textarea>

 

 

 

JS display content internationalization:

Function boj_show_alert_box_1 (){
Alert (boj_alert_box_L10n.boj_box_1 );
}

 

 

/* Get script path and file name .*/
$ Script = trailingslashit (plugins_url ('boj-alert-box'). 'boj-alert-box-script.js ';

 

/* Enqueue our script for use .*/
Wp_enqueue_script ('boj-alert-box', $ script, false, 0.1 );

 

/* Localize text strings used in the JavaScript file .*/
Wp_localize_script ('boj-alert-box', 'boj _ alert_box_l10n', array (
'Boj _ box_1 '=> _ ('alert boxes are annoying! ', 'Boj-alert-box '),
'Boj _ box_2 '=> _ ('they are really annoying! ', 'Boj-alert-box '),
));

 

 

 

 

 

Plug-ins introduce other file paths (including introducing JS, CSS, and images to the plug-in)

Plugin_dir_url

 

$ Plugin_url = plugin_dir_url (_ FILE __);
// Enqueue script
Wp_enqueue_script ('boj _ script', $ plugin_url. 'js/script. js ');

 

Integrate the JS files in the plug-in and provide international JS output content

 

// Enqueue the script, in the footer
Add_action ('template _ redirect ', 'boj _ arm_add_js ');

 

Function boj_arm_add_js (){

// Enqueue the script
Wp_enqueue_script ('boj _ arm ',
Plugin_dir_url (_ FILE _). 'js/script. js ',
Array ('jquery '), BOJ_ARM_VERSION, true
);

 

// Get current page protocol
$ Protocol = isset ($ _ SERVER ["HTTPS"])? 'Https: // ': 'http ://';

 

// Output admin-ajax.php URL with same protocol as current page
$ Params = array (
'Ajaxurl' => admin_url ('admin-ajax. php', $ protocol)
);

Wp_localize_script ('boj _ arm ', 'boj _ arm', $ params );
}

 

// Css Introduction

Wp_enque_style function we 've used before to include it into a plugin or your theme through the functions. php page:

Include a UI theme into a WordPress theme from the theme's functions. php page using wp_enqueue_style:
...
<? Php
Function addUIstyles (){
Wp_enqueue_style ('ui-theme ', bloginfo ('stylesheet _ directory ')
'/Js/smoothness/jquery-ui-1.8.custom.css', array ('style'), '1. 0', 'screen ');
}
Add_action ('init ', 'adduistyles ');
?>

 

 

Including a UI theme into a WordPress plugin using wp_enqueue_style, is
Similar to the above example, but be sure to use WP_PLUGIN_DIR to target
Your plugin directory.
...
Wp_enqueue_style ('ui-theme ', WP_PLUGIN_DIR.
. '/Js/smoothness/jquery-ui-1.8.custom.css ',
Array ('style'), '1. 0', 'screen ');

 

 

 

Function authorCSS (){
// These variables set the url and directory paths:
$ AuthorStyleUrl =
WP_PLUGIN_URL. '/add_author_bio-tbs/authover.css ';
$ AuthorStyleFile =
WP_PLUGIN_DIR. '/add_author_bio-tbs/authover.css ';
// If statement checks that file does exist
If (file_exists ($ authorStyleFile )){
// Registers and evokes the stylesheet
Wp_register_style ('authorstylesheet ', $ authorStyleUrl );
Wp_enqueue_style ('authorstylesheet ');
}
}

Wp_register_style and wp_enqueue_style are generally used in combination.