My question basically is: are the "back-end" plugins, which in nothing affects the blog front-end, loaded when an anonymous user, for example, browse my blog?
Let's say the EWWW image optmizer, for instance: it just optmize the images, in the back-end. It has a admin interface to optimize the images, but the end-user doesn't use it at all. Still it gets loaded in each page visit?
I'm not sure if I'm making myself clear. Hope so.
As far as I know there is no way to specify a plugin as admin only in the WordPress API. The only plugin types I know about are 'must use', 'network activitate' (for multi user sites) and 'active' so I think an admin plugin will also load in non admin mode. The plugins are loaded in wp-settings.php. I read the code and it seems to me that WordPress doesn't distinguish between admin mode and non-admin mode as far as plugin loading is concerned. The relevant code is:
// Load must-use plugins.
foreach ( wp_get_mu_plugins() as $mu_plugin ) {
include_once( $mu_plugin );
}
unset( $mu_plugin );
// Load network activated plugins.
if ( is_multisite() ) {
foreach ( wp_get_active_network_plugins() as $network_plugin ) {
wp_register_plugin_realpath( $network_plugin );
include_once( $network_plugin );
}
unset( $network_plugin );
}
...
// Load active plugins.
foreach ( wp_get_active_and_valid_plugins() as $plugin ) {
wp_register_plugin_realpath( $plugin );
include_once( $plugin );
}
unset( $plugin );
function wp_get_mu_plugins() {
$mu_plugins = array();
if ( !is_dir( WPMU_PLUGIN_DIR ) )
return $mu_plugins;
if ( ! $dh = opendir( WPMU_PLUGIN_DIR ) )
return $mu_plugins;
while ( ( $plugin = readdir( $dh ) ) !== false ) {
if ( substr( $plugin, -4 ) == '.php' )
$mu_plugins[] = WPMU_PLUGIN_DIR . '/' . $plugin;
}
closedir( $dh );
sort( $mu_plugins );
return $mu_plugins;
}
function wp_get_active_network_plugins() {
$active_plugins = (array) get_site_option( 'active_sitewide_plugins', array() );
if ( empty( $active_plugins ) )
return array();
$plugins = array();
$active_plugins = array_keys( $active_plugins );
sort( $active_plugins );
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file
&& '.php' == substr( $plugin, -4 ) // $plugin must end with '.php'
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist
)
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
return $plugins;
}
function wp_get_active_and_valid_plugins() {
$plugins = array();
$active_plugins = (array) get_option( 'active_plugins', array() );
// Check for hacks file if the option is enabled
if ( get_option( 'hack_file' ) && file_exists( ABSPATH . 'my-hacks.php' ) ) {
_deprecated_file( 'my-hacks.php', '1.5.0' );
array_unshift( $plugins, ABSPATH . 'my-hacks.php' );
}
if ( empty( $active_plugins ) || wp_installing() )
return $plugins;
$network_plugins = is_multisite() ? wp_get_active_network_plugins() : false;
foreach ( $active_plugins as $plugin ) {
if ( ! validate_file( $plugin ) // $plugin must validate as file
&& '.php' == substr( $plugin, -4 ) // $plugin must end with '.php'
&& file_exists( WP_PLUGIN_DIR . '/' . $plugin ) // $plugin must exist
// not already included as a network plugin
&& ( ! $network_plugins || ! in_array( WP_PLUGIN_DIR . '/' . $plugin, $network_plugins ) )
)
$plugins[] = WP_PLUGIN_DIR . '/' . $plugin;
}
return $plugins;
}
Of course the easiest way to know for sure is to load a front end page on an WordPress installation with the suspect plugin and using the debugger to check if it loads.
Also, if a plugin was intended for admin use only the plugin author could just have
if ( ! is_admin() ) {
return;
}
at the start of the main plugin file. So the plugin essentially doesn't load.
Related
i want to edit theme from theme editor page in wordpress
i taked error :
Fatal error: Maximum execution time of 300 seconds exceeded in gillion\wp-includes\class-wp-theme.php on line 1401
however when i changed theme This problem is solved
code line 1401 class-wp-theme.php
$exclusions = (array) apply_filters( 'theme_scandir_exclusions', array( 'CVS', 'node_modules', 'vendor', 'bower_components' ) );
foreach ( $results as $result ) {
if ( '.' === $result[0] || in_array( $result, $exclusions, true ) ) {
continue;
}
if ( is_dir( $path . '/' . $result ) ) {
if ( ! $depth ) {
continue;
}
$found = self::scandir( $path . '/' . $result, $extensions, $depth - 1, $relative_path . $result );
$files = array_merge_recursive( $files, $found );
} elseif ( ! $extensions || preg_match( '~\.(' . $_extensions . ')$~', $result ) ) {
$files[ $relative_path . $result ] = $path . '/' . $result;
}
}
return $files;
}
i don't see any error syntax
The things I did:
check file .htaccess
increase memory php
disable plugin
change theme that problem was solved
I am trying to get our server PCI compliant and down to the last issue of setting the Woocommerce cookies to secure. I am running all current versions of Wordpress/Woocommerce and the server is running 100% SSL/HTTPS across the entire site.
The cookies I am trying to secure: woocommerce_recently_viewed
I have tried the following with no luck:
Added to my functions file:
add_filter( 'wc_session_use_secure_cookie', '__return_true' );
Added to index.php:
#ini_set('session.cookie_httponly', 'On');
#ini_set('session.cookie_secure', 'On');
#ini_set('session.use_only_cookies', 'On');
Added to php.ini:
session.cookie_httponly = 1
session.cookie_secure = 1
session.use_only_cookies = 1
My last resort is to adjust the server config (I'm running Nginx) BUT would rather handle this issue on the application level. Any help on this issue would be most appreciated.
First things first: woocommerce_recently_viewed isn't a "session cookie" in the PHP sense. It is a normal cookie created with the setcookie PHP function.
This means that neither ini_set nor wc_session_use_secure_cookie will change that behaviour.
I've downloaded the WooCommerce source code and found woocommerce\includes\wc-product-functions.php:
/**
* Track product views.
*/
function wc_track_product_view() {
if ( ! is_singular( 'product' ) || ! is_active_widget( false, false, 'woocommerce_recently_viewed_products', true ) ) {
return;
}
global $post;
if ( empty( $_COOKIE['woocommerce_recently_viewed'] ) )
$viewed_products = array();
else
$viewed_products = (array) explode( '|', $_COOKIE['woocommerce_recently_viewed'] );
if ( ! in_array( $post->ID, $viewed_products ) ) {
$viewed_products[] = $post->ID;
}
if ( sizeof( $viewed_products ) > 15 ) {
array_shift( $viewed_products );
}
// Store for session only
wc_setcookie( 'woocommerce_recently_viewed', implode( '|', $viewed_products ) );
}
add_action( 'template_redirect', 'wc_track_product_view', 20 );
The wc_setcookie is defined as follows (woocommerce\includes\wc-core-functions.php):
/**
* Set a cookie - wrapper for setcookie using WP constants.
*
* #param string $name Name of the cookie being set.
* #param string $value Value of the cookie.
* #param integer $expire Expiry of the cookie.
* #param string $secure Whether the cookie should be served only over https.
*/
function wc_setcookie( $name, $value, $expire = 0, $secure = false ) {
if ( ! headers_sent() ) {
setcookie( $name, $value, $expire, COOKIEPATH ? COOKIEPATH : '/', COOKIE_DOMAIN, $secure );
} elseif ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
headers_sent( $file, $line );
trigger_error( "{$name} cookie cannot be set - headers already sent by {$file} on line {$line}", E_USER_NOTICE );
}
}
As you can see, there isn't any wordpress filter to hook into (should really be a setting, ask a feature request!), so you need to add the $secure parameter to the woocommerce sources...
...but there is another way (kinda monkey-patch, but hey, at least we don't break things across updates):
function custom_wc_track_product_view() {
if ( ! is_singular( 'product' ) || ! is_active_widget( false, false, 'woocommerce_recently_viewed_products', true ) ) {
return;
}
global $post;
if ( empty( $_COOKIE['woocommerce_recently_viewed'] ) )
$viewed_products = array();
else
$viewed_products = (array) explode( '|', $_COOKIE['woocommerce_recently_viewed'] );
if ( ! in_array( $post->ID, $viewed_products ) ) {
$viewed_products[] = $post->ID;
}
if ( sizeof( $viewed_products ) > 15 ) {
array_shift( $viewed_products );
}
// Store for session only
wc_setcookie( 'woocommerce_recently_viewed', implode( '|', $viewed_products ), 0, true );
}
remove_action( 'template_redirect', 'wc_track_product_view', 20 );
add_action( 'template_redirect', 'custom_wc_track_product_view', 20 );
I've copied the function with another name, did the changes I needed, then I've substituted original hook with mine. Put this code in a new plugin or in theme functions.php.
Sadly, there isn't a better way without WooCommerce collaboration.
We have Wordpress site in the root of our domain. A translation plugin we use appends the domain with (in our case for Czech) /cs - this means we can run more than one translation but use the same database and wp-content as the main English website.
However, the added /cs causes the logout function to fail as it tries to use the current directory as the basis for where the actual site content is being pulled from.
The actual code being used is <?php echo wp_logout_url( $redirect ); ?>. We have tried a simple HTML href but the logout link is dynamic and requires a unique nonce value to validate the command.
Do you have any ideas for how we can have a logout button that uses the actual site address (mywebsite.com) rather than with the added 'directory' (mywebsite.com/cs). I have thus far been unable to edit the wp_logout_url to add a / before it. Any ideas?
Example links:
Correct:
http://www.mywebsite.com/backend?action=logout&redirect_to=index.php&_wpnonce=d8eaf8594a
Incorrect, resulting in 404 ERROR:
http://www.mywebsite.com/cs/backend?action=logout&redirect_to=index.php&_wpnonce=d8eaf8594a
Actual code being used (relevant logout code is the #bawlogout# part):
add_filter( 'wp_setup_nav_menu_item', 'bawllm_setup_nav_menu_item' );
function bawllm_setup_nav_menu_item( $item )
{
global $pagenow;
if( $pagenow!='nav-menus.php' && !defined('DOING_AJAX') && isset( $item->url ) && strstr( $item->url, '#baw' ) != '' ){
$item_url = substr( $item->url, 0, strpos( $item->url, '#', 1 ) ) . '#';
$item_redirect = str_replace( $item_url, '', $item->url );
switch( $item_url ) {
case '#bawloginout#' :
$item_redirect = explode( '|', $item_redirect );
if( count( $item_redirect ) != 2 )
$item_redirect[1] = $item_redirect[0];
for( $i = 0; $i <= 1; $i++ ):
if( $item_redirect[$i] == '%actualpage%')
$item_redirect[$i] = $_SERVER['REQUEST_URI'];
endfor;
$item->url = is_user_logged_in() ? wp_logout_url( $item_redirect[1] ) : wp_login_url( $item_redirect[0] );
$item->title = bawllm_loginout_title( $item->title ) ; break;
case '#bawlogin#' : $item->url = wp_login_url( $item_redirect ); break;
case '#bawlogout#' : $item->url = wp_logout_url( $item_redirect ); break;
case '#bawregister#' : if( is_user_logged_in() ) $item->title = '#bawregister#'; else $item->url = site_url( '/wp-login.php?action=register', 'login' ); break;
}
$item->url = esc_url( $item->url );
}
return $item;
}
I would put the URL into a variable so that you can perform a regular expression on it, for example:
<?php
$url = wp_logout_url( $redirect );
$fixed_url = preg_replace("/stuff_to_find/", "stuff_to_replace", $url);
?>
In the end I took the easy way out and use a Redirect 301 in .htaccess to redirect that logout link with /cs/ to /
I'm creating a wordpress site where the registered user has the ability to create his own post via wp_editor() on the frontend, but just one post.
Now I want to restrict the user to be able to only see his uploaded media. I use the following script in the functions.php, which works in the backend. So if a user goes to the media section in the backend he will only see his uploaded media.
But if the user goes to "insert media" pop-up on the frontend wp_editor he can still see the uploaded media from all the users.
function restricted_media_view( $wp_query ) {
if ( strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/upload.php' ) !== false
|| strpos( $_SERVER[ 'REQUEST_URI' ], '/wp-admin/edit.php' ) !== false ) {
if ( !current_user_can( 'level_5' ) ) {
global $current_user;
$wp_query->set( 'author', $current_user->id );
}
}
}
add_filter('parse_query', 'restricted_media_view' );
Do you have any idea hot to solve this annoyance? Thank you!
You might try this plugin: http://wordpress.org/extend/plugins/view-own-posts-media-only/
Alternatively try this:
add_action('pre_get_posts','ml_restrict_media_library');
function ml_restrict_media_library( $wp_query_obj ) {
global $current_user, $pagenow;
if( !is_a( $current_user, 'WP_User') )
return;
if( 'admin-ajax.php' != $pagenow || $_REQUEST['action'] != 'query-attachments' )
return;
if( !current_user_can('manage_media_library') )
$wp_query_obj->set('author', $current_user->ID );
return;
}
Source: http://wpsnipp.com/index.php/functions-php/restricting-users-to-view-only-media-library-items-they-upload/#comment-810649773
alternatively since WordPress 3.7
add_filter( 'ajax_query_attachments_args', "user_restrict_media_library" );
function user_restrict_media_library( $query ) {
global $current_user;
$query['author'] = $current_user->ID ;
return $query;
}
I use API/Filter Reference/ajax query attachments args for WP 4.3.1 and works
add_filter( 'ajax_query_attachments_args', 'show_current_user_attachments', 10, 1 );
function show_current_user_attachments( $query = array() ) {
$user_id = get_current_user_id();
if( $user_id ) {
$query['author'] = $user_id;
}
return $query;
}
just add on functions.php
or check this link WP Codex
This client wants to automatically activate a wordpress plugin every Tuesday between some hours. This is because the plugin has conflicts with another plugin. I did not find anything on the net about that, how to do it... anyone knows what happens behind wordpress when the button activate plugin is clicked? I can't find that specific page in my wordpress folder...
Thanks!
Something that I tried and not working:
require('/web/htdocs/www.fattorefamiglia.com/home/wp-content/plugins/quick-chat/quick-chat.php');
function toggle_plugin() {
// Full path to WordPress from the root
$wordpress_path = '/web/htdocs/www.fattorefamiglia.com/home/';
// Absolute path to plugins dir
$plugin_path = $wordpress_path.'wp-content/plugins/';
// Absolute path to your specific plugin
$my_plugin = $plugin_path.'quick-chat/quick-chat.php';
$start = strtotime('1:30');
$end = strtotime('22:30');
$timenow = date('U');
if((date('w') == 3) && ($timenow >= $start && $timenow <= $end)) { // day 2 = Tuesday
activate_plugin($my_plugin);
}
else {
deactivate_plugins($my_plugin);
}
}
I put this code in functions.php
Activate Plugin by Code in wordpress
function run_activate_plugin( $plugin ) {
$current = get_option( 'active_plugins' );
$plugin = plugin_basename( trim( $plugin ) );
if ( !in_array( $plugin, $current ) ) {
$current[] = $plugin;
sort( $current );
do_action( 'activate_plugin', trim( $plugin ) );
update_option( 'active_plugins', $current );
do_action( 'activate_' . trim( $plugin ) );
do_action( 'activated_plugin', trim( $plugin) );
}
return null;
}
run_activate_plugin( 'plugin-folder-name/plugin-main-file.php' );