Home » Questions » All Answers

All Answers

0 votes

Wordpress is a CMS. It did started as a blog centered software, but now includes many CMS features. It is listed in wikipedia List of content management systems and won a Packt Open Source CMS Award.

Wikipedia defines Content management system as a system which may support the following features:

  • identification of all key users and their content management roles;
  • the ability to assign roles and responsibilities to different content categories or types;
  • definition of workflow tasks for collaborative creation, often coupled with event messaging so that content managers are alerted to changes in content (For example, a content creator submits a story, which is published only after the copy editor revises it and the editor-in-chief approves it.);
  • the ability to track and manage multiple versions of a single instance of content;
  • the ability to capture content (e.g. scanning);
  • the ability to publish the content to a repository to support access to the content (Increasingly, the repository is an inherent part of the system, and incorporates enterprise search and retrieval.);
  • separation of content’s semantic layer from its layout (For example, the CMS may automatically set the color, fonts, or emphasis of text.).

While having very limited workflow, wordpress does support most of those features.

For more complex scenarios, people usually prefer a more powerful CMS such as Drupal. I tried both and usually goes with wordpress where possible.

NOTE: This answer was originally posted at StackOverflow.com by zvikara

  • Joe answered 16 years ago
0 votes

This is wrong place to ask such a question.
It is always a bad idea to ask some third party person of the reasons someone else had somewhere else.

It is obvious that you can’t get an answer here unless you will lure some authorized wordpress developer here with such a bounty.

Yet your question is too broad. However, it is possible to answer it’s abstract part:

I’d like to know from more experienced programmers if there are really security issues, or if sometimes their usage is just too clouded in rumors and false convinctions.

Does hands washing really prevents a disease?
What if I won’t wash my hands – will I surely sick?

Most of time – no.
As a general habit – yes.

These features (although indeed, as any other feature of our unlucky language, too clouded in rumors) are merely a hygiene everyone have to follow as a basic instinct.

Although most of time…

  • addslashes won’t do any harm as long as your encoding is either utf-8 or any single-byte one;
  • register globals won’t do any harm if you initialize all your variables;
  • magic quotes won’t do any harm as long as you have all your variables quoted for the SQL and slashes stripped for any other use;

…any exception from these circumstances can make you sick with high probability.

NOTE: This answer was originally posted at StackOverflow.com by Your Common Sense

  • Diana answered 13 years ago
  • last active 13 years ago
0 votes

They did this for one reason:

To make sure Wordpress is compatible with most Web Hosting providers.

NOTE: This answer was originally posted at StackOverflow.com by I'll-Be-Back

0 votes

In the most basic terms, apply_filters is used to initialise a filter hook… add_filter assigns a new function to hooks that have already been created.

NOTE: This answer was originally posted at StackOverflow.com by Steve

  • John answered 14 years ago
0 votes

I’ve found now in Wordpress Codec this function:

get queried http://codex.wordpress.org/Function_Reference/wp_list_pages

which is a wrapper for $wp_query->get_queried_object. This post put me in the right direction but it seems that it needs this update.

NOTE: This answer was originally posted at StackOverflow.com by Sandra

  • Danny answered 13 years ago
  • last active 12 years ago
0 votes

One option, if you’re looking for the actual queried page, rather than the page ID or slug is to intercept the query:

add_action('parse_request', 'show_query', 10, 1);

Within your function, you have access to the $wp object and you can get either the pagename or the post name with:

function show_query($wp){
     if ( ! is_admin() ){ // heck we don't need the admin pages
         echo $wp->query_vars['pagename'];
         echo $wp->query_vars['name'];
     }
}

If, on the other hand, you really need the post data, the first place to get it (and arguably in this context, the best) is:

add_action('wp', 'show_page_name', 10, 1);

function show_page_name($wp){
     if ( ! is_admin() ){
        global $post;
        echo $post->ID, " : ", $post->post_name;
     }
}

NOTE: This answer was originally posted at StackOverflow.com by Tom Auger

  • Anita answered 13 years ago
  • last active 13 years ago
0 votes

Captcha field has been added now. 🙂

0 votes

2132132

  • 132112 answered 8 years ago
0 votes

fsdfsdfsdfsdfsdf

-1 votes
In reply to: Good PHP ORM Library?

Look into Doctrine.

Doctrine 1.2 implements Active Record. Doctrine 2+ is a DataMapper ORM.

Also, check out Xyster. It’s based on the Data Mapper pattern.

Also, take a look at DataMapper vs. Active Record.

NOTE: This answer was originally posted at StackOverflow.com by Ian P

  • Greg answered 16 years ago
  • last active 13 years ago
-1 votes
In reply to: Good PHP ORM Library?

You should check out Idiorm and Paris.

NOTE: This answer was originally posted at StackOverflow.com by th3mus1cman

  • Suzanne answered 13 years ago
  • last active 13 years ago
-1 votes
In reply to: Good PHP ORM Library?

Axon ORM is part of the Fat-Free Framework – it features an on-the-fly mapper. No code generators. No stupid XML/YAML configuration files. It reads the database schema directly from the backend, so in most CRUD operations you don’t even have to extend a base model. It works with all major PDO-supported database engines: MySQL, SQLite, SQL Server/Sybase, Oracle, PostgreSQL, etc.

/* SQL */
CREATE TABLE products (
    product_id INTEGER,
    description VARCHAR(128),
    PRIMARY KEY (product_id)
);

/* PHP */
// Create
$product=new Axon('products'); // Automatically reads the above schema
$product->product_id=123;
$product->description='Sofa bed';
$product->save(); // ORM knows it's a new record

// Retrieve
$product->load('product_id=123');
echo $product->description;

// Update
$product->description='A better sofa bed';
$product->save(); // ORM knows it's an existing record

// Delete
$product->erase();

Most of all, the plug-in and accompanying SQL data access layer are just as lightweight as the framework: 14 KB (Axon) + 6 KB (SQLdb). Fat-Free is just 55 KB.

NOTE: This answer was originally posted at StackOverflow.com by stillstanding

  • Wayne answered 14 years ago
  • last active 13 years ago
-1 votes

Every answer here covers only part of the problem.
In fact, there are four different query parts which we can add to it dynamically:

  • a string
  • a number
  • an identifier
  • a syntax keyword.

and prepared statements covers only 2 of them

But sometimes we have to make our query even more dynamic, adding operators or identifiers as well.
So, we will need different protection techniques.

In general, such a protection approach is based on whitelisting.
In this case every dynamic parameter should be hardcoded in your script and chosen from that set.
For example, to do dynamic ordering:

$orders  = array("name","price","qty"); //field names
$key     = array_search($_GET['sort'],$orders)); // see if we have such a name
$orderby = $orders[$key]; //if not, first one will be set automatically. smart enuf :)
$query   = "SELECT * FROM `table` ORDER BY $orderby"; //value is safe

However, there is another way to secure identifiers – escaping. As long as you have an identifier quoted, you can escape backticks inside by doubling them.

As a further step we can borrow a truly brilliant idea of using some placeholder (a proxy to represent the actual value in the query) from the prepared statements and invent a placeholder of another type – an identifier placeholder.

So, to make long story short: it’s a placeholder, not prepared statement can be considered as a silver bullet.

So, a general recommendation may be phrased as
As long as you are adding dynamic parts to the query using placeholders (and these placeholders properly processed of course), you can be sure that your query is safe.

Still there is an issue with SQL syntax keywords (such as AND, DESC and such) but whitelisting seems the only approach in this case.

NOTE: This answer was originally posted at StackOverflow.com by Your Common Sense

  • Ellen answered 13 years ago
-1 votes

From the docs:

PHP follows Perl’s convention when dealing with arithmetic operations on character variables and not C’s.

For example, in Perl ‘Z’+1 turns into ‘AA’, while in C ‘Z’+1 turns into ‘[‘ ( ord(‘Z’) == 90, ord(‘[‘) == 91 ).

Note that character variables can be incremented but not decremented and even so only plain ASCII characters (a-z and A-Z) are supported.

NOTE: This answer was originally posted at StackOverflow.com by CMS

  • Wayne answered 14 years ago
-1 votes

Use the One Click Plugin Updater.

NOTE: This answer was originally posted at StackOverflow.com by laurentb

-1 votes

no, Wordpress is a blog. If you want a CMS, you need to look to XOOPS, Drupal, Plone, Mambo or similar.

Whilst many of these things overlap in functionality, there’s a lot more available in the CMSs that the blog-type apps wouldn’t want to provide/support.

Bottom line though – if the user is happy with the new system, who cares what it is.

NOTE: This answer was originally posted at StackOverflow.com by gbjbaanb

-1 votes

\test \( \)

\( \)

\\( \\)

  • onokazu answered 11 years ago
  • last active 11 years ago
-1 votes

^^test

  • onokazu answered 10 years ago
  • last active 10 years ago
-1 votes
-1 votes

jumanji

  • Answerer answered 8 years ago
Showing 201 - 220 of 1k results