stripslashes / wp_unslash with multibyte / mbstring support

One truly annoying thing with WordPress is that it doesn’t use the mbstring extensions at its core. I fully realize how big of a task a re-write is in this regard, but considering there are utility functions for just about everything you want to do as a WordPress plugin and/or theme developer, I think this needs to be addressed. Oh, and it’s 2021 by the way.

An issue that quite a few seem to be frustrated about is POST/GET form data handling, and the situation with single and double quotes being “escaped”.

Without further ado, this snippet will “unslash” a string, with support for multibyte characters (there’s no magic here, really):

function x_stripslashes( string $str ) {
    return( mb_ereg_replace( '[\x{005c}][\x{0027}]', '\'',
                             mb_ereg_replace( '[\x{005c}][\x{0022}]', '"',
                                              $str ) )
    );
}

Stupid: Call of Duty Black Ops and Modern Warfare

Having played the Black Ops / Modern Warfare series of games for as long as they’ve been around, there are quite a few annoying things that keep coming back in one shape or form in the various releases. Obviously, me not agreeing with these things must be entirely on me, I’m sure the rest of the gaming community is alright with it.

1. Why, oh Why aren’t objective based games scoring based on objectives (other than “kills”)? You call a game mode “Hardcore Domination”, yet you rarely see those with most objectives at the top of the scoreboard. Those players are the difference between winning and losing a game of “Hardcore Domination”. Yet we often see snowflake players sitting at the very back, “sniping” away with their thermal scopes and hardly moving more than 30cm during an entire game. And of course, the “Team Deatchmatch” players who repeatedly end up in the “wrong lobby” (i.e. “Domination”) and fail to grasp the (not so advanced) concept of the game mode.

2. Why, oh Why aren’t the publishers (there has been a large number of them by now) listening to players? If a map is often downvoted, why does it keep coming back? Every iteration of “Call of Duty”, be it Black Ops or Modern Warware have some great maps, and every iteration of these games have absolute shit maps (“Miami” is a good example in the current edition). It would, at a minimum, be a very welcome change if I, as a player (and paying customer), could at least block certain maps from my matchmaking. I DON’T WANT TO PLAY MIAMI BECAUSE IT’S A SHIT MAP.

3. Why, o Why, are the publishers, after a few “seasons” of a game, introducing jumping rabbits, “funny” outfits, “stickers”, “accessories”, and all the other junk that appears more frequently as a game is “progressing”?! I’m sure people who want “bunny outfits” can go and play Fortnite instead, no?

4. Why, o Why, don’t the publishers require a right to copy/clone/publish great maps from previous franchise editions of Call of Duty Black Ops and Modern Warfare? Historically, there have been a lot of such great maps (“Crash”, “Gun Runner”, “Highrise”, “Hackney Yard”, “Shoot House”, “Summit”, “Havana”, “Terminal”, “Raid”, and “Firing Range”). This is just stupid. Sure, we like new maps, but there’s a reason many of the “older” maps are so popular: They work.

5. When, o When, are we going to see some bolder objective game modes, like 4x3v3 or 4x2v2?

Keep search parameters when using WP_List_Table and navigation

WP_List_Table is a reasonably flexible way of creating data tables in WordPress Admin Plugins. While there are plenty of warnings and words of caution against using WP_List_Table throughout the WordPress documentation and elsewhere on the Internet, it is a very popular method in use by many plugin authors.

Whether or not it’s a good idea to use WP_List_Table for your plugin is beyond the scope of this post.

While developing a plugin that is using WP_List_Table, I came across a rather well-known issue. The issue is that once the user enters search data, you would (logically) think that the search data is maintaned while navigating the search result. Unfortunately, when the user clicks on the previous and next links, or clicks on one of the table headers to re-sort the search result, the search is “lost”.

This can, technically speaking, be avoided if you resort to using METHOD="GET" rather than METHOD="POST" in your table form. But I wanted to avoid this since the entire GET request is passed in the URL and thus ends up in logs, etc.

So, how to use POST instead of get, and still maintain the search parameter across page loads?

The WP_List_Table class makes extensive use of the set_url_scheme() function to create various headers and clickable links in the table view. Unfortunately, this function is rather generic in nature and does not take the parameters from WP_List_Table::search_box() into account. But, as is the case with most functions in WordPress, as a last action, the set_url_scheme() function calls any hooked filters before it returns.

Keep search parameters between page loads

The example assumes $your_table is an object derived from WP_List_Table.

echo '<div class="wrap">';
echo '<form action="admin.php?page=your_plugin_table" method="post" name="your_table_form">';
$your_table->prepare_items();
$your_table->mangle_url_scheme_start();
$your_table->search_box();
$your_table->display();
$your_table->mangle_url_scheme_stop();
echo '</form>';
echo '</div>';

The two functions of interest here are mangle_url_scheme_start() and its companion, mangle_url_scheme_stop(). These go into your class derived from WP_List_Table like this:

public function mangle_url_scheme_start() {
    add_filter( 'set_url_scheme', [$this, 'mangle_url_scheme'], 10, 3 );
}

and

public function mangle_url_scheme_stop() {
    remove_filter( 'set_url_scheme', [$this, 'mangle_url_scheme'], 10 );
}

The last piece of the workaround is the mangle_url_scheme() function:

public function mangle_url_scheme( string $url, 
                                   string $scheme, 
                                   $orig_scheme ) {
    if ( ! empty( $url ) 
        && mb_strpos( $url, '?page=your_plugin_table' ) !== false 
            && isset( $_REQUEST['s'] ) ) {
        $url = add_query_arg( 's', urlencode( $_REQUEST['s'] ), $url );
    }
    return( $url );
}

This is only done on your plugin table page, and it’s only done if the $_REQUEST['s'] parameter is set. I can’t see how this will cause any issues further down the road, but you may experience different results. You may want to sanitize the contents of $_REQUEST['s'] further before you urlencode it.

I am reasonably convinced that there are other, and better, ways of doing this. But I haven’t found one yet.

 

WordPress Update Services 2021

Here’s, hopefully, a resonably up to date list of URLs to use for WordPress Update Services in 2021, with duplicates removed 🙂

I don’t think there’s a “best practice” for these, and everyone’s opinion seem to differ on the subject. So I am by no means claiming that this is a complete or good list for WordPress Update Services, but it’s possibly a start.

These go into Settings > Writing > Update Services

http://api.feedster.com/ping
http://api.moreover.com/ping
http://api.my.yahoo.com/RPC2
http://api.my.yahoo.com/rss/ping
http://bing.com/webmaster/ping.aspx
http://blogdb.jp/xmlrpc
http://blog.goo.ne.jp/XMLRPC
http://blogmatcher.com/u.php
http://blogping.unidatum.com/RPC2
http://blogsearch.google.ae/ping/RPC2
http://blogsearch.google.at/ping/RPC2
http://blogsearch.google.be/ping/RPC2
http://blogsearch.google.bg/ping/RPC2
http://blogsearch.google.ca/ping/RPC2
http://blogsearch.google.ch/ping/RPC2
http://blogsearch.google.cl/ping/RPC2
http://blogsearch.google.co.cr/ping/RPC2
http://blogsearch.google.co.cr/ping/RPC2
http://blogsearch.google.co.hu/ping/RPC2
http://blogsearch.google.co.hu/ping/RPC2
http://blogsearch.google.co.id/ping/RPC2
http://blogsearch.google.co.id/ping/RPC2
http://blogsearch.google.co.il/ping/RPC2
http://blogsearch.google.co.in/ping/RPC2
http://blogsearch.google.co.it/ping/RPC2
http://blogsearch.google.co.jp/ping/RPC2
http://blogsearch.google.co.ma/ping/RPC2
http://blogsearch.google.com.ar/ping/RPC2
http://blogsearch.google.com.au/ping/RPC2
http://blogsearch.google.com.br/ping/RPC2
http://blogsearch.google.com.co/ping/RPC2
http://blogsearch.google.com.do/ping/RPC2
http://blogsearch.google.com.mx/ping/RPC2
http://blogsearch.google.com.my/ping/RPC2
http://blogsearch.google.com.pe/ping/RPC2
http://blogsearch.google.com/ping/RPC2
http://blogsearch.google.com/ping/RPC2
http://blogsearch.google.com.sa/ping/RPC2
http://blogsearch.google.com.sg/ping/RPC2
http://blogsearch.google.com.tr/ping/RPC2
http://blogsearch.google.com.tw/ping/RPC2
http://blogsearch.google.com.ua/ping/RPC2
http://blogsearch.google.com.uy/ping/RPC2
http://blogsearch.google.com.vn/ping/RPC2
http://blogsearch.google.co.nz/ping/RPC2
http://blogsearch.google.co.th/ping/RPC2
http://blogsearch.google.co.uk/ping/RPC2
http://blogsearch.google.co.ve/ping/RPC2
http://blogsearch.google.co.za/ping/RPC2
http://blogsearch.google.de/ping/RPC2
http://blogsearch.google.es/ping/RPC2
http://blogsearch.google.fi/ping/RPC2
http://blogsearch.google.fr/ping/RPC2
http://blogsearch.google.gr/ping/RPC2
http://blogsearch.google.hr/ping/RPC2
http://blogsearch.google.ie/ping/RPC2
http://blogsearch.google.it/ping/RPC2
http://blogsearch.google.jp/ping/RPC2
http://blogsearch.google.ki/ping/RPC2
http://blogsearch.google.kz/ping/RPC2
http://blogsearch.google.la/ping/RPC2
http://blogsearch.google.li/ping/RPC2
http://blogsearch.google.lk/ping/RPC2
http://blogsearch.google.lt/ping/RPC2
http://blogsearch.google.lu/ping/RPC2
http://blogsearch.google.md/ping/RPC2
http://blogsearch.google.mn/ping/RPC2
http://blogsearch.google.ms/ping/RPC2
http://blogsearch.google.mu/ping/RPC2
http://blogsearch.google.mv/ping/RPC2
http://blogsearch.google.mw/ping/RPC2
http://blogsearch.google.nl/ping/RPC2
http://blogsearch.google.no/ping/RPC2
http://blogsearch.google.nr/ping/RPC2
http://blogsearch.google.nu/ping/RPC2
http://blogsearch.google.pl/ping/RPC2
http://blogsearch.google.pn/ping/RPC2
http://blogsearch.google.pt/ping/RPC2
http://blogsearch.google.ro/ping/RPC2
http://blogsearch.google.ru/ping/RPC2
http://blogsearch.google.rw/ping/RPC2
http://blogsearch.google.sc/ping/RPC2
http://blogsearch.google.se/ping/RPC2
http://blogsearch.google.sh/ping/RPC2
http://blogsearch.google.si/ping/RPC2
http://blogsearch.google.sk/ping/RPC2
http://blogsearch.google.sm/ping/RPC2
http://blogsearch.google.sn/ping/RPC2
http://blogsearch.google.st/ping/RPC2
http://blogsearch.google.tk/ping/RPC2
http://blogsearch.google.tl/ping/RPC2
http://blogsearch.google.tm/ping/RPC2
http://blogsearch.google.to/ping/RPC2
http://blogsearch.google.tp/ping/RPC2
http://blogsearch.google.tt/ping/RPC2
http://blogsearch.google.us/ping/RPC2
http://blogsearch.google.vg/ping/RPC2
http://blogsearch.google.vu/ping/RPC2
http://blogsearch.google.ws/ping/RPC2
http://blo.gs/ping.php
http://blogs.yandex.ru/
http://blog.with2.net/ping.php
http://bulkfeeds.net/rpc
http://coreblog.org/ping/
http://geourl.org/ping
http://ipings.com
http://mod-pubsub.org/kn_apps/blogchatt
http://news2paper.com/ping
http://ping.bitacoras.com
http://ping.bloggers.jp/rpc
http://ping.blo.gs/
http://ping.blogs.yandex.ru/RPC2
http://ping.exblog.jp/xmlrpc
http://ping.fc2.com
http://ping.feedburner.com
http://ping.myblog.jp
http://pingoat.com/goat/RPC2
http://ping.rootblog.com/rpc.php
http://ping.rss.drecom.jp
http://ping.syndic8.com/xmlrpc.php
http://ping.weblogs.se/
http://rcs.datashed.net/RPC2/
http://rpc.blogbuzzmachine.com/RPC2
http://rpc.bloggerei.de/
http://rpc.bloggerei.de/ping/
http://rpc.blogrolling.com/pinger/
http://rpc.icerocket.com:10080
http://rpc.newsgator.com/
http://rpc.pingomatic.com
http://rpc.technorati.com/rpc/ping
http://rpc.twingly.com
http://rpc.urlfan.com/ping
http://rpc.weblogs.com/RPC2
http://services.newsgator.com/ngws/xmlrpcping.aspx
https://ping.blogs.yandex.ru/RPC2
http://topicexchange.com/RPC2
http://trackback.bakeinu.jp/bakeping.php
http://www.a2b.cc/setloc/bp.a2b
http://www.bitacoles.net/ping.php
http://www.blogdigger.com/RPC2
http://www.blogoole.com/ping/
http://www.blogpeople.net/servlet/weblogUpdates
http://www.blogroots.com/tb_populi.blog?id=1
http://www.blogshares.com/rpc.php
http://www.blogsnow.com/ping
http://www.blogstreet.com/xrbin/xmlrpc.cgi
http://www.lasermemory.com/lsrpc/
http://www.mod-pubsub.org/kn_apps/blogchatter/ping.php
http://www.pingerati.net
http://www.pingmyblog.com

Improving your Nextcloud upgrade experience

Nextcloud, a truly wonderful open source project, allows you to create your own co-lab hub. You can choose to host it yourself, or get a Nextcloud instance at one of the many service providers, such as WebbPlatsen i Sverige AB. Nextcloud can replace many not-so-GDPR-safe alternatives and other costly solutions. If you, by some small miracly, still do not know what Nextcloud is, go check it out at nextcloud.com.

For the past few years, Nextcloud has kept an almost alarmingly fast pace when it comes to updates. Quite often, a major version is followed by a few minor updates, and then another major version is released. Typically, a lot of new functionality has been thrown in for the major updates. Naturally, we want more functionality and toys 🙂

Updating Nextcloud is usually not a big issue, unless the Nextcloud downloads are slow. And they are, quite frequently, very slow. So slow in fact that the Nextcloud updater exits with an error when it comes to the step where it downloads the new files, even if you increase your PHP maximum execution time to 10 minutes (!)

There are ways to improve your Nextcloud upgrade experience, some of them are mentioned here. The remainder of this post assumes you have some sort of file access to your Nextcloud server.

Nextcloud updater times out when downloading

If you go to the data directory for Nextcloud during an update, there’s typically a directory called updater-nnn, where nnn is an arbitrary string. This is where Nextcloud keeps its files for the upgrader, including progression counters and downloads.

From the Nextcloud web interface, under Administration.Overview, there’s a Download now button that is actually just a link. You can copy the link and download the file manually. Once the download has completed, you can place it in the downloads sub-directory of the updater-nnn directory. Once done, re-start the upgrade process.

Nextcloud updater gets stuck during the update process

In the same updater-nnn directory, there is a “step counter” so that Nextcloud can keep track of where in the update process it is currently positioned. If Nextcloud keeps getting stuck at the download step, or you are presented with “Step 4 is currently in process. Please reload this page later.”, you may try to remove the file .step and re-start the upgrade process.

Manually upgrading Nextcloud from CLI

If you have shell access to your Nextcloud instance, you may also attempt a manual upgrade, which may have different timeout settings (or no timeout settings). The short version is listed below, the long version can be found in the official Nextcloud documentation, please make sure you read it before attempting a manual upgrade!

sudo -u www-data php /var/www/nextcloud/occ upgrade
sudo -u www-data php /var/www/nextcloud/occ maintenance:mode --off

Replace www-data for the user PHP and/or your web server is running as and correct paths as needed.

 

Cloudbridge Mattermost 2.0.0 with OAuth2 for WordPress

Cloudbridge Mattermost is a WordPress plugin that provides integration between WordPress and Mattermost.

It has now been updated with OAuth2 authentication for WordPress via Mattermost.

It has been tested with Mattermost 5.30+ and WordPress 5.5.3 and WordPress 5.6.

Features at a glance:

  • OAuth2 authentication, login to WordPress via Mattermost
  • Notifications for successful login
  • Notifications for failed login
  • Notifications for unknown user login attempt
  • Notifications for password reset
  • Notifications for plugin activation
  • Notifications for plugin deactivation
  • Notifications for plugin uninstallation
  • Notifications for new/edited user
  • Notifications for deleted user
  • The plugin can also make use of additional functionality such as posting to a specific channel/user, overriding bot names, and additionally mention specific users.

You can download it from the official WordPress repository:
wordpress.org/plugins/cloudbridge-mattermost

You can also get it from GitHub, should you prefer that source:
github.com/joho1968/cloudbridge-mattermost

WebbPlatsen’s official website for their Open Source projects:
code.webbplatsen.net/wordpress/cloudbridge-mattermost/