At the mercy of WordPress Plugins; how to fight back 在慈悲的wordpress插件;如何反击
WordPress has unique plugin architecture. WordPress所具有独特的插件架构。 Plugins are simply php files which are include d (and executed) before any php pages which renders the content, whether it is your blog page or syndication feed or even administrative functions.插件是简单的PHP文件,这是包括 D类(和执行)之前,任何PHP页面,使内容,无论是您的博客网页或联合供稿,甚至行政职能。
The plugins can do anything that is allowed by php code, including trashing your hard-disk to sending your bank account details to a cracker etc. Plugins do not operate under any restrictions.该插件可以做任何事情是允许的PHP代码,包括邮件您的硬盘发送您的银行帐户的详情到一个饼干等插件不下运作,不受任何限制。 Nor can the product recover from errors generated by any plugin.也不能收回的产品从错误所产生的任何插件。 I really miss here Java's strong security infrastructure.我真的很怀念在这里Java的坚强有力的安全基础设施。
Still fine and dandy untill you discover to your horror how a poorly coded plugin can bring down your site in no time.仍然罚款和丹迪,直到你发现你的恐怖如何不善的编码插件可以把您的网站在没有时间。
Couple that with php's "silent treatment" of errors.夫妇,随着PHP的“沉默的待遇”的错误。 In other words you and your viewers are greeted with a nice looking, white in color web page, whenever any (plugin) error occurs.在其他的话你和你的观众致意,与尼斯看,白在彩色的网页,每当任何(插件)时发生错误。 Plugin errors could be as simple as having blank spaces at the end of plugin files after ?> to more complex ones like invalid argument to methods.插件错误可以那么简单,有空白在年底插件文件后? > ,以更复杂的论点一样,无效的方法。
Update: Please check 更新:请检查 tips on making your plugins robust提示,使您的插件强劲 . 。
Pages: 1 页数: 1 2
Filed under提起下 CMS Software CMS软件 , , Headline News头条新闻 , , How To如何 , , Open Source Software开放源码软件 , , PHP PHP的 , , Pro Blogging赞成Blogging , , Web网页 , , WordPress在WordPress | | 
| | 
RSS 2.0 2.0 | | 
Email this Article电子邮件此文章
You may also like to read您也可以想读 |
May 11th, 2005 at 1:58 pm 2005年5月11日在下午1时58分
Nice Article..尼斯的文章..
I like your wordpress articles.我喜欢你的WordPress的文章。 You seem to be quite knowledgeable on the inner and outer workings of this baby.你似乎相当的认识,对内部和外部的运作,这个婴儿。 Keep up the good work.保持了良好的工作。
I can see your Wordpress Feed updates in my klipfolio reader (www.klipfolio.com)我可以看到您的WordPress饲料更新,我klipfolio读者( www.klipfolio.com )
As far as plugins, so far no major problems..据插件,所以到目前为止,没有重大问题.. the only thing I worry about is if I put too many of them in my blog that there will be incompatibilities amongst them.我唯一担心的是,如果我把太多,他们在我的博客会有不兼容其中。 In addition, I fear that when I upgrade to next wordpress version, if I have too many plugins it will screw me over… But so far everything is smooth.此外,我担心当我升级到未来的WordPress版本,如果我有太多的插件,它会螺杆我超过…但到目前为止,一切顺利。
Regards,关心,
tom汤姆
May 11th, 2005 at 2:00 pm 2005年5月11日下午2:00
Forgot to say, in case you want added publicity for your blog, consider adding yourself to the klip folio database.忘了说,如果你想补充的宣传,您的博客,考虑加入自己向klip对开数据库。 It is a good way to get added exposure:这是一个很好的方法来补充曝光:
http://www.serence.com/provider.php
May 11th, 2005 at 6:46 pm 2005年5月11日在下午6时46分
@Thomas I registered as a provider. @托马斯我注册了作为一个供应商。 It is just so much complicated to create a klip.它只是这么多复杂的,以创造一个klip 。 And then they do not explain clearly upfront, what in the hell is a klip!然后他们不解释清楚,前期,是什么在地狱是一个klip !
It looks over-engineered at first glance.看来,超过工程乍看之下。 I might give it a try again later.我可以给它一个稍后再试。
May 12th, 2005 at 7:41 am 2005年5月12日在上午07时41分
Well said.说得好。 No doubt someone experienced would be able to fix misbehaving plugins it does screws the non-geeks over.毫无疑问,有人经历过将能够修复动作失常插件但这螺丝非同好。
How then would you propose a solution that offers security and fail-safety together with the existing simple ease of implementation?如何,然后你会提出一个解决方案,提供了安全和故障安全连同现有的简单易用的执行情况? I’m really interested to find out.我真的有兴趣来一探究竟。
May 12th, 2005 at 12:57 pm 2005年5月12日在下午12时57分
In Java World we could allow the plugins to be executed in a limited rights environment or sandbox.在Java世界,我们可能会允许该插件被处决在一个有限的权利,环境或沙箱的限制。 So the plugins from unknown source cannot do anything nasty.因此,插件从来源不明,不能做任何恶劣的。
Secondly even if a plugin fails the site should continue.其次,即使未能插件网站应该继续下去。 Again in Java world we achieve this by catching the execptions generated by the plugin, logging them, and move on to execute other plugins.再次在Java世界,我们实现这一目标捕捉execptions所产生的插件,伐木他们,并继续执行其他插件。 The page should still display, albeit with reduced functionality.网页应仍显示,尽管缩减功能。
This is in essence what we need for plugins.这是在本质上是什么,我们需要为插件。 In php world it is much harder to achieve.在PHP世界,这是更加难以实现。 So the fallback option is to have a public reveiew system of plugins and use only the ones with good reviews.因此,后备方案是有一个公共reveiew系统的插件和使用,只有那些具有良好评语。
Secondly we should always test the plugins in a test enironment before deployment.其次,我们要始终测试插件在测试enironment在部署之前。
Personally I prefer to look in the plugin code also to ensure something strange isn’t going on.我个人喜欢看在该插件代码,也确保了一些奇怪的是,不打算对。
May 13th, 2005 at 8:43 am 2005年5月13日在上午8时43分
“In php world it is much harder to achieve.” “在PHP世界,这是更加难以实现” 。
It actually is not hard to achieve, it just is of little interest in this application.它其实并不难实现,它只是是兴趣不大,在这方面的应用。 I doubt that the Wordpress developers target audience are grumpy Java developers who can’t figure out the PHP error settings.我怀疑,认为在WordPress发展的目标受众是老百姓着想的Java开发谁不能计算出PHP的错误设置。 Either log them or set them to print please.无论是记录他们或他们设为打印请。
May 14th, 2005 at 5:33 am 2005年5月14日在上午05时33分
@Christopher I think you misunderstood the comments. @克里斯托弗,我认为你误解了意见。 It is about running plugins in a secure sandbox, which is much harder to do in php then in Java.它是关于插件运行在一个安全的沙箱,这是更难做在PHP ,然后在Java 。 I wasn’t talking about error settings.我是不是在谈论错误设置。
May 16th, 2005 at 10:49 pm 2005年5月16日在下午10时49分
I think the plugin system, while very powerful, is fundamentally flawed.我觉得插件系统,而非常强大,是根本站不住脚的。 I find that calling apply_filters on a field is rather irritating.我觉得,要求apply_filters在一个领域是相当令人厌烦。 I would _much_ rather apply_filters to a post, because sometimes, you simply need to filter a field differently based on the surrounding data.我想_much_ ,而不是apply_filters到一个职位,因为有时,您只需要过滤的领域有不同的基础上,周围的数据。 And this would make the plugins work better outside the loop.这将使插件更好地开展工作外循环。
Btw: Which plugin we should stay away from?的BTW :哪位插件我们应该远离?
May 16th, 2005 at 11:34 pm 2005年5月16日在下午11时34分
@Denis de Bernardy @丹尼斯德bernardy
I agree.我同意这一点。
My plugin problems was with a rss aggregator plugin.我的插件问题是一个RSS聚合器的插件。 In all fairness I had some settings wrong.在所有公平,我有一些设置是错误的。 However the way it bailed on me, bringing down the whole site made me realize the mine field we are sitting on不过,这样的保释我,使整个网站,使我认识到井田我们正坐在上
Plugins are like Business Rules.插件是一样的业务规则。 One flawed business rule cannot bring down a BR engine.一个有缺陷的业务规则并不能带来了溴引擎。 Similarly one errant plugin shouldn’t be able to bring down the site.同样一个错误的插件应该无法把该网站。