At the mercy of WordPress Plugins; how to fight back在慈悲的wordpress插件;如何反擊
WordPress has unique plugin architecture. WordPress所具有獨特的插件架構。 Plugins are simply php files which are include d (and executed) before any php pages which renders the content, whether it is your blog page or syndication feed or even administrative functions.插件是簡單的PHP文件,這是包括 D類(和執行)之前,任何PHP頁面,使內容,無論是您的博客網頁或聯合供稿,甚至行政職能。
The plugins can do anything that is allowed by php code, including trashing your hard-disk to sending your bank account details to a cracker etc. Plugins do not operate under any restrictions.該插件可以做任何事情是允許的PHP代碼,包括郵件您的硬盤發送您的銀行帳戶的詳情到一個餅乾等插件不下運作,不受任何限制。 Nor can the product recover from errors generated by any plugin.也不能收回的產品從錯誤所產生的任何插件。 I really miss here Java’s strong security infrastructure.我真的很懷念在這裡Java的堅強有力的安全基礎設施。
Still fine and dandy untill you discover to your horror how a poorly coded plugin can bring down your site in no time.仍然罰款和丹迪,直到你發現你的恐怖如何不善的編碼插件可以把您的網站在沒有時間。
Couple that with php’s “silent treatment” of errors.夫婦,隨著PHP的“沉默的待遇”的錯誤。 In other words you and your viewers are greeted with a nice looking, white in color web page, whenever any (plugin) error occurs.在其他的話你和你的觀眾致意,與尼斯看,白在彩色的網頁,每當任何(插件)時發生錯誤。 Plugin errors could be as simple as having blank spaces at the end of plugin files after ?> to more complex ones like invalid argument to methods.插件錯誤可以那麼簡單,有空白在年底插件文件後? > ,以更複雜的論點一樣,無效的方法。
Update: Please check 更新:請檢查 tips on making your plugins robust提示,使您的插件強勁 . 。
Pages: 1 頁數: 1 2
Filed under提起下 CMS Software CMS軟件 , , Headline News頭條新聞 , , How To如何 , , Open Source Software開放源碼軟件 , , PHP PHP的 , , Pro Blogging贊成Blogging , , Web網頁 , , WordPress在WordPress | | 
| | 
RSS 2.0 2.0 | | 
Email this Article電子郵件此文章
You may also like to read您也可以想讀 |
May 11th, 2005 at 1:58 pm 2005年5月11日在下午1時58分
Nice Article..尼斯的文章..
I like your wordpress articles.我喜歡你的WordPress的文章。 You seem to be quite knowledgeable on the inner and outer workings of this baby.你似乎相當的認識,對內部和外部的運作,這個嬰兒。 Keep up the good work.保持了良好的工作。
I can see your Wordpress Feed updates in my klipfolio reader (www.klipfolio.com)我可以看到您的WordPress飼料更新,我klipfolio讀者( www.klipfolio.com )
As far as plugins, so far no major problems..據插件,所以到目前為止,沒有重大問題.. the only thing I worry about is if I put too many of them in my blog that there will be incompatibilities amongst them.我唯一擔心的是,如果我把太多,他們在我的博客會有不兼容其中。 In addition, I fear that when I upgrade to next wordpress version, if I have too many plugins it will screw me over… But so far everything is smooth.此外,我擔心當我升級到未來的WordPress版本,如果我有太多的插件,它會螺桿我超過…但到目前為止,一切順利。
Regards,關心,
tom湯姆
May 11th, 2005 at 2:00 pm 2005年5月11日下午2:00
Forgot to say, in case you want added publicity for your blog, consider adding yourself to the klip folio database.忘了說,如果你想補充的宣傳,您的博客,考慮加入自己向klip對開數據庫。 It is a good way to get added exposure:這是一個很好的方法來補充曝光:
http://www.serence.com/provider.php
May 11th, 2005 at 6:46 pm 2005年5月11日在下午6時46分
@Thomas I registered as a provider. @托馬斯我註冊了作為一個供應商。 It is just so much complicated to create a klip.它只是這麼多複雜的,以創造一個klip 。 And then they do not explain clearly upfront, what in the hell is a klip!然後他們不解釋清楚,前期,是什麼在地獄是一個klip !
It looks over-engineered at first glance.看來,超過工程乍看之下。 I might give it a try again later.我可以給它一個稍後再試。
May 12th, 2005 at 7:41 am 2005年5月12日在上午07時41分
Well said.說得好。 No doubt someone experienced would be able to fix misbehaving plugins it does screws the non-geeks over.毫無疑問,有人經歷過將能夠修復動作失常插件但這螺絲非同好。
How then would you propose a solution that offers security and fail-safety together with the existing simple ease of implementation?如何,然後你會提出一個解決方案,提供了安全和故障安全連同現有的簡單易用的執行情況? I’m really interested to find out.我真的有興趣來一探究竟。
May 12th, 2005 at 12:57 pm 2005年5月12日在下午12時57分
In Java World we could allow the plugins to be executed in a limited rights environment or sandbox.在Java世界,我們可能會允許該插件被處決在一個有限的權利,環境或沙箱的限制。 So the plugins from unknown source cannot do anything nasty.因此,插件從來源不明,不能做任何惡劣的。
Secondly even if a plugin fails the site should continue.其次,即使未能插件網站應該繼續下去。 Again in Java world we achieve this by catching the execptions generated by the plugin, logging them, and move on to execute other plugins.再次在Java世界,我們實現這一目標捕捉execptions所產生的插件,伐木他們,並繼續執行其他插件。 The page should still display, albeit with reduced functionality.網頁應仍顯示,儘管縮減功能。
This is in essence what we need for plugins.這是在本質上是什麼,我們需要為插件。 In php world it is much harder to achieve.在PHP世界,這是更加難以實現。 So the fallback option is to have a public reveiew system of plugins and use only the ones with good reviews.因此,後備方案是有一個公共reveiew系統的插件和使用,只有那些具有良好評語。
Secondly we should always test the plugins in a test enironment before deployment.其次,我們要始終測試插件在測試enironment在部署之前。
Personally I prefer to look in the plugin code also to ensure something strange isn’t going on.我個人喜歡看在該插件代碼,也確保了一些奇怪的是,不打算對。
May 13th, 2005 at 8:43 am 2005年5月13日在上午8時43分
“In php world it is much harder to achieve.” “在PHP世界,這是更加難以實現” 。
It actually is not hard to achieve, it just is of little interest in this application.它其實並不難實現,它只是是興趣不大,在這方面的應用。 I doubt that the Wordpress developers target audience are grumpy Java developers who can’t figure out the PHP error settings.我懷疑,認為在WordPress發展的目標受眾是老百姓著想的Java開發誰不能計算出PHP的錯誤設置。 Either log them or set them to print please.無論是記錄他們或他們設為打印請。
May 14th, 2005 at 5:33 am 2005年5月14日在上午05時33分
@Christopher I think you misunderstood the comments. @克里斯托弗,我認為你誤解了意見。 It is about running plugins in a secure sandbox, which is much harder to do in php then in Java.它是關於插件運行在一個安全的沙箱,這是更難做在PHP ,然後在Java 。 I wasn’t talking about error settings.我是不是在談論錯誤設置。
May 16th, 2005 at 10:49 pm 2005年5月16日在下午10時49分
I think the plugin system, while very powerful, is fundamentally flawed.我覺得插件系統,而非常強大,是根本站不住腳的。 I find that calling apply_filters on a field is rather irritating.我覺得,要求apply_filters在一個領域是相當令人厭煩。 I would _much_ rather apply_filters to a post, because sometimes, you simply need to filter a field differently based on the surrounding data.我想_much_ ,而不是apply_filters到一個職位,因為有時,您只需要過濾的領域有不同的基礎上,周圍的數據。 And this would make the plugins work better outside the loop.這將使插件更好地開展工作外循環。
Btw: Which plugin we should stay away from?的BTW :哪位插件我們應該遠離?
May 16th, 2005 at 11:34 pm 2005年5月16日在下午11時34分
@Denis de Bernardy @丹尼斯德bernardy
I agree.我同意這一點。
My plugin problems was with a rss aggregator plugin.我的插件問題是一個RSS聚合器的插件。 In all fairness I had some settings wrong.在所有公平,我有一些設置是錯誤的。 However the way it bailed on me, bringing down the whole site made me realize the mine field we are sitting on不過,這樣的保釋我,使整個網站,使我認識到井田我們正坐在上
Plugins are like Business Rules.插件是一樣的業務規則。 One flawed business rule cannot bring down a BR engine.一個有缺陷的業務規則並不能帶來了溴引擎。 Similarly one errant plugin shouldn’t be able to bring down the site.同樣一個錯誤的插件應該無法把該網站。