[wp-hackers] Fwd: [GSoC - 2014] Introducing Myself
Ian Dunn
ian at iandunn.name
Tue Mar 11 17:29:19 UTC 2014
On 3/10/14, 12:27 PM, Deven Bansod wrote:
> Meanwhile, I have prepared a rough application draft for the Project
> Description on my blog.
Thanks Deven, this looks good :)
Here's a few things to take into consideration:
* Because the plugin will use custom post types, it's not necessary to
bulid a custom CSV exported. WordPress' export tool will already
recognize the data and is able to export it just like it would with
standard posts and pages.
In general, it's always best if you can leverage Core's API to do
something in a standard way, rather than reinventing the wheel.
* JavaScript can be used for data-validation on the client-side, to give
the user immediate feedback when they enter something invalid, but it's
important to remember that it also needs to be validated on the
server-side, since nothing on the client side can be trusted from a
security standpoint.
Validating on the client side is optional and improves UX, but
validating on the server side is mandatory to prevent things like SQL
injection.
http://codex.wordpress.org/Data_Validation
http://wordpress.tv/2011/01/29/mark-jaquith-theme-plugin-security/
* It's important to use gender-neutral language. The WordPress community
has a very high percentage of women involved at all levels, and using
only masculine pronouns can be unintentionally dismissive and exclusive.
I'm sure that you didn't mean anything like that; it's a hard habit to
get out of and something I catch myself doing too. But it's important
that we encourage each other to be more inclusive and keep each other
accountable.
More background info and alternatives are available at
http://geekfeminism.wikia.com/wiki/Nonsexist_language
Other than that, your proposal looks good and is on the right track. If
you haven't already, just make sure you're following the other
discussions about the Forms project on wp-hackers and #wordpress-gsoc so
that you can learn from them as well.
I also noticed you've got a few plugins in the wordpress.org repository,
which is great! That'll give you valuable experience and help you get
started quicker if your proposal is accepted. I took a quick look at
them and have a few suggestions:
* Instead of echo'ing HTML via PHP, you can close the PHP tag and output
the HTML raw, with PHP tags inserted as needed. That makes it much
easier to read.
For example:
https://plugins.trac.wordpress.org/browser/google-authenticator-per-user-prompt/trunk/views/token-prompt.php
* Rather than issuing SQL queries directly, you can almost always
achieve the same results with the WordPress API. For example,
get_posts() instead of SELECT * FROM $wpdb->posts.
That is generally easier, more performant, more secure and more
future-proof.
http://codex.wordpress.org/Function_Reference can be helpful to get an
learn what's available to you.
* It's important to use meaningful variable names. Names like $a and $r
require anyone reading the code to go through it line by line to figure
out what it's doing, rather than it being obvious.
* It's best to follow the WordPress coding standards at
http://make.wordpress.org/core/handbook/coding-standards/ so that your
code is consistent with the rest of the community.
Thanks for the work you've put into your proposal and plugins, and good
luck with the process. Let me know if there's anything I can do to help.
More information about the wp-hackers
mailing list