Today I learned that the GitHub Checkout actions sets the http.[..].extraheader config flag which silently applies to all git commands and prevents the use of any other tokens. Even with all my effort to isolate the CI tasks from the runner environment, this one config leaked through…
What do you use for time tracking? The UX of some of these apps (like https://timemator.com) is incredible.
Just finished writing an email summary of all the content I've been posting on socials over the past few days. Go to https://wpelevator.com to subscribe!
The change restricting the use of custom Git updater plugin headers (that I wrote about yesterday https://x.com/konstruktors/status/1845777730933064000) has been reverted, see https://github.com/WordPress/plugin-check/pull/720
My post from yesterday:
Tried Windows for gaming — Xbox controllers randomly stop connecting, windows update in the background makes everything slow. Launch Steam which launches EA launcher which maybe self updates and asks to login again. Whaaaat?
Let’s all recognize the value of https://WPackagist.org giving us WP-org zips via Composer. Most enterprise projects either use it directly or through a private packagist middleware.
Can we all help them reach the $150/m funding goal? https://github.com/sponsors/outlandishideas?o=esb
The new WP-org plugin submission checker now restricts headers that allow updates from GitHub and other third-party sources! Here is the pull request introducing the change: https://github.com/WordPress/plugin-check/issues/669
Responded to @kasparsd:
The patch applied to SCF simply clears out the $_REQUEST global variable that would be available to any such callback function like it already did with $_POST variable before the change.
The ACF vulnerability that is "fixed" by the Secure Custom Fields plugin is not an actual vulnerability. The updated code path gets executed only if:
1. You're using ACF to define custom post types or taxonomies,
2. AND an administrator-level user has specified a custom metabox callback function that (a) already exist in your codebase and (b) is somehow malicious.
Responded to @kasparsd:
There are tools like https://github.com/humbug/php-scoper or https://github.com/coenjacobs/mozart but they don't solve the problem of rewriting the composer.json to exclude the scoped dependencies, for example.
For utility binaries there are now "shim" packages like https://github.com/wp-cli/wp-cli-shim or tools like https://github.com/bamarni/composer-bin-plugin to pull them in into isolated directories.
The complexity of isolating or scoping PHP dependencies is the main reason why WordPress developers don't rely on re-usable packages. Ideally, this would be solved at the Composer level like NPM does it for Node.js. Like PHAR but for libraries.
I’m really looking forward to inline blocks in WordPress which are code named “bits” for now. See this comment on GitHub for videos of the potential user experience for them. https://github.com/WordPress/gutenberg/discussions/39831#discussioncomment-9895203
Do you use Threads? You can find me there too at @wpelevator@threads.net.
I use Buffer to schedule and cross-post all my content for easy access on whichever platform you prefer.
"Don't roll your own crypto" they say. I've decided to roll my own online course platform with WordPress because all existing plugins and tools do too much for what is really needed. I've really enjoyed the custom platforms that https://wesbos.com and https://ian.is have built.
For a weekend project I built a 12V UPS that can power 35W for around 2h. There is a boost converter in line that brings it up to 48V for PoE cameras and other devices while the NVR and the mini PC sip 12V directly.
How do you keep track of links across the site to ensure they're up to date? On relatively new sites I often find myself updating page and post slugs which then requires replacing all references.
Safari bookmarks bar on macOS now supports favicons and empty titles so I can finally switch from Chrome to Safari on Desktop. It was the only thing keeping me using Chrome.
How are you navigating to frequently visited sites?
Responded to @carstingaxion:
@carstingaxion I didn’t check, no 😅 I imagined there would be one. Is it this? https://github.com/WordPress/gutenberg/issues/41606
WordPress themes used to embrace Microformats which helped search engines extract semantic content without needing a plugin that prints JSON-LD schema.
How do we solve this with blocks when different content elements can be anywhere? Is it time to have basic JSON-LD implementation in core?
WP Inspector is a Chrome extension that gives you quick access to the login link of any WordPress site, along with information about the current view type (single, page, archive) and REST API links for the current request.
Get it from the Chrome web store: https://chromewebstore.google.com/detail/wp-inspector/ilamkjihnomdekgagflnjjnkdnomcjbl
And check out the source code on GitHub: https://github.com/wpelevator/wp-inspector-browser-extension