The Importance of Escaping All The Things

WordPress.com VIP

Nick Daugherty is WordPress.com VIP Lead Engineer. Here he shares some important information about escaping in code and how that can increase security in WordPress sites anywhere in the world. 

If there’s one issue we flag more often than all others in code reviews…it’s escaping.

For starters, we should all agree that escaping (fundamentally, sanitizing input and escaping output) is a critical aspect of web application security. What may be less universally agreed upon is where to escape. On that point, we require “late escaping“- escaping as close as possible to the point of output – and further, we now require it everywherealways.

You may now be thinking:

“Do I really need to “late escape” everything? Always? Even core WordPress functions?”

We hear you. And, here’s why this is important to us:

In addition to some automated scanning, we manually review every line of code our VIP customers commit to the VIP platform. And…

View original post 601 more words

Loading IE Conditional Stylesheets in WordPress

Most web developers are familiar with the IE conditional comments that allow you to load a stylesheet only in Internet Explorer.

<!-- [if lt IE 9]>
   <link href="ie.css" rel="stylesheet" type="text/css">
<![endif]-->

Many new WordPress developers tend to just hardcode these conditional comments directly into their theme’s header.php file. The correct way to load stylesheets in WordPress is using the wp_enqueue_style() function.

add_action( 'wp_enqueue_scripts', 'enqueue_my_styles' );

function enqueue_my_styles() {
   global $wp_styles;
   enqeue_style( 'my-theme-ie', get_stylesheet_directory_uri() . 'ie.css' );
   //add_data function to add IE Condition
   $wp_styles->add_data( 'my-theme-ie', 'conditional', 'IE 9' );
}

 

PHP CodeSniffer – Coding standards

PHP CodeSniffer scan PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.

To install phpcs on ubuntu

pear install PHP_CodeSniffer

To list all installed coding standards

phpcs -i

I found great article on rtCamp site. you can read it here.

Give me some suggestion if you have !