gazchap.com

WordPress Plugin Security Alert

On 4th October 2019

Earlier this week, a friend (who, for the purposes of this post is named Stephen) relayed a story to me of an email that one of his friends had received recently.

This friend – let’s call him John – runs a local business that requires advance bookings from customers. He runs his entire booking calendar through his website, and as well as customers being able to register an account and book through the website, he can also create bookings on behalf of customers from the administration panel.

It’s this latter scenario that gave rise to the situation I’m about to delve into. John had booked this customer in to his calendar through the admin panel of his WordPress-powered website, and the customer received a confirmation email containing a “Manage Account” link.

The customer clicked this link to view his booking details, and was surprised to find that he could see a lot more bookings than just his own! He, very responsibly, emailed John to let him know, who then in turn got in touch with Stephen (who had built the website) and Stephen then relayed this whole story to me.

Immediately my ears pricked up – that’s not a great situation for a customer to find, as it suggests deep-seated problems with the website’s security, so I volunteered to take a look. The following is what I found…

WooCommerce: getAddress.io Postcode Lookup

By gazchap

On 25th February 2019

In WordPress, WordPress Plugins

Update: Version 2.2 released on 10th February 2022, on the WordPress plugin repository.

This, my third WordPress plugin (and also my third WooCommerce plugin, apparently I really like doing stuff with WooCommerce!) adds a postcode lookup tool to the checkout in WooCommerce 3.x that lets your UK-based customers quickly fill in their billing/shipping addresses based on their postcode.

It utilises the great getAddress.io API for the postcode lookup, and as such requires an API key for their service. I’d always recommend the £10 per month pricing plan, simply because it offers the best value, but they have a number of others available.

WooCommerce: Purchase Order Payment Gateway

By gazchap

On 20th February 2018

In WordPress, WordPress Plugins

Update: Version 1.1.5 released on 4th May 2021, on the plugin repository.

A recent project required the ability for customers on a client’s WooCommerce website to be able to request an invoice for their order (and thus pay offline) – but with the added twist that it required a Purchase Order number. This twist meant that simply changing the name of WooCommerce’s built-in “Offline” gateway was not enough.

I had a quick look around and found an existing plugin for WooCommerce that added this functionality, but as seems to be common when I do this, the functionality left a little bit to be desired.

First of all, the plugin required the customer to enter a postal address for the invoice (and curiously, didn’t automatically pull through the customer’s billing address) – I only needed a Purchase Order number field.

Additionally, it wasn’t very well internationalised – some strings were set as translated, but others – particularly in the HTML output that the plugin generated on the front-end and the admin back-end, were not.

So, I’ve taken it upon myself to learn a bit more about WooCommerce’s Payment Gateway API, and have written my own – which you can download below.

How to enable checkbox lists for non-hierarchical taxonomies in WordPress

By gazchap

On 10th February 2018

In Coding, WordPress

WordPress’ taxonomy features are one of the most powerful aspects of the platform, giving you the capabilities to group posts (including custom post types) in pretty much as many ways as you can think of.

There are two types of WordPress taxonomy – hierarchical and non-hierarchical. In case it’s not obvious from the name, a hierarchical taxonomy has a hierarchy – that is, you can create terms that are children of a parent term (and even children of those children) – standard post categories in WordPress are an “out of the box” example of a hierarchical taxonomy.

A non-hierarchical taxonomy has no parent/child structure, and is basically just a “flat” list of terms. Post tags are the “out of the box” example here.

When you’re developing a plugin for WordPress (or maybe even a theme) you may find that you have a need to create custom taxonomies – for example, if creating a plugin for a property/real estate website, you may have a custom taxonomy for “Property Type”, that contains terms like “House”, “Apartment” etc.

It’s at this point that you may run into a bit of an annoyance with the default WordPress user interface…

WooCommerce: Use Product Images as Category Images

By gazchap

On 5th October 2017

In WordPress, WordPress Plugins

Update: Version 1.3.1 released on the 25th August 2020.

So, earlier this morning I found myself wishing that WooCommerce had the capability to use a product thumbnail when displaying a category link in situations where the category doesn’t have its own thumbnail defined.

I went on a bit of a hunt and found a couple of small plugins. One didn’t work at all, which I attribute mainly to it having not been updated for two years and much changing in both WordPress and WooCommerce since then, and another one that I found didn’t work until I made a couple of code changes – and had a couple of noteworthy problems;

it would only fetch product thumbnails from that immediate category – not delving deeper down into the category tree and fetch product thumbnails from child categories, and
it did no filtering for products that had no thumbnails set, so would in some cases return products that had no thumbnail

So, I’ve made my own. A zip download can be found below, you just need to drop the folder inside it into your wp-content/plugins folder and then activate the “WooCommerce Category Product Thumbnails” plugin.

I’m using WordPress 4.9.4 and WooCommerce 3.3.0 – please let me know in the comments if it doesn’t work on other versions.

Update version 1.1 – 23rd March 2018: Add option (found under WooCommerce -> Settings -> Products -> Auto Category Thumbnails) to change the image size used for the automatic thumbnails. By default it remains as “shop_thumbnail”, but you may find that “shop_catalog” is a better choice.

Download

Download the plugin from the WordPress Plugin Repository

Source

This plugin is open-source – view the source code on the GitHub repository.

Security isn’t a dirty word, Blackadder

By gazchap

On 10th July 2017

In Security, WordPress

I’m often surprised at just how some websites treat their users when it comes to security.

As any decent website developer knows, one of the basic tenets of application security is that you should never store a user’s password in an unencrypted format – and you shouldn’t really be storing a password in an encrypted format, either. The correct way to deal with storing a password is to use a password hashing algorithm (note: “password hashing”, not just “hashing”)

I’m not going to pretend that I’m perfect at this. It took me an embarrassingly long time to stop using MD5 for hashing passwords in my code (although, in my defence, it was at least salted and not just a straight hash) but I caught up with the zeitgeist and all’s well again. Of course, it seems these days I do most of my work with existing frameworks and applications, so don’t really have to worry too much about that kind of thing any more.

The fact that there are so many frameworks and other tools out there to help devs with this kind of thing just makes it all the more upsetting when I see someone doing it so drastically wrong. Someone like whoever it was that developed KidsPass.co.uk

For those unfamiliar, Kids Pass is a website aimed at parents that offers many discounts and other offers on things to do with their little’uns. It’s not a website aimed at children, which is just as well because with password security as poor as theirs that would be absolutely terrifying.

Alien: Covenant – Movie Review

By gazchap

On 14th May 2017

In Movies

WARNING: Contains minor spoilers.

Those who know me will know that the Alien franchise is, hands-down, my favourite series of movies of all time. I am too young to have actually seen any of the “original” four at the cinema (when they were released, at least) but I have since seen Alien (the Director’s Cut) on the big screen, Prometheus and now Ridley Scott’s new release, Alien: Covenant. I don’t really count the AvP movies as part of the franchise, although I did go and see them when they were released.

It occurred to me as I was planning this review out, that I haven’t actually written any sort of review or retrospective on the other movies in the franchise, which I really must do – but first, a review of Covenant.

Into the thick – the Black Country Living Museum

By gazchap

On 12th May 2017

In Reviews

A week ago, Jem and I took the kids on a semi-planned day trip out to the Black Country Living Museum in Dudley.

I’d not been before, but the name made it sound like it would be right up my street, being a little bit like Blists Hill Victorian Town in Coalport, which is just down the road from us and (from what I remember) is a cracking museum for kids and adults alike.

On arrival, we met up with a couple of friends and made our way into the entrance.

Guardians Of The Galaxy Vol. 2 – Movie Review

By gazchap

On 30th April 2017

In Movies

WARNING: Contains spoilers.

The first Guardians Of The Galaxy movie (from hereon referred to as GotG) was a smash hit for Marvel Studios when it came out in 2014, raking in over $750 million at the box office. It was considered a refreshing change from previous Marvel movies, with more humour and, crucially, a setting that did not involve Earth.

Pac-Man Championship Edition 2 (PC)

By gazchap

On 20th September 2016

In Games

Hey there, readers! It’s been almost a year since my last post on here, because I’m a complete and utter prat who keeps forgetting that this domain name even exists. Still, never mind, I’m here now, eh?

What’s brought me back into the fold, you may ask? Well, it’s the hotly anticipated release of Pac-Man Championship Edition 2 on the PC (and various other platforms, but I do 99% of my gaming on a PC, so the PC version is what we’re talking about here.)