Bugs, questions, suggestions

Resolved ov3rfly
(@ov3rfly)

4 years, 5 months ago
Remove Comments from admin should also remove comments columns in posts/pages/media/etc. list view, considered as a bug.

How can we test if Disable XML-RPC works? Currently a call of example.com/xmlrpc.php still shows a message:
```
XML-RPC server accepts POST requests only.
```
Considered as maybe a bug.

Could Disable XML-RPC also remove
```
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://example.com/xmlrpc.php?rsd" />
```
or similar which is added in wp_head rsd_link action?

Could you add removal of wp_head wlwmanifest_link action?

Could you add removal of wp_head wp_shortlink_wp_head and template_redirect wp_shortlink_header action?

Could you add removal of wp_head wp_generator action?

Could you add removal of wp_head rest_output_link_wp_head and template_redirect rest_output_link_header action?

Could you enhance Remove WordPress logo on login screen with Replace WordPress logo on login screen with site icon if present, example code:
```
function ov3rfly_login_enqueue_scripts() {
	if ( has_site_icon() ) {
?>
<style type="text/css">
.login #login h1 a {
	background-image: url("<?php echo get_site_icon_url( 192 ); ?>"); // 192 retina/hires, 84 normal
}
.login #login h1 a:focus {
	-webkit-box-shadow: none;
	box-shadow: none;
}
</style>
<?php
	}
}
add_action( 'login_enqueue_scripts', 'ov3rfly_login_enqueue_scripts' );
```
Could you add Replace WordPress logo link on login screen with site url, example code:
```
function ov3rfly_login_headerurl( $url ) {
    return get_bloginfo( 'url' );
}
add_filter('login_headerurl', 'ov3rfly_login_headerurl' );
```
Thanks for the plugin, greatly appreciated.

No Nonsense 1.3.0, WordPres 5.8.2

Viewing 15 replies - 1 through 15 (of 34 total)

1 2 3 →

Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

Thanks for these suggestions. It’s possible the code that’s disabling XML-RPC is being hooked too late. I’ll investigate that as well.
Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago
Thanks again for all of these excellent suggestions. I have implemented all of them in version 1.4.0 which should be available momentarily.

Regarding the XML-RPC issue, WordPress no longer allows the complete disabling of XML-RPC programmatically; setting the option to disable it only disables XML-RPC requests that require login.

I added a new option in 1.4.0 to kill XML-RPC processes early. But since this functionality is self-contained within the plugin, WordPress still has to load at least to the plugins_loaded hook, for this to kick in. So it’s not ideal as a way to block DDOS attacks. A better solution is to block access to xmlrpc.php directly in your site’s .htaccess file.
- This reply was modified 4 years, 5 months ago by Room 34 Creative Services, LLC.
Thread Starter ov3rfly
(@ov3rfly)

4 years, 5 months ago
Thanks for quick response and fast plugin update.

Almost happy with everything, some further questions, suggestions:

With Remove Comments from admin would recommend to also include custom post types columns, could be confusing otherwise.

And just noted that Comments should be also removed in dashboard_glance_items.

Question for Remove Comments from admin, you are also removing $columns['likes'] – where does this field come from?

An important part at shortlink and rest_output removal suggestions were these http response headers:
- template_redirect wp_shortlink_header action
- template_redirect rest_output_link_header action
These are unfortunately still there and leaking the links. Could be wrong priority (should be 11) and/or timing of remove_action code.

About kill xmlrpc early, would suggest to add a status_header( 403 ); before exit();

And Log Out button could use colors from WP Admin Color Scheme, would look much better, imho.

No Nonsense 1.4.1, WordPres 5.8.2
- This reply was modified 4 years, 5 months ago by ov3rfly. Reason: Log Out button color suggestion
- This reply was modified 4 years, 5 months ago by ov3rfly. Reason: Log Out button color suggestion, template_redirect note
Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

Regarding removing comments from CPTs — those require variable hooks, which I was under the impression could not be coded with the variable name in them (but maybe I just don’t completely understand how they work); in other words it’s my impression that I would need to know (and hardcode) the CPT name in as the hook. But in any case, it was my assumption that if a developer coded their CPT to support comments, they wouldn’t want comments deactivated. But I guess I’m thinking in terms of my “day job” and writing CPTs for a custom theme, vs. the CPTs that exist in plugins like WooCommerce or The Events Calendar. (Good example though — Woo uses the comment system for critical functionality so I shouldn’t allow it to be disabled there.) In general I think it’s best to keep this to core functionality.

Regarding “likes” — honestly I have no idea where it comes from but it was there on my sandbox site. Might be from a plugin, so I should refer back to my last paragraph and remove it, since I’m avoiding altering the behavior of other plugins.

Do you have a suggestion for how I can test for those two template_redirect headers? I was just watching what was showing up in the head on a standard page load on my test site and I’m not encountering them.

Good call on the 403 status.
Thread Starter ov3rfly
(@ov3rfly)

4 years, 5 months ago
Did not find a 'likes' column in a fresh WP 5.8.2, that’s why I asked.

You can see the Link: headers e.g. at your own UNDERDOG of PERFECTION blog frontpage and single post view with your browser at Inspector / Network tab / Reponse headers.

The priority of actions can be seen in file wp-includes/default-filters.php
```
add_action( 'template_redirect', 'wp_shortlink_header', 11, 0 );
..
add_action( 'template_redirect', 'rest_output_link_header', 11, 0 );
```
Documentation of remove_action() says this, that’s why I pointed out wrong priority:

To remove a hook, the $callback and $priority arguments must match when the hook was added.
Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago
Thanks… I’m trying to track down where likes is coming from on my test site right now. My assumption would be that it’s a Jetpack thing, but I don’t have Jetpack active on my test site. I’m also going to switch my test site to using the Twenty Twenty-one theme to make sure I’m not missing (or inadvertently adding) anything else.

I overlooked the priority on those template_redirect actions… thanks for clarifying.
- This reply was modified 4 years, 5 months ago by Room 34 Creative Services, LLC.
Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

It looks like the dashboard_glance_items filter just handles adding extra items to the At a Glance widget. It can’t modify the default Posts/Pages/Comments items. I could hide it with CSS or remove it with jQuery but that’s getting a bit kludgy. (I may still do it eventually but it would require using wp_localize_script() which I haven’t set the plugin up to handle yet.)

Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

Version 1.4.2 is on its way, with all of these issues addressed, except the dashboard_glance_items issue as noted above.

Thread Starter ov3rfly
(@ov3rfly)

4 years, 5 months ago

Thanks again for quick feedback.

The template_redirect removals are still not working. The removal function r34nono_remove_head_tags seem to be currently called in wp_head action, if I understand the code right, while for the template_redirect cases their removal should be called earlier, like in init or wp action.

Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

Strange… it seemed in my testing like it was working, but what you’re saying makes sense. I’ll review again.
Thread Starter ov3rfly
(@ov3rfly)

4 years, 5 months ago
About At a Glance, there would be a way to hook into it by returning an object with 0 for $num_comm->approved and $num_comm->moderated which might bypass the output. This could be a starting point:
```
function ov3rfly_wp_count_comments( $stats_object, $post_id ) {
	if ( is_admin() ) {
		if ( $screen = get_current_screen() ) {
			if ( $screen->id === 'dashboard' ) {
				// return object with 0 entries here
			}
		}
	}
	return $stats_object;
}
add_filter( 'wp_count_comments', 'ov3rfly_wp_count_comments', 10, 2 );
```
But the returned object would maybe also have to be adjusted for another dashboard widget Site Activity which also contains information about comments.

This approach might be a rabbit hole though, needs thinking through the whole process, reading core code, could other widgets like antispam plugins be affected, etc.
Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

Before I implement the change, would you mind testing it on your end since you’re seeing the problem and I’m not (at least not consistently)?

It just requires one small code change. In class-r34nono.php, line 167 (in version 1.4.3), change this:

'hook' => 'wp_head',

…to this:

'hook' => 'init',

That’s really what it should be anyway, so I’m going to make the change, but I’d like to know first if it fixes the problem for you. Thanks!

Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

Regarding the At a Glance issue, the Comments link only appears there if the site actually has comments, so it may be best to leave it. For example, on my blog I no longer allow comments, but I used to, so it’s helpful to see, somewhere, that there are comments in the system. Likewise, if a site isn’t properly protecting against spam comments, it might be good to have a way to know the database is filling up with them.

Anyway… that is probably just a bit of an excuse for not taking any further action on this. But I agree it gets to be a bit of a rabbit hole, and the payoff is pretty minimal, since my intended purpose in the plugin is just to remove the Comments from areas where site admins might contend with it unnecessarily on a regular basis, and I bet most people never even look at At a Glance anyway. (And if an administrator desperately wants to prevent the link from showing up there, they might just want to disable the entire widget.)
Thread Starter ov3rfly
(@ov3rfly)

4 years, 5 months ago
It fixes the problem if I change it to init and also to wp, but you had your reasons to use wp_head there, because that group is meant to remove wp_head actions.

So maybe instead of “hacking” your own code, another new second function would be advisable for template_redirect removals.

About At a Glance, there would be a way to hook into it by returning an object with 0 for $num_comm->approved and $num_comm->moderated which might bypass the output. This could be a starting point:
```
function ov3rfly_wp_count_comments( $stats_object, $post_id ) {
	if ( is_admin() ) {
		if ( $screen = get_current_screen() ) {
			if ( $screen->id === 'dashboard' ) {
				// return object with 0 entries here
			}
		}
	}
	return $stats_object;
}
add_filter( 'wp_count_comments', 'ov3rfly_wp_count_comments', 10, 2 );
```
But the returned object would obviously also have to be adjusted for another dashboard widget Site Activity which also contains information about comments.

This approach might be a rabbit hole, needs thinking through the whole process, reading core code, could other widgets like antispam plugins be affected, etc., maybe not a good solution in the end.
Plugin Author Room 34 Creative Services, LLC
(@room34)

4 years, 5 months ago

It fixes the problem if I change it to init and also to wp, but you had your reasons to use wp_head there, because that group is meant to remove wp_head actions.

True, but it’s just a bunch of remove_action() and add_filter() calls that are not all applying to the same hook. I think it makes sense to put them in init. When I had it set to wp_head I was having to use priority 1 to make it all work. (And, obviously, it still wasn’t.)

Viewing 15 replies - 1 through 15 (of 34 total)

1 2 3 →

The topic ‘Bugs, questions, suggestions’ is closed to new replies.