Cachingproblems ( solution) and some security improvements

  • janalwin

    (@janalwin)


    11 years, 9 months ago

    HAllo,

    Changes disappeared when editing posts. After some searching, I discovered that the problem was the caching plugin I was using.
    I adjusted the code, to wipe the cache after a change by this plugin.

    I also improved security by using nonces in the ajax request and forcing the id’s in the queryies to be integers.

    Can these be integrated in the plugin?

    Here the functions I changed:

    function update_menu_order() {
        global $wpdb;

        check_ajax_referer( 'hicpo-update-menu-order-nonce', 'hicpo_security' );

        if ( !current_user_can( 'edit_posts' ) ) {
            exit;

        }

        parse_str($_POST['order'], $data);

        if (is_array($data)) {

            // ページに含まれる記事のIDをすべて取得
            $id_arr = array();

            foreach ($data as $key => $values) {
                foreach ($values as $position => $id) {
                    $id_arr[] = $id;
                }
            }

            // ページに含まれる記事の menu_order をすべて取得
            $menu_order_arr = array();
            foreach ($id_arr as $key => $id) {
                $results = $wpdb->get_results("SELECT menu_order FROM $wpdb->posts WHERE ID = " . intval($id));
                foreach ($results as $result) {
                    $menu_order_arr[] = $result->menu_order;
                }
            }
            // menu_order 配列をソート(キーと値の相関関係は維持しない)
            sort($menu_order_arr);

            foreach ($data as $key => $values) {
                foreach ($values as $position => $id) {
                    $wpdb->update($wpdb->posts, array('menu_order' => $menu_order_arr[$position]), array('ID' => intval($id)));

                    // clear cache change JADJ 2014-09-04
                    if (empty( $_wp_suspend_cache_invalidation ) ) {
                         wp_cache_delete( intval($id), 'posts' );
                    }

                }
            }

        }
    }

 function load_script_css() {

        if ($this->_check_load_script_css()) {

            // load JavaScript

            wp_enqueue_script('jquery');
            wp_enqueue_script('jquery-ui-sortable');
            wp_enqueue_script('hicpojs', HICPO_URL . '/js/hicpo.js', array('jquery'), null, true);

            // make nonce accessible in js.
            wp_localize_script('hicpojs', 'hicpo', array("security"=>wp_create_nonce('hicpo-update-menu-order-nonce')));

            // load CSS

            wp_enqueue_style('hicpo', HICPO_URL . '/css/hicpo.css', array(), null);

        }
    }

    And here the new version of hicpo.js:

    (function($){
	$("#the-list").sortable({
		'items': 'tr',
		'axis': 'y',
		'helper': fixHelper,
		'update' : function(e, ui) {
			$.post( ajaxurl, {
				action: 'update-menu-order',
                                hicpo_security: hicpo.security,
				order: $("#the-list").sortable("serialize"),
			});
		}
	});
	//$("#the-list").disableSelection();

	var fixHelper = function(e, ui) {
		ui.children().children().each(function() {
			$(this).width($(this).width());
		});
		return ui;
	};

})(jQuery)

    https://ww.wp.xz.cn/plugins/intuitive-custom-post-order/

Viewing 1 replies (of 1 total)
  • Plugin Author hijiri

    (@hijiri)

    11 years, 4 months ago

    hi, janalwin.

    thanks for the feedback and your code.

    I will adopt your code.

    thanks!

Viewing 1 replies (of 1 total)

The topic ‘Cachingproblems ( solution) and some security improvements’ is closed to new replies.