gehrcke.de » PHP/HTML/CSS

My first WordPress plugin: WP-GeSHi-Highlight

Jan-Philip Gehrcke — Sat, 20 Nov 2010 22:29:40 +0000

Due to several reasons, some days ago I started to write my own syntax highlighting plugin for WordPress. At this point, I’m quite content with the outcoming.

I call it WP-GeSHi-Highlight, as it is based on GeSHi. I’ve started to create a fixed website for it: http://gehrcke.de/wp-geshi-highlight
And I’m about to release version 1.0.0. But before I do so, I test it on my own blog by presenting its own source code here. Technical details can be found in there.

// This is the entry point of the plugin (Right after Wordpress is done

// processing the user request, setting up `$wp_query` etc, and right before the

```
// template renders the HTML output.
```

add_action('template_redirect', 'wp_geshi_main');

```
 
```
```
 
```
```
function wp_geshi_main() {
```

    global $wp_geshi_codesnipmatch_arrays;

```
    global $wp_geshi_run_token;
```
```
 
```

    // Generate unique token. Code snippets will be replaced by it (+snip ID)

    // temporarily during the action of this plugin.

    $wp_geshi_run_token = md5(uniqid(rand())); // from Ryan McGeary

```
 
```

    // Filter all post/comment text and save and replace code snippets.

    wp_geshi_filter_and_replace_code_snippets();

```
 
```

    // If we did not find any code snippets, it's time to leave...

    if (!count($wp_geshi_codesnipmatch_arrays)) return;

```
 
```

    // `$wp_geshi_codesnipmatch_arrays` is populated. Work on it: it's now

    // GeSHi's part: highlight the code an generate CSS code.

    wp_geshi_highlight_and_generate_css();

```
 
```

    // Now, `$wp_geshi_css_code` and `$wp_geshi_highlighted_matches` are set.

    // Add action to add CSS code to HTML header.

    add_action('wp_head', 'wp_geshi_add_css_to_head');

```
 
```

    // Add low priority filter to replace unique identifiers with highlighted

```
    // code.
```

    add_filter('the_content', 'wp_geshi_insert_highlighted_code_filter', 99);

    add_filter('the_excerpt', 'wp_geshi_insert_highlighted_code_filter', 99);

    add_filter('comment_text', 'wp_geshi_insert_highlighted_code_filter', 99);

```
    }
```
```
 
```
```
 
```

// Parse all post texts and comment texts (the latter only in case of single

// pages). While iterating over these texts, do the following:

// - detect  code code code  parts.

// - save these parts in a global variable.

// - modify post/comment texts: replace code parts by a unique token.

function wp_geshi_filter_and_replace_code_snippets() {

```
    global $wp_query;
```

    // Iterate over all posts in this query.

    foreach ($wp_query->posts as $post) {

        // Extract code snippets from the content. Replace them.

        $post->post_content = wp_geshi_filter_replace_code($post->post_content);

```
        if (is_single()) {
```

            $comments_array = get_approved_comments($post->ID);

            // Iterate over all approved comments belonging to this post.

```
            // Filter them, too.
```

            foreach ($comments_array as $comment) {

                $comment->comment_content = wp_geshi_filter_replace_code(

                    $comment->comment_content);

```
                }
```
```
            }
```
```
        }
```
```
    }
```
```
 
```
```
 
```

// Search for all code occurrences. Save them in a global var.

// Replace them with unambiguous identifiers.

// `wp_geshi_substitute($match)` is called for each match.

// A `$match` is an array, following the sub-pattern of the regex:

```
// 0: all
```
```
// 1: language
```
```
// 2: line
```
```
// 3: escaped
```
```
// 4: cssfile
```
```
// 5: code
```

function wp_geshi_filter_replace_code($s) {

```
    return preg_replace_callback(
```

        "/\s*\"']([\w-]+)[\"']|line=[\"'](\d*)[\"']"

        ."|escaped=[\"'](true|false)?[\"']|cssfile=[\"']([\S]+)[\"']|\s)+>".

```
        "(.*)<\/pre>\s*/siU",
```

        "wp_geshi_store_and_substitute",

```
        $s
```
```
        );
```
```
    }
```
```
 
```
```
 
```

// Store code snippet data. Return unambiguous identifier for this code snippet.

function wp_geshi_store_and_substitute($match_array) {

    global $wp_geshi_run_token, $wp_geshi_codesnipmatch_arrays;

```
 
```

    // count() returns 0 if the variable is not set already.

    // We need this index for the identifier of this code snippet.

    $match_index = count($wp_geshi_codesnipmatch_arrays);

```
 
```

    // Elements of $match_array are strings matching the sub-expressions in the

    // big regular expression searching code. They contain

    // the arguments of  tag and the code snippet itself.

    // Store this array for later usage. Before, store the match index as last

```
    // array element to `$match_array`.
```
```
    $match_array[] = $match_index;
```

    $wp_geshi_codesnipmatch_arrays[$match_index] = $match_array;

```
 
```

    // Return a string that is unambiguously to identify during another filter

    // run. This string replaces the code code snippet for now.

    return "\n".$wp_geshi_run_token."_".

        sprintf("%06d",$match_index)."
\n"; // from Ryan McGeary

```
    }
```
```
 
```
```
 
```

// Iterate over all match arrays in `$wp_geshi_codesnipmatch_arrays`.

// Perform syntax highlighting and store the resulting string back in e.g.

// `$wp_geshi_highlighted_matches[$match_index]`.

// Generate CSS code and append it to global `$wp_geshi_css_code`.

function wp_geshi_highlight_and_generate_css() {

    global $wp_geshi_codesnipmatch_arrays;

```
    global $wp_geshi_css_code;
```

    global $wp_geshi_highlighted_matches;

    global $wp_geshi_requested_css_files;

```
 
```
```
    // When we're here, code was found.
```

    // Time to get the highlight machine running...

```
    include_once("geshi/geshi.php");
```
```
    $wp_geshi_css_code = "";
```

    foreach($wp_geshi_codesnipmatch_arrays as $match_index => $match) {

            // process the match details. the correspondence is explained at

            // function `wp_geshi_filter_replace_code()`.

            $language = strtolower(trim($match[1]));

```
            $line = trim($match[2]);
```
```
            $escaped = trim($match[3]);
```
```
            $cssfile = trim($match[4]);
```

            $code = wp_geshi_code_trim($match[5]);

```
            if ($escaped == "true")
```

                $code = htmlspecialchars_decode($code); // from Ryan McGeary

```
 
```
```
            // set up GeSHi
```

            $geshi = new GeSHi($code, $language);

            $geshi->enable_keyword_links(false);

```
            $geshi->enable_classes();
```
```
            if ($line) {
```

                $geshi->enable_line_numbers(GESHI_NORMAL_LINE_NUMBERS);

                $geshi->start_line_numbers_at($line);

```
                }
```

            $geshi->set_header_type(GESHI_HEADER_PRE_VALID);

            $wp_geshi_css_code .= $geshi->get_stylesheet();

```
 
```
```
            $output = "";
```

            // cssfile "none" means no wrapping styling at all!

```
            if ("$cssfile" != "none") {
```
```
                if (empty($cssfile))
```

                    // for this code snippet we need the default css file!

                    $cssfile = "wp-geshi-highlight";

                // append "the css file" to the array..

                $wp_geshi_requested_css_files[] = $cssfile;

                $output .= "\n\n".'.$cssfile.'-wrap5">'.

                           '.$cssfile.'-wrap4">'.

                           '.$cssfile.'-wrap3">'.

                           '.$cssfile.'-wrap2">'.

                           '.$cssfile.'-wrap">'.

                           '.$cssfile.'">';

```
                }
```

            $output .= $geshi->parse_code();

```
            if ("$cssfile" != "none")
```
```
                $output .= '
```

'."\n\n";

            $wp_geshi_highlighted_matches[$match_index] = $output;

    // At this point all code snippets are parsed. highlighted code is stored.

    // CSS code is generated. Delete what's not necessary anymore.

    unset($wp_geshi_codesnipmatch_arrays);

function wp_geshi_insert_highlighted_code_filter($content){

    global $wp_geshi_run_token;

    return preg_replace_callback(

        "/\s*".$wp_geshi_run_token."_(\d{6})\s*<\/p>/si",

        "wp_geshi_get_highlighted_code",

        $content

        ); // from Ryan McGeary

function wp_geshi_get_highlighted_code($match) {

    global $wp_geshi_highlighted_matches;

    // Found a unique identifier. Extract code snippet match index.

    $match_index = intval($match[1]);

    // Return corresponding highlighted code.

    return $wp_geshi_highlighted_matches[$match_index];

function wp_geshi_code_trim($code) {

    // Special ltrim b/c leading whitespace matters on 1st line of content.

    $code = preg_replace("/^\s*\n/siU", "", $code); // from Ryan McGeary

    $code = rtrim($code); // from Ryan McGeary

    return $code;

function wp_geshi_add_css_to_head() {

    global $wp_geshi_css_code;

    global $wp_geshi_requested_css_files;

    echo "\n\n";

    // set up paths and names

    $csspathpre = WP_PLUGIN_DIR."/wp-geshi-highlight/";

    $cssurlpre = WP_PLUGIN_URL."/wp-geshi-highlight/";

    $csssfx = ".css";

    // echo all required CSS files

    // delete duplicates

    $wp_geshi_requested_css_files = array_unique($wp_geshi_requested_css_files);

    foreach($wp_geshi_requested_css_files as $cssfile)

        wp_geshi_echo_cssfile($csspathpre.$cssfile.$csssfx,

            $cssurlpre.$cssfile.$csssfx);

    // echo GeSHi CSS code if given

    if (strlen($wp_geshi_css_code) > 0)

        echo '\n";

function wp_geshi_echo_cssfile($path, $url) {

    if (file_exists($path)) {

        echo '.$url.

             '" type="text/css" media="screen" />'."\n";

// Set allowed attributes for pre tags. For more info see wp-includes/kses.php

// credits: wp-syntax (Ryan McGeary)

if (!CUSTOM_TAGS) {

    $allowedposttags['pre'] = array(

        'lang' => array(),

        'line' => array(),

        'escaped' => array(),

        'cssfile' => array()

);

  //Allow plugin use in comments

    $allowedtags['pre'] = array(

        'lang' => array(),

        'line' => array(),

        'escaped' => array(),

        'cssfile' => array()

);

?>

Note: I had to change the occurrences within to code to < / pre>… looks like something to think about and to add for the future…

WordPress vulnerability: Remote admin password reset

Jan-Philip Gehrcke — Tue, 11 Aug 2009 14:22:55 +0000

Today, a way was presented how to reset an admin’s password of a WordPress installation, by just calling http://domain.dom/wp-login.php?action=rp&key[]=

So please, as long as there is no official release fixing this problem, apply this changeset to your wp-login.php.

Simply change line 190 in wp-login.php to

    if ( empty( $key ) || is_array( $key ) )

Then the “arraytrick” does not work anymore. The trick was, that after bypassing if (empty($key)), the database is queried for all users having a blank user_activation_key field. This is true for all users by default (except for those, who have recently ordered an activation key for password reset). Hence, the database simply returns the first user, whose user_activation_key is empty. His password then is reset. This user is likely the admin, because he is the first user in the table.

Update:

The changeset named above is not the only change the WordPress developers made. As we can see from changeset 11800 and changeset 11801, the password reset is only done when the key is actually a string and the user calling the “reset password URL” is logged in. Both modifications are already branched, so you can take this wp-login.php or wait for the next official release.

Update2:

The official update to WordPress 2.8.4 is released! Update now!

Atahualpa Theme: remove header image outline on click

Jan-Philip Gehrcke — Sat, 13 Jun 2009 11:37:24 +0000

I am using the Atahualpa Theme and I think it’s annoying to get an outline around the header image while clicking on it by default. The outline is the dashed line around the header image that appears when you press your mouse button down while hovering over the image (at least in Firefox 3). There is a very easy way to remove it:

Add the following to your Appearance -> Athualpa Theme Options -> HTML/CSS inserts:

a:active, a:focus{outline: none}

Works for me

Bad looking Sabre registration form – let’s fix it!

Jan-Philip Gehrcke — Fri, 12 Jun 2009 21:11:47 +0000

I just installed Sabre 0.9.0 to have a secure registration form for my WordPress pages. Basically it’s a really nice plugin (thank you for providing it!), but I think the registration form is really bad looking by default:

default registration from using Sabre 0.9.0

After some changes in the code it looks like this:

registration form after some modifications

This is what I thought and did:

I want the user to be able to define his password at registration. So, “A password will be e-mailed to you” does not make any sense. Therefore I changed
wp-login.php line 418 to:
_e('An email will be sent to you.') ?>
The password strengh calculator is nonsense in this case. In this case, nobody uses a personal password getting evaluated as “strong”. And, while the calculator switches from “Too Short” to “Bad” when you have at least 4 chars, the password is actually still too short, because Sabre wants a password of 6 chars at minimum. Additionally, the note that one should use special characters looks bad. I kicked the whole notice out and chose a minimum of 4 chars:
In wp-content/plugins/sabre/classes/sabre_class.php comment out the lines 113/114:
//echo '' . __('Strength indicator') . '
'; //echo '' . __('Too short', 'sabre') . '
' . __('Hint: Your password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).');
Go to lines 326/327 and modify it to your required number of characters (in this case 4):
}elseif(strlen($_POST['user_pwd1'])<4){ $error_msg_text = __('Password length is less than 4 characters.', 'sabre');
Okay, these logical things are fixed now, but the design is still bad. You need to adjust wp-admin/css/login.css line 98 by adding the id’s #user_pwd1, #user_pwd2 and #captcha. It then looks like:
#user_pass, #user_login, #user_email, #user_pwd1, #user_pwd2, #captcha { font-size: 24px; width: 97%; padding: 3px; [...]

That’s it. Your registration form should now look like in the picture above.