12 thoughts on “New FBFoundations Features and Updates

  1. Thoughts:

    You don't need to include the jquery js file in the plugin any more, since you're using the enqueue script method.

    Your options subpanel still has major security issues. Basically, without nonce or user cap checking, somebody could modify your settings. Since the api_key isn't validated and output on the page itself, you have a cross-site-scripting vulnerability. It would be fairly easy to hack your site with this hole, all somebody would need is a valid login to the site (not an admin login).

    If somebody does use the popup feature, it always pops up for people who disable cookies by default (or who force them to be session only, which is pretty common place). Kind of misfeature, I feel.

    The title and description thing is neat, however it's possible that some sites already have this information. Should really be optional, for those two at least. The medium and image source stuff is fine, can't see those interfering much.

    WordPress 2.9 includes new ways of specifying video includes, which end up using embeds. It might be worthwhile to add support for video_src too.

    Like

  2. Bruno, no PHP – it's just CSS. You should just be able to edit the
    style.css file in your theme's main directory and set the style for the
    share button accordingly. I haven't looked at it enough to be able to say
    which class or id you need to change though.

    Like

  3. Thoughts:

    You don't need to include the jquery js file in the plugin any more, since you're using the enqueue script method.

    Your options subpanel still has major security issues. Basically, without nonce or user cap checking, somebody could modify your settings. Since the api_key isn't validated and output on the page itself, you have a cross-site-scripting vulnerability. It would be fairly easy to hack your site with this hole, all somebody would need is a valid login to the site (not an admin login).

    If somebody does use the popup feature, it always pops up for people who disable cookies by default (or who force them to be session only, which is pretty common place). Kind of misfeature, I feel.

    The title and description thing is neat, however it's possible that some sites already have this information. Should really be optional, for those two at least. The medium and image source stuff is fine, can't see those interfering much.

    WordPress 2.9 includes new ways of specifying video includes, which end up using embeds. It might be worthwhile to add support for video_src too.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s