New FBFoundations Features and Updates – Stay N Alive

12 thoughts on “New FBFoundations Features and Updates

  1. Thoughts:

    You don't need to include the jquery js file in the plugin any more, since you're using the enqueue script method.

    Your options subpanel still has major security issues. Basically, without nonce or user cap checking, somebody could modify your settings. Since the api_key isn't validated and output on the page itself, you have a cross-site-scripting vulnerability. It would be fairly easy to hack your site with this hole, all somebody would need is a valid login to the site (not an admin login).

    If somebody does use the popup feature, it always pops up for people who disable cookies by default (or who force them to be session only, which is pretty common place). Kind of misfeature, I feel.

    The title and description thing is neat, however it's possible that some sites already have this information. Should really be optional, for those two at least. The medium and image source stuff is fine, can't see those interfering much.

    WordPress 2.9 includes new ways of specifying video includes, which end up using embeds. It might be worthwhile to add support for video_src too.

  2. I am going to take a wild guess and say it's a theme issue and not necessarily a problem with the plugin. Jesse, what would be the php code to include in the theme file?

  3. Bruno, no PHP – it's just CSS. You should just be able to edit the
    style.css file in your theme's main directory and set the style for the
    share button accordingly. I haven't looked at it enough to be able to say
    which class or id you need to change though.

  4. Thoughts:

    You don't need to include the jquery js file in the plugin any more, since you're using the enqueue script method.

    Your options subpanel still has major security issues. Basically, without nonce or user cap checking, somebody could modify your settings. Since the api_key isn't validated and output on the page itself, you have a cross-site-scripting vulnerability. It would be fairly easy to hack your site with this hole, all somebody would need is a valid login to the site (not an admin login).

    If somebody does use the popup feature, it always pops up for people who disable cookies by default (or who force them to be session only, which is pretty common place). Kind of misfeature, I feel.

    The title and description thing is neat, however it's possible that some sites already have this information. Should really be optional, for those two at least. The medium and image source stuff is fine, can't see those interfering much.

    WordPress 2.9 includes new ways of specifying video includes, which end up using embeds. It might be worthwhile to add support for video_src too.

Leave a Reply

Your email address will not be published. Required fields are marked *