Peter Westwood 10:17 pm on December 10, 2009
Tags: meeting notes ( 227 )

Summary of Dec 10th Dev Chat

2.9 is getting close with about 30 tickets remaining.
- The majority feel that the new default post is too verbose and blurs the line between content and documentation too much so we are going to remove it from this release and revisit the concept of better post-install user experience for 3.0
- We are going to remove the TrashTrash Trash in WordPress is like the Recycle Bin on your PC or Trash in your Macintosh computer. Users with the proper permission level (administrators and editors) have the ability to delete a post, page, and/or comments. When you delete the item, it is moved to the trash folder where it will remain for 30 days. support from Media because it does not have a consistent experience and the moment. You can easily end up with images that have been Trashed still visible in the content of your site and there is no easy fix at the moment – we probably need to switch from direct image links in posts to using shortcodes and make other changes before this part of the Trash feature is rock solid.
Oembed discovery of unknown sites will be disabled by default and the adminadmin (and super admin) ui option to turn this on will be removed and replace by filters/hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. to make it easy for a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to do if a user wants to opt for this unsafe option – we would rather they let us know of other sites that should be whitelisted by default as they are trusted.
Jane filled us in on the current status of the “Canonical” plugins name vote current numbers CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.: 1130, 34% Official 818, 24% Canonical 563, 17% Validated 399, 12% Other 215, 6% Standard 175, 5% Premium 55 2% In the Other bucket, there were a lot of votes for certified, verified, recommended, approved and a bunch of others meaning generally the same thing. Also a couple suggesting we use “core extensions'” instead of core plugins. The general favourite among those present was also with the core name. We will wait until the poll has finished and then review the overall results.

#meeting-notes

Alex M. 10:19 pm on December 10, 2009

Alternatively pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors can whitelist sites themselves using the wp_oembed_add_provider() function.
Chip Bennett 11:04 pm on December 10, 2009

Is it not self-contradictory to call *any* pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party “coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.”, since by definition a plugin is an extension to, rather than a part of, core?

Further, to what are such plugins “core”? I assume thewy will not be installed by default, thus they are neither part of the core code nor part of the core download package.

We are setting ourselves up for headaches and confusion if we call such plugins “core”.
- caesarsgrunt 12:18 pm on December 11, 2009
  
  I agree with this. I think the best terms are Certified and Official.
  - Dre 3:21 pm on December 11, 2009
    
    CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. plugins is going to confuse people.
    
    Official being second in the vote would be most appropriate if we based it on the poll results.
  - Ben Huson 3:34 pm on December 11, 2009
    
    I agree, Official is a better description.
    Plugins are not ‘coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.’ – that’s why they are pugins.
Otto 6:27 pm on December 11, 2009

Ugh. I’m really, really not happy about eliminating the usefulness of oEmbed by making no easy way to turn it on.

I *highly* recommend that a canonical pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party be created to allow easy enabling of this. I’ll even write the plugin if necessary.
- Chip Bennett 7:41 pm on December 11, 2009
  
  Doesn’t the change just impact oEmbed *discovery*? All whitelisted oEmbed sites would still work as expected, right? (Or am I misreading the change?)
  - Otto 8:29 pm on December 11, 2009
    
    You’re correct, but IMO, discovery is the best part of oEmbed. To be able to simply plug any sites URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org in, without specific support for that site, and have it magically work… That’s very cool.
    
    Using a whitelist system implies a lack of trust in the adminadmin (and super admin) (or anybody with unfiltered_html capabilities). The admin owns the site, if he wants to post embedded code from an untrusted site, then that’s his business.
    
    I have no problem with limiting discovery to unfiltered_html. I do have a problem with disabling discovery by default and not having any way to enable it.
- Peter Westwood 10:16 pm on December 11, 2009
  
  The change is only to remove the option to skip the whitelist.
  
  Due to the way oEmbed works and the trust you need to place in the sites you are embedding I strongly believe that a whitelist is the only secure way for this feature to work out of the box. The hooksHooks In WordPress theme and development, hooks are functions that can be applied to an action or a Filter in WordPress. Actions are functions performed when a certain event occurs in WordPress. Filters allow you to modify certain functions. Arguments used to hook both filters and actions look the same. are there to make it easy for a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to override the whitelist or add sites to the whitelist.
  - Otto 5:33 pm on December 14, 2009
    
    Yes, I know. That’s exactly the change I don’t like.
    
    I, as an administrative user, have the ability to post unfiltered_html code, and I don’t want to use any sort of “whitelist”. Making me have a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to disable this part of the WordPress code is asinine.
    
    If you don’t support oEmbed discovery, then IMO you aren’t really supporting oEmbed. You’re removing the best part of the whole thing and intentionally crippling it to just a few selected sites.
    
    And the whole idea of making somebody install some kind of “per-site” plugin to modify the whitelist is equally silly. The thing doesn’t need a whitelist to function correctly.
    
    You want to be safe by default, fine. Leave the option there and put a big “warning, not safe” label on it. I’m perfectly happy driving without training wheels.
  - Alex M. 11:50 pm on December 14, 2009
    
    The option would still be there, there’d just be no UIUI User interface for it. A pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party would have to enable the discovery.
- Alex M. 12:19 am on December 12, 2009
  
  Another possible solution is to have discovery enabled for the [embed] shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. but disabled for the URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org-on-it’s-own-line. There’s a chance someone could accidentally embed something by posting it on it’s own line, but if they go to the trouble (via a UIUI User interface or manually) of wrapping it in the shortcode, then we can be sure they want to embed from that site.
  - Otto 5:34 pm on December 14, 2009
    
    So now I need a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party to eliminate the need for the shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site.? Equally silly.
    
    I want full oEmbed. I don’t want some crippled half-assed version of it.
Lari 9:51 pm on December 16, 2009

Great that you post a summary now, thanks.

Comments are closed.

Welcome!

Communication

Summary of Dec 10th Dev Chat

Welcome!

Communication

Share this: