thesaucymare » HTML http://thesaucymare.co.za Tue, 02 Aug 2011 09:22:39 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 WordPress 3.0 Custom Post Type Custom Fields http://thesaucymare.co.za/wordpress-3-0-custom-post-type-custom-fields/ http://thesaucymare.co.za/wordpress-3-0-custom-post-type-custom-fields/#comments Fri, 21 May 2010 15:56:59 +0000 Booth Warwick http://www.thesaucymare.co.za/?p=158 I have been trying out the custom post types for WordPress 3.0 Beta 2, I ran into a problem where i could not call the custom fields for posts i have assigned custom post type values.

I came up with this workaround for now until it is sorted.

function get_post_meta_custom($key, $single = false) {
 global $wpdb,$post;
 $answer = $wpdb->get_var($wpdb->prepare("SELECT meta_value FROM $wpdb->postmeta WHERE post_id = ".$post->ID." AND meta_key = '".$key."'"));
 return $answer;
}

Call it using the following. I use this inside on the single post inside the loop.

 if ( get_post_meta_custom('client_name', true) ) {echo get_post_meta_portfolio('client_name', true);    }
]]> http://thesaucymare.co.za/wordpress-3-0-custom-post-type-custom-fields/feed/ 0 Form Security http://thesaucymare.co.za/form-security/ http://thesaucymare.co.za/form-security/#comments Fri, 02 Oct 2009 07:51:15 +0000 Booth Warwick http://www.thesaucymare.co.za/?p=78 I recently learnt that there are two methods of bots messing around with forms on your website.

The following test is quoted from HTML Form Guide

a) As a relay for sending bulk unsolicited emails
If you are not validating your form fields (on the serve side) before sending the emails, then hackers can alter your email headers to send the bulk unsolicited emails. (also known as email injection) For example, hackers can place the following code in one of your form fields and make your form processor script send an email to an unintended recipient:

sender@theirdomain.com%0ABcc:NewRecipient@anotherdomain.com

The code above is adding another email address to the CC list of the email. Spammers can send thousands of emails using this exploit. Your host will not be happy with this and may warn you or even ban your web site.

The best way to prevent this spammer exploit is to validate the fields used in the mail() function(fields like email, subject of the email, name etc). Check for the presence of any “new line” (rn) in those fields. The email form article contains sample code that does the same.
b) For Sending spam messages to you

There are programs known as ‘spam-bots’ that leech through the web pages looking for web forms. When found, those ‘bots’ just fills the fields with a spam message and submits. Eventually you will start getting many hundred submissions send by those spam bots and you will find it difficult to separate genuine submissions from spam messages.

The solution for this problem is to use a mechanism to identify human submitters from ‘bots’. CAPTCHA is one of such tests.

I have included two links in my Resources category to help against these two types of attack

]]> http://thesaucymare.co.za/form-security/feed/ 0 HTML Element Placing http://thesaucymare.co.za/html-element-placing/ http://thesaucymare.co.za/html-element-placing/#comments Wed, 23 Jul 2008 20:06:13 +0000 Booth Warwick http://www.thesaucymare.co.za/?p=37 A little thing I found out when validating my code on WC3.

Elements such as p cannot be used inside inline elements h2, instead use  font or  span.

  • <incorrect><h2><p>Hello</p></h2>
  • <correct><h2><span>Hello</span></h2>
]]> http://thesaucymare.co.za/html-element-placing/feed/ 0