View stop-ip-comment-storing.php
<?php # -*- coding: utf-8 -*-
declare( strict_types = 1 );
/**
* Plugin Name: Stop Save IP Adress on Comment
* Plugin URI: https://gist.github.com/bueltge/d0126eee91c0c17e80ad57e34e339a11
* Description: Stop Storing IP Addresses with WordPress Comments.
* Version: 2018-05-25
* Author: Frank Bültge
* Author URI: https://bueltge.de
* License: MIT
View tampermonkey-xdebug-css-addon.js
// ==UserScript==
// @name xDebug Restyling
// @namespace localhost
// @version 0.1
// @description Restyling Xdebug output
// @author Frank Bueltge
// @match http://*localhost/*
// @grant none
// ==/UserScript==
View readme.md

Phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness. github.com/phan/phan

Install via Composer

composer require --dev phan/phan

note: php-ast is necessary (sudo apt install php-ast)

Help

View PortSwitch.php
<?php # -*- coding: utf-8 -*-
declare( strict_types = 1 );
/**
* Plugin Name: Port Switch
* Plugin URI: https://gist.github.com/bueltge/51013ab809f5f0f5e305c70c2d393fff
* Description: Port switch to get an workaround to use WordPress Multisite also without the default port 80.
* Version: dev
* Author: Frank Bültge
* Author URI: https://bueltge.de
* License: MIT
View plugin.php
<?php
class foo {
/**
* Return sites of MU.
* $sites object
*/
public function get_sites() {
$sites = get_sites();
View php.ini
[xdebug]
;XAMPP Win example
;zend_extension = "c:\xampp\php\ext\php_xdebug32.dll"
;xdebug.trace_output_dir ="\xampp\tmp"
;Linux Path
zend_extension="/usr/lib64/php/20100525/xdebug.so"
xdebug.profiler_output_dir = /var/local/xdebug
xdebug.default_enable = 1
xdebug.profiler_enable = 0
View add-rel-nofollow-checkbox.php
<?php
/**
* Add a 'Add rel="nofollow" to link' checkbox to the WordPress link editor
*
* @see https://danielbachhuber.com/tip/rel-nofollow-link-modal/
*/
add_action( 'after_wp_tiny_mce', function(){
?>
<script>
View wp-plugin-security-testing-cheatsheet.md

WordPress Plugin Security Testing Cheat Sheet

This cheat sheet was compiled by Dewhurst Security to record the knowledge gained when testing WordPress plugins for security issues for our clients. The security documentation provided by WordPress and found online for plugin security is sparse, outdated or unclear. This cheat sheet is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins.

This is a living document, feedback in the form of Issues or Pull Requests is very much welcomed.

Cross-Site Scripting (XSS)

View keybase.md

Keybase proof

I hereby claim:

  • I am bueltge on github.
  • I am bueltge (https://keybase.io/bueltge) on keybase.
  • I have a public key whose fingerprint is 5EA5 319F D531 1C84 7094 2FE4 1A56 7625 5969 6D2D

To claim this, I am signing this object:

View clipboard.js
//@see http://blog.codeinside.eu/2016/05/12/copy-to-clipboard-with-javascript
function detectIE() {
var ua = window.navigator.userAgent;
var msie = ua.indexOf('MSIE ');
if (msie > 0) {
// IE 10 or older => return version number
return parseInt(ua.substring(msie + 5, ua.indexOf('.', msie)), 10);
}