Skip to content

Instantly share code, notes, and snippets.

@oddjar
Created December 6, 2022 00:04
Show Gist options
  • Star 25 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save oddjar/54bd63399e2e27b15a25d10b6edd4ec2 to your computer and use it in GitHub Desktop.
Save oddjar/54bd63399e2e27b15a25d10b6edd4ec2 to your computer and use it in GitHub Desktop.
<?php
/*
Plugin Name: CONF Secure Docs
Description: A plugin that creates a custom menu item and admin screen to save a "Doc API Key" option.
*/
class CONF_Secure_Docs {
// Constructor
public function __construct() {
// Add custom menu item
add_action('admin_menu', array($this, 'add_secure_docs_menu_item'));
// Register settings and fields
add_action('admin_init', array($this, 'register_secure_docs_settings'));
}
// Add custom menu item
public function add_secure_docs_menu_item() {
add_menu_page(
'CONF Secure Docs Settings', // Page title
'CONF Secure Docs', // Menu title
'manage_options', // Capability
'conf-secure-docs-settings', // Menu slug
array($this, 'display_secure_docs_settings_screen'), // Function to render screen
'dashicons-admin-generic', // Icon URL
99 // Menu position
);
}
// Register settings and fields
public function register_secure_docs_settings() {
register_setting(
'conf_secure_docs_settings', // Option group
'conf_secure_docs_api_key', // Option name
array($this, 'validate_secure_docs_api_key') // Sanitize callback
);
add_settings_section(
'conf_secure_docs_api_key_section', // ID
'Doc API Key', // Title
array($this, 'display_secure_docs_api_key_section_info'), // Callback
'conf-secure-docs-settings' // Page
);
add_settings_field(
'conf_secure_docs_api_key_field', // ID
'Doc API Key', // Title
array($this, 'display_secure_docs_api_key_field'), // Callback
'conf-secure-docs-settings', // Page
'conf_secure_docs_api_key_section' // Section
);
}
// Display Doc API Key section info
public function display_secure_docs_api_key_section_info() {
echo '<p>Enter your Doc API Key to enable secure access to your documents.</p>';
}
// Display Doc API Key field
public function display_secure_docs_api_key_field() {
// Get existing option value
$api_key = get_option('conf_secure_docs_api_key');
// Display text field
echo '<input type="text" id="conf_secure_docs_api_key" name="conf_secure_docs_api_key" value="' . $api_key . '" />';
}
// Validate Doc API Key field
public function validate_secure_docs_api_key($input) {
// Only allow alphanumeric values
return preg_replace('/[^a-zA-Z0-9]/', '', $input);
}
// Render settings screen
public function display_secure_docs_settings_screen() {
// Check user capabilities
if (!current_user_can('manage_options')) {
return;
}
// Display settings screen HTML
echo '<div class="wrap">';
echo '<h1>CONF Secure Docs Settings</h1>';
echo '<form method="post" action="options.php">';
// Output security fields and settings sections
settings_fields('conf_secure_docs_settings');
do_settings_sections('conf-secure-docs-settings');
// Display submit button
submit_button();
echo '</form>';
echo '</div>';
}
}
new CONF_Secure_Docs();
@westonruter
Copy link

Impressive AI! It seems it doesn't have all the best practices for security applied, though. For example:

- echo '<input type="text" id="conf_secure_docs_api_key" name="conf_secure_docs_api_key" value="' . $api_key . '" />';
+ echo '<input type="text" id="conf_secure_docs_api_key" name="conf_secure_docs_api_key" value="' . esc_attr( $api_key ) . '" />';

@oddjar
Copy link
Author

oddjar commented Dec 6, 2022

@westonruter Yeah, it's definitely not a one button solution (at least not yet). But being able to instantly generate scaffolding and structural code that's mostly correct is a huge time saver.

@westonruter
Copy link

Agreed. And the model could be trained to include such security best practices. The fact that it is absent is more just a reflection on the fact that a lot of plugin authors don't do this.

@HeadStudios
Copy link

Just out of curiosity was this provided in a single answer - it seems like the amount of code generated is more than the maximum output per answer. I also use it for code generation and it's incredible.

@bogdaniel
Copy link

If that's a WordPress plugin god help us. I will still have a job in the next 20 years haha.

@HeadStudios
Copy link

If that's a WordPress plugin god help us. I will still have a job in the next 20 years haha.

Keep in mind it's not just the plugin that it generates - you can extend specific sections of the plugin just by giving it instructions e.g. expand on the x function to account for y, z etc. and it will rewrite that particualr part of the code. In my experience it's about 80% accurate - not ready for prime time but great as a learning tool to literally learn at your own pace.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment