Wordpress expert.
2020 stories

Authentication Bypass Vulnerability in InfiniteWP Client

1 Share
Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server.

Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as possible to mitigate risk. InfiniteWP users can update their plugin with the latest version

Continue reading Authentication Bypass Vulnerability in InfiniteWP Client <=  at Sucuri Blog.

Read the whole story
Share this story

WordPress 5.3.2 Maintenance Release

1 Share

WordPress 5.3.2 is now available!

This maintenance release features 5 fixes and enhancements.

WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Maintenance updates

Shortly after WordPress 5.3.1 was released, a couple of high severity Trac tickets were opened. The Core team scheduled this quick maintenance release to resolve these issues.

Main issues addressed in 5.3.2:

  • Date/Time: Ensure that get_feed_build_date() correctly handles a modified post object with invalid date.
  • Uploads: Fix file name collision in wp_unique_filename() when uploading a file with upper case extension on non case-sensitive file systems.
  • Media: Fix PHP warnings in wp_unique_filename() when the destination directory is unreadable.
  • Administration: Fix the colors in all color schemes for buttons with the .active class.
  • Posts, Post Types: In wp_insert_post(), when checking the post date to set future or publish status, use a proper delta comparison.

For more information, browse the full list of changes on Trac or check out the version 5.3.2 HelpHub documentation page.


Thank you to everyone who contributed to WordPress 5.3.2:

Andrew Ozz, Andrey “Rarst” Savchenko, Dion hulse, eden159, Jb Audras, Kelly Dwan, Paul Biron, Sergey Biryukov, Tellyworth.

Read the whole story
Share this story

How to Disable WordPress Automatically Generated Images – Complete Guide

1 Share

[ WordPress Image Sizes ] As you may know, WordPress creates numerous copies of all images uploaded via the WP Media Library. These additional images are generated in various sizes, depending on your settings and other factors. This may be totally fine in general, but if you are working with lots of images on your site, the extra files can really eat up your disk space. This can be wasteful, specially if your site does not make use of all the extra images. So to help you conserve resources, eliminate waste, and keep things running as light as possible, this guide spells out everything you need to disable (or customize) all WordPress automatically generated images.

Learn how to disable any/all of WordPress’ auto-generated images to dial in the perfect configuration for your site.


First an example..

To get a better idea of what’s happening and why it’s important, consider my personal found-images site, eChunks.com. This site is where I like to post weird/inspiring/found images. As of now, there have been over 800 images uploaded to the site via the WP Media Library. So if I hadn’t taken measures to stop WordPress from auto-generating multiple copies of each image, that number of 800 would be more like thousands of images.

Do the math..

So running with the eChunks.com example, let’s do some quick math. We have a WordPress site with 800 original images, each averaging around 2MB in size. So collectively the original 800 images weigh around 1,600 MB or about 1.6 GB. Now let’s let WordPress do its thang and create extra copies of each image in various sizes. As of version 5.3, WordPress creates the following extra images for every image that is uploaded via the Media Library (and/or Visual Editor):

Image Size Dimensions
Thumbnail (Size based on Media settings)
Medium (Size based on Media settings)
Large (Size based on Media settings)
Medium Large 768px
2x Medium Large 1536px
2x Large 2048px
Scaled 2560px

Okay so now to get an idea of actual file-sizes for all these generated images, let’s consider the average case where each of the 800 original images weighs around 1.5MB to 2MB. The results would look something similar to this:

Image Size Dimensions File Size Total
Thumbnail (Size based on Media settings) 10KB 8MB
Medium (Size based on Media settings) 20KB 16MB
Large (Size based on Media settings) 100KB 80MB
Medium Large 768px 50KB 40MB
2x Medium Large 1536px 200KB 160MB
2x Large 2048px 400KB 320MB
Scaled 2560px 500KB 400MB

Adding that right column gives a grand total of 1024MB or 1.024 Gigabytes! Considering that the entire WordPress core weighs in at less than 50MB, along with a bunch of plugins and themes is still gonna be less than a couple hundred megabytes. So relative to the entire website, the amount of disk space required by all of those extra images is considerable to put it mildly.

And that’s for a typical site with only 800 images; some sites make use of a LOT more than that, not to mention high-resolution images and images that weigh a lot more than the average numbers used in the previous calculations. So it’s easy to understand, if WordPress generated images are not kept in check, the amount of required disk space can really add up.

But wait there’s more..

So far we’ve got WordPress generating seven additional images for each original uploaded image. But that’s not all of the extra images that may be in play. Depending on your theme, even more additional image sizes may be created via the following WordPress core functions:

  • set_post_thumbnail_size() — Creates a custom size for Featured Images
  • add_image_size() — Creates extra images of any specified size(s)

For example the WordPress default theme named “Twenty Fifteen” adds another extra generated image with this line:

set_post_thumbnail_size( 825, 510, true );

So that one extra image, plus the seven other default generated images, plus the original uploaded image, all looks like this on the server:

[ WordPress image files on server ]In addition to the seven extra images generated by WordPress, extra images may be added by your theme, as shown here for the Twenty Fifteen theme.

To summarize: WordPress generates at least 7 extra image sizes for each uploaded image. And then depending on your theme and plugins, any number of additional image sizes may be created as well. For some sites, this is useful or no big deal; for other sites, it’s something that’s completely unnecessary at best, wasteful overkill at worst.

Solution: Disable unwanted image sizes

The above scenario is only one example to illustrate the point. The sum total of image weight could be (much) more or less depending on your images, media settings, theme functions, and so forth. Fortunately, I continually disable the new WordPress image sizes that are added over the years, so I’ve been able to avoid massive disk bloat on my own sites.

So what’s the solution? How to manage all those extra images and conserve disk space? The trick is understanding how to disable each of the extra image sizes, so you can add the required code to disable (or customize) the ones that are not needed. Here are the magic recipes for controlling them:

Caution: Do not disable any image sizes that are required by your theme!

Disable Thumbnail Size

To disable generation of thumbnail-size images, set the “Thumbnail size” option to “0” (under Settings > Media > Image sizes). Setting to “0” disables auto-generation of this size image. Set to any other value to customize the size instead of disabling. Here is what the setting looks like under the Settings menu in the WP Admin Area:

[ WordPress Media Settings ]To disable or customize Thumbnail, Medium, and Large size images, visit this screen in the WP Admin Area. Enter “0” (without the quotes) to disable any/all of these extra size images.

Alternately, if you prefer to disable the thumbnail-size images programmatically, you can add the following code snippet to your theme functions.php (or add via simple/custom plugin):

function shapeSpace_disable_thumbnail_images($sizes) {

	unset($sizes['thumbnail']); // disable thumbnail size
	return $sizes;

add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_thumbnail_images');
Tip: the above technique can be used to disable other image sizes, as shown in some of the following techniques. So you can combine some of the size-disabling techniques into one single code snippet.

Disable Medium Size

To disable generation of medium-size images, set the “Medium size” option to “0” (under Settings > Media > Image sizes). Setting to “0” disables auto-generation of this size image. Set to any other value to customize the size instead of disabling.

Alternately, if you prefer to disable the medium-size images programmatically, you can add the following code snippet to your theme functions.php (or add via simple/custom plugin):

function shapeSpace_disable_medium_images($sizes) {
	unset($sizes['medium']); // disable medium size
	return $sizes;

add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_medium_images');

Disable Large Size

To disable generation of large-size images, set the “Large size” option to “0” (under Settings > Media > Image sizes). Setting to “0” disables auto-generation of this size image. Set to any other value to customize the size instead of disabling.

Alternately, if you prefer to disable the large-size images programmatically, you can add the following code snippet to your theme functions.php (or add via simple/custom plugin):

function shapeSpace_disable_large_images($sizes) {
	unset($sizes['large']); // disable large size
	return $sizes;
add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_large_images');

Disable Medium Large

To disable the “Medium Large” size images, add the following code snippet to your theme’s functions.php file:

function shapeSpace_disable_medium_large_images($sizes) {
	unset($sizes['medium_large']); // disable 768px size images
	return $sizes;
add_filter('intermediate_image_sizes_advanced', 'shapeSpace_disable_medium_large_images');

Disable 2x Medium Large

To disable the “2x Medium Large” size images, add the following code snippet to your theme’s functions.php file:

function shapeSpace_disable_2x_medium_large_images($sizes) {
	unset($sizes['1536x1536']); // disable 2x medium-large size
	return $sizes;
add_filter('intermediate_image_sizes_advanced', 'shapeSpace_disable_2x_medium_large_images');

Disable 2x Large

To disable the “2x Large” size images, add the following code snippet to your theme’s functions.php file:

function shapeSpace_disable_2x_large_images($sizes) {
	unset($sizes['2048x2048']); // disable 2x large size
	return $sizes;
add_filter('intermediate_image_sizes_advanced', 'shapeSpace_disable_2x_large_images');

Disable Scaled

To disable the “Scaled” images, add the following code snippet to your theme’s functions.php file:

add_filter('big_image_size_threshold', '__return_false');

Disable Other Sizes

For any extra images generated via set_post_thumbnail_size() and add_image_size(), you can use remove_image_size(). Here is an example:

function shapeSpace_disable_other_images() {
	remove_image_size('post-thumbnail'); // disable set_post_thumbnail_size() 
	remove_image_size('another-size');   // disable other add image sizes
add_action('init', 'shapeSpace_disable_other_images');

The key here is to know the name/slug of the custom image sizes you want to remove. For set post thumbnail (i.e., Featured Image), it’s always post-thumbnail. For other images added via add image size, the slug name will vary depending on your theme or plugin (whichever is responsible for adding the extra sizes). So to implement, first check your uploads directory and/or theme functions file to determine which sizes are being generated. Some themes add a bunch of extra image sizes, others do not, it just depends on the theme.

Shut them all down!

Before our parting shot, here is an “all-in-one” code snippet that combines and streamlines all of the above techniques into a single, plug-&-play code snippet:

// disable generated image sizes
function shapeSpace_disable_image_sizes($sizes) {
	unset($sizes['thumbnail']);    // disable thumbnail size
	unset($sizes['medium']);       // disable medium size
	unset($sizes['large']);        // disable large size
	unset($sizes['medium_large']); // disable medium-large size
	unset($sizes['1536x1536']);    // disable 2x medium-large size
	unset($sizes['2048x2048']);    // disable 2x large size
	return $sizes;
add_action('intermediate_image_sizes_advanced', 'shapeSpace_disable_image_sizes');

// disable scaled image size
add_filter('big_image_size_threshold', '__return_false');

// disable other image sizes
function shapeSpace_disable_other_image_sizes() {
	remove_image_size('post-thumbnail'); // disable images added via set_post_thumbnail_size() 
	remove_image_size('another-size');   // disable any other added image sizes
add_action('init', 'shapeSpace_disable_other_image_sizes');

That code snippet combines all of the techniques required to disable all of WordPress generated images (leaving only the original uploaded image). The only editing that may be required is for that last function, where “other” image sizes are disabled; there you may want to edit the another-size slug to match any other sizes that you want to disable, or if there are no other sizes, simply comment out or remove the line.

Pro Tip: In addition to all the extra images generated by WordPress, you may also want to control or disable all of the extra responsive image functionality that WordPress provides. Here is a free plugin to make it super easy: Disable Responsive Images Complete.

Wrap it up..

Granted, controlling WordPress image sizes may be more important for sites with a lot of images. But even if your site only uploads a few images every now and then, keeping your files as simple and lightweight as possible makes for a leaner, faster, more optimized WordPress-powered website.

Read the whole story
Share this story

Matt Mullenweg’s State of the Word, 2019

1 Share

WordCamp US 2019 completes its first year in St. Louis, Missouri, where more than 1,300 WordPress community members and leaders are gathered.

It’s been the year of Gutenberg in 2019, and in this State of the Word, Matt highlights what has been accomplished, and what comes next.

Matt kicks off the event with the premiere of Open: The Community Code, a film about the open source WordPress community.

Open was really well done, and makes a great intro for this year in review. In the film, Matt said that $10 billion flow through the WordPress economy per year. Yet, it’s just one of the things that make the WordPress community. WordPress is more than code, more than business. Matt said, “it’s more than a tool,” and that it’s more like a canvas that, “anyone can paint on.”

Open is a film about WordPress, and what WordPress really is — not only software, but people, a community, and a mission. Open is, “is a documentary short created by Producer Andrew Rodriguez and Director Sean Korbitz. ​Executive producers Mark Maunder and Kathy Zant contributed to the production of Open.”

They are submitting the documentary to various festivals. Big shout-out to the WordFence team, the primary producers of this film.

The WordPress Community

The community continues to evolve, thrive, and adapt to the changing environment.

WordCamp US

The next WordCamp US will be hosted during the workweek, something I’m personally thankful for, as it opens up the weekend for family. Also, it will not overlap Halloween. Many people this year, myself included, got in late due to spending the holiday Trick-or-treating with family.

47 organizers, 122 volunteers, and 90 speakers made WCUS possible. Bluehost, WooCommerce, Jetpack, and Google are this year’s lead sponsors. Thank you to everyone!

Meetups, people, and community endeavors

There have been more than 5,000 WordCamp events and several do_action WordPress community events as well.

One HeroPress story per month is now being featured on the WordPress blog.

Matt also honored Alex Mills, a prolific contributor who passed away this year.


There will be a total of 141 WordCamps in 2019, including 34 in brand new cities. There are also 17 KidsCamps happening in 2019.

This year there are at least four WordCamp US speakers under 15 — speakers younger than WordPress itself.

In 2020, the first WordCamp Asia is happening, to go alongside WordCamp US and WordCamp Europe. WordCamp Asia is in February, in Bangkok, Thailand. The next WordCamp Europe is in Porto, Portugal.

One year ago

WordPress 5.0 was released just before WCUS in Nashville (a contentious decision on timing in itself). It was what Matt calls a “controversial year,” where we wanted to “disrupt ourselves.” Gutenberg was included in core despite a lot of criticism in and outside of the community. He says we learned a lot from the process and it was “really good practice for future changes we want to make.”

He says, “I understand why we had a lot of this feedback,” and he’s excited for where we are going.

Ways to get involved in WordPress

Matt highlights several ways to get involved in the WordPress community today:

  • WordCamp contributor days (including the WCUS one tomorrow)
  • Installing the Gutenberg plugin, which is now a testing ground for features. About 275,000 people are taking part in this effort.
  • Design Experiments is a feature plugin to test user interface experiments.
  • Matt makes a call for block creation to, “expand the window for how people are creating WordPress sites today.” If it’s JavaScript only it will be able to go easily into the new block directory.
  • Help teach others in the community.

When Matt says why we do all this, he says it’s to “help open the web.” He says the open web is like a pendulum that can swing to be more closed or more open over time.

Five for the future

There’s now a dedicated landing page for Five for the Future to highlight people contributing through this method.

Core WordPress Development

There have been two core releases in 2019. WordPress 5.1, “Betty“, brought the “Site Health” screen, amongst other feature adjustments and bug fixes. It also included the Cron API, Site Meta for Multisite, and more.

WordPress 5.2, “Jaco“, included live block previews, better block management, and the end of the WSOD (White Screen of Death).

WordPress 5.3 will be released November 12th, and includes more than 150 block editor improvements. Also in 5.3 is the beautiful Twenty Twenty theme. Every six months or so, WordPress will now send admin email verifications to help ensure folks are staying up to date.

The minimum version of WordPress is now 5.6.20 (ending support for 5.2 and 5.3) and compatibility is now up to PHP 7.4. More than 80% are now on PHP 7 or higher. Matt highlights the still-urgent need to improve update mechanisms and strategies with webhosts and site owners.

We are currently at 1,122 total unique contributors to WordPress this year. WordPress 5.3 will have more than a hundred contributors than any release before.


There have been more than 20 major Gutenberg releases, and the number of Gutenberg contributors is up to 480 from 200 a year ago. Matt says the number of sites using Gutenberg is up more than 2.7 times, and the we just surpassed 50 million posts created in Gutenberg — increasing at a rate of about 270,000 posts per day, as tracked by Jetpack and therefore a conservative estimate.

In last year’s State of the Word Q&A someone asked what percentage of Gutenberg was done, and Matt answered 10%. He says today that he thinks it’s about 20% done, and highlights how it’s an ongoing process that he expects to take a decade to build everything he envisions.

Gutenberg feature improvements.

There are a lot of improvements happening:

  • Gutenberg is now fully mobile compatible and many of the core blocks are fully integrated. Offline support and dark mode are also nearly complete.
  • The average seconds to load has been cut in have and time to type has reduced from 170ms to 53ms.
  • There is now a smoother scrolling motion in Gutenberg.
  • Block previews allow you to see what the block you may insert looks like and also allows you to see more information about what the block does.

And other Gutenberg features coming:

  • Social icons will be able to be put anywhere.
  • The navigation menu is now going to be an inline Gutenberg block — a precursor I think to “customize all the things”.
  • Gradients are part of the Gutenberg experience.
  • Core Gutenberg is getting a button block.

Matt recognizes that we’ll have thousands of blocks created for Gutenberg, and there will be a block directory which will load inside the Gutenberg editing experience. Patterns will be collections of blocks that people can install in bulk.

Matt says he thinks in the end, people will be able to create just about any website layout in just a few clicks.

Several use cases of Gutenberg were highlighted, from newsletter editors to WordCamps, newsrooms, Microsoft Word converters, and more.

Four phases of Gutenberg

Matt highlights the four phases of Gutenberg and where we are now.

  • Easier editing: simply making WordPress editing better, has been the focus of the last year.
  • Customization: we are “in the thick” of this process, some of which is complete and some (like full inline site editing) yet to come.
  • Collaboration: real-time editing collaboration is coming in the third phase, something I’m so excited about.
  • Multilingual: core WordPress and core Gutenberg will have complete multilingual support.

In conclusion

Matt’s slides for the State of the Word are actually built in Gutenberg.

The code for the presentation is on Github for anyone to use.

It’s been an interesting and challenging year for WordPress. With that, Matt opens up Q&A.

Photo by Brian Richards for Post Status. Also thank you to David Bisset for live tweeting the event while I wrote this.

Read the whole story
Share this story

WordPress 5.2.4 Release Addresses Several Security Issues

1 Share

The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure.

Like any security release, users should update immediately to the latest version to keep their sites secure.

For those with automatic updates enabled, the new version is already rolling out to sites. All major branches of WordPress from version 3.7 to 5.2 received the new security fixes. If automatic updates are not enabled, users should update from the “Updates” screen under “Dashboard” in the WordPress admin. Otherwise, users can download WordPress from the release archive and manually run an update to make sure their site is not at risk to what are now publicly-known vulnerabilities.

In the release announcement, the following security issues were noted. They were corrected in all updated versions.

  • Stored cross-site scripting (XSS) could be added from the Customizer screen.
  • An issue that allowed stored XSS to inject JavaScript into <style> tags.
  • A bug that allowed unauthenticated posts to be viewed.
  • A method to use the Vary: Origin header to poison the cache of JSON GET requests (REST API).
  • A server-side request forgery (SSRF) with how URLs are validated.
  • Issues with referrer validation in the WordPress admin.

For developers who want to dive more into the code changes, the changeset is available on GitHub. Most changes should not affect plugins or themes. However, it is worth noting that the static query property was removed in this release. This removal affects both the WP and WP_Query classes. Developers should test their plugins against this version to make sure nothing is broken if their projects rely on this property. It is unlikely that many plugins rely on this query variable.

WordPress 5.2.4 also includes a couple of other bug fixes. One removes a line of code that makes an extra call to the wp-sanitize.js script in the script loader. The second fix addresses an issue where the directory path wasn’t normalized on Windows systems, which led to the wp_validate_redirect() function removing the domain. This fixes a bug created in WordPress 5.2.3.

Read the whole story
Share this story

First Look at PHP 7.4 for WordPress Developers

1 Share

PHP 7.4 is slated for release on November 28, 2019. WordPress 5.3 will also include several commits that address deprecated features.

It’s unlikely that most WordPress plugin and theme developers will be able to use the new PHP 7.4 features for a while except when working on setups where they have some measure of control over the environment. Given WordPress’ reluctance to bump the minimum PHP version to the latest supported versions, it could be years before it’s safe to use new features. However, developers should make sure their plugins and themes are compatible with 7.4. It’s also good practice to keep up with current features.

WordPress 5.2 bumped the minimum requirement to PHP 5.6 with a recommendation of PHP 7.3. The following is the breakdown for current PHP usage stats for WordPress installs:

  • PHP 7.3 – 9.6%
  • PHP 7.2 – 22.2%
  • PHP 7.1 – 13.5%
  • PHP 7.0 – 14.9%
  • PHP 5.6 – 25.7%

Currently, PHP 7.2 and 7.3 are the only versions receiving active support. PHP will drop security support for version 7.1 on December 1.

New Features

PHP 7.4 includes a number of new features that will make writing code easier. The following is a small overview of some of the features that will likely be useful for WordPress plugin and theme authors.

Typed Properties

PHP first introduced type hinting in 5.0 and has continued improving the feature. PHP 7.0 introduced return type declarations. PHP 7.4 steps it up a notch and allows developers to declare types for class properties. This lets developers make sure the type of data assigned to a specific property is always that data type.

In the following example, the $id property can only be assigned an integer and the $title property a string. Attempting to assign the wrong data type will result in a fatal error.

class Event {

    public int $id;

    public string $title;

Arrow Functions

Many developers have been clamoring for arrow functions similar to JavaScript. They are pretty sweet to use. However, PHP’s arrow functions, also called “short closures,” are slightly different. PHP 7.4 introduces the fn keyword (now a reserved keyword). Short closures can only contain one expression and have no return keyword. They’re not quite as powerful as their JavaScript cousins, but they do offer a quick solution for some scenarios.

For example, the following code snippet shows two different ways to build an array of user emails from a collection of user objects.

// Old way, but still acceptable.
$value = array_map( function( $user ) {
    return $user->user_email;
}, $users );

// New way.
$value = array_map( fn( $user ) => $user->user_email, $users );

Unpacking Inside of Arrays

Argument unpacking was introduced in PHP 5.6, so this may still be unfamiliar territory for many developers in the WordPress space. It’s been an invaluable feature in some of my projects.

PHP 7.4 allows developers to unpack an array within an array. This should be faster than array_merge() because the spread operator (...) is a language construct rather than a function.

Consider the following example of injecting an array of two colors within a larger array of colors.

$colors_a = [ 'green', 'blue' ];

$colors_b = [ 'red', ...$colors_a, 'yellow', 'purple' ];

// [ 'red', 'green', 'blue', 'yellow', 'purple' ];

Null Coalescing Assignment Operator

The null coalescing assignment operator is a shorthand way of combining an isset() check with a ternary operator.

The following example shows how to check the $product['id'] variable. If it’s set, do nothing. Else, assign it the value on the right. You can see the evolution of the code between PHP versions. It’s much simpler to write in 7.4.

// Pre-PHP 7.0.
$product['id'] = isset( $product['id'] ) ? $product['id'] : 0;

// PHP 7.0.
$product['id'] = $product['id'] ?? 0;

// PHP 7.4.
$product['id'] ??= 0;

Deprecated Features

PHP 7.4 will deprecate several features. Plugin and theme authors will want to consult the complete list to determine whether they should update any outdated code. I cherry-picked a few items that I’ve seen in plugin and theme code over the last few years. Most other deprecated features are unlikely in current code bases.

Nested Ternary Operators Without Parenthesis

Nested ternary operators are generally something you should avoid as a developer. Seriously. Just don’t write them. They’re tough to follow and are prone to bugs due to human error. However, if you’re going to throw caution to the wind and dismiss good advice, at least use parenthesis. PHP 7.4 deprecated nested ternaries without them.

// Not OK (deprecated).
$value = $a ? $b : $c ? $d : $e;

// OK.
$value = ( $a ? $b : $c ) ? $d : $e;

// OK.
$value = $a ? $b : ( $c ? $d : $e );

Using array_key_exists() on Objects

Developers should not use array_key_exists() on objects simply because objects are not arrays. Instead, use the more appropriate property_exists() function or isset().

// Not OK (deprecated).
if ( array_key_exists( $property, $object ) ) {}

// OK.
if ( property_exists( $object, $property ) ) {}

// OK.
if ( isset( $object->$property ) ) {}

Array and String Offset Access With Curly Braces

Using curly braces for array and string offset access is a bit more of a rarity, but I’ve seen it in the wild a couple of times. Make sure you’re using square brackets such as [] instead of curly brackets like {}.

// Not OK (deprecated).
$value = $a{ $key };

// OK.
$value = $a[ $key ];
Read the whole story
Share this story
Next Page of Stories