OpenLampTech issue #91
WordPress nonces | CSRF file upload protection bypass | SQL window functions | WooCommerce HPOS rollout delayed. Your media source for PHP, MySQL, and the LAMP stack is OpenLampTech.
Thank you for reading the OpenLampTech developer newsletter!
If someone awesome shared this newsletter with you and you are not yet subscribed, please use the Subscribe button below and join:
OpenLampTech has sponsorship opportunities in the weekly newsletter for your brand, product, or service. As an independent publication, collaboration is very budget-friendly. Inquire by email at openlamptech@substack.com for more information.
Mobile wallpapers, digital downloads, photos, development services, and content - all in one E-Commerce Shop. Find your next digital purchase today!
All commentary is by me unless otherwise quoted.
Understand and use WordPress nonces properly
Nonces are used mostly to help prevent malicious HTTP requests. One of the more common types of these malicious HTTP requests is the Cross-Site Request Forgery (CSRF) Attack. WordPress has dedicated functions in place for working with nonces, depending on where you are planning to use them (forms, plugins, URLs). This is a sound, in-depth read on nonces overall and how to use them in WordPress. [WordPress Developer Blog]
Bypassing CSRF Protection with File Uploads
Applications and websites that accept and process file uploads are some of the most useful. However, there are risks involved in allowing users to upload files. Not only is the file type itself (.html, .js, .php, etc…) a concern but also where the uploads are stored on the web server and the permissions levels for them. Laravel security expert Stephen Rees-Carter has more information in this Securing Laravel newsletter issue. [Securing Laravel]
ChromeOS is splitting the browser from the OS, getting more Linux-y
Many users aren't aware of the Linux relationship between Chromebooks and ChromeOS. Linux is much like the backbone of Chrome. There used to be some hacks back in the first days of Chromebooks that you could turn a Chromebooks into a fully functional [Cru]buntu install. I did just that around 2016 on one of the older (and best) Toshiba Chromebooks and it was a blast. [ars technica]
What Do Freelancers Need From WordPress?
I think that the WordPress division will make it more challenging to work with as a freelancer depending on which route you take (or both - possibly). Full Site Editing (FSE) or (traditional) Page Builders are essentially the 2 'camps'. Both are thriving and viable. I just have to wonder if the former will eventually phase out the latter. [The WP Minute]
HPOS: full rollout delayed (August 4th, 2023)
High-Performance Order Storage (HPOS) is the new data storage schema coming to the WordPress database for WooCommerce order data. Dedicated, commerce order-specific database tables will help increase order creation performance along with searching and filtering order data. As of now, the official rollout has been pushed back. [Woo]
Mastering Window Functions: Advanced Analytical Queries in SQL
SQL Window Functions are one of my absolute favorite features of SQL. As web developers, we often don't need to aggregate and report or reshape metrics data. Most of the applications we build are traditionally more CRUD-focused. And, to my knowledge, most ORMs (if any at all) don't handle analytical queries so there is that gap as well. Nevertheless, Window Functions are definitely worth taking the time to learn. [Medium]
📰 Get your brand, product, or service the attention it deserves with affordable classified ad placement in the OpenLampTech newsletter.
WooCommerce updates and release notes
WooCommerce Blocks 10.8.0 Release Notes (August 4th, 2023)
WooCommerce Blocks 10.8.1 Release Notes (August 7th, 2023)
WooCommerce Blocks 10.8.2 Release Notes (August 9th, 2023)
WooCommerce 8.0.0 Released (August 8th, 2023)
WooCommerce 8.0.1 Fix Release (August 9th, 2023)
[#Classifieds and Click Ads]
🤝 OpenLampTech earns a small commission (or payment in some form) from many of these links. Your support helps keep the weekly OpenLampTech newsletter free for readers.
Grab this free M2 MacBook Air Desktop Wallpaper and let me know what you think about it.
We make incorporating a company as easy as possible so that you can focus on the essential things. Visit IncFile today.
Compliantly hire anyone, anywhere, in 5 minutes with Deel
Deel is your one-stop shop for hiring, paying, and managing your remote team.
Thank you for reading. I hope you have a great rest of your week.
Take care.
Josh Otwell
When you are ready, here are more ways I can help...
Content and Development Services - Blog writing and editing; Shopify and WooCommerce customizations; Email newsletters, marketing, and copywriting.
Interested? Great!
Just hit Reply and ask for more information about any of these services.
OpenLampTech is a reader-supported publication. You can support the publication with a virtual coffee for as little as $3 (USD).