BLOG

PHP sanitizer plugin from Presslabs

There is a lot of web code out there. There areĀ a lot of developers with different styles and skills. Everyone tries to write decent code, but sometimes negligence can win them over. Today, the need and importance of quality code are well understood, and every developer tries to improve their code, which is why they use a lot of tools like IDEs. But even then, there are some mistakes that squeak through. While working with WordPress code, it was so often I found some mistakes, that I decided to spend a little time to develop a micro tool that will help developers amend these issues.

The problem I stumbled upon is the mess caused by space or characters after the PHP close tag ?>. Everyone knows that unwanted leftover characters can affect the rendering of web page or even break it. Let’s see why.

PHP is an embedded scripting language that gives you the power to embed logic in the form of PHP scripts into content. In this context, the opening and closing tag makes sense. These are used in theme templates, but not in plugin function files where we want just plain code. The problem is trailing white spaces. Most of the times, the characters are introduced by the text editor without the developer noticing it. WordPress will normally announce the extra white spaces, and print a message like this in the admin: unexpected output.

screenshot-wp-notice

All these characters are printed before the header when the plugin loads, before <!DOCTYPE html>. During ajax requests, when the response needs to be in a specific format, typically either JSON, XML, or Serialized PHP, they do not work if there are odd characters in the response header. Also, SEO score may be affected by bad HTML code, and we wouldn’t want such an outcome.

The plugin PHP Tag Checker goes through all files which contain PHP functionality only, and looks for the PHP end tag ?>. If it finds any issues, the plugin will notice the user, telling him to remove the end tag. The shortcuts to the WordPress editor are there to help.

screenshot-plugin-notice

Because it’s running all the time, the plugin can notify every time when a plugin or a theme is modified or changed, if these files contain the PHP end tag. Using this plugin you can be always be aware of this kind of problem, and be protected against sloppily written plugins.

The plugin is extremely simple, it opens the <plugin_name>.php and functions.php files and seeks that specific tag. If the tag is found, the file is added to the notification’s message. You can also stop the plugin at any time.

At first we considered using the eval() function, but trying to load the plugin there appeared to cause conflicts, because the eval() function imports the code in a global context, turning this approach into a failure. Another approach was to use regex to extract the end tag, but in some plugins there was more than one end tag, or a commented end tag that regex couldn’t recognize.

I always appreciate a well-written program, but doing so without some good tools is hard. This plugin may be the start of a series of plugins that can help developers write better software, increase the quality of their code, and aid users in choosing the best plugins. Go ahead and give this plugin a try.

Smart Managed WordPress Hosting

Presslabs provides high-performance hosting and business intelligence for the WordPress sites you care about.

Get Started