Hi Simone, If they’re specifically written for ClassicPress and do not contain extra code, references, and documentation for WordPress, they can usually go on the list.
However, I’ll be unable to add the cpvars plugin as it executes PHP code as a feature. Really bad idea – this greatly increases the chances of WSOD and hacked sites. To be clear, I’m not saying the plugin can’t be listed in the directory; I have no control over that. But, this list, which is just a random forum post that I’ve created, will be unable to list a plugin with such a glaring issue.
The other plugin can be added to the list. To maintain the readability of the list, the description is limited to 300 characters. Please feel free to message or post a description here and I’ll get it added.
You can always use shortcodes in PHP templates; it’s a feature of shortcodes, rather than something we have to support with extra code in our plugins. You just change the format and execute them this way:
cpcompatibility
Mark plugins not compatible with WP version 4.9.
Add a menu that displays top 200 plugins from wp.org and their compatibility
Fixes some compatibility issues with Classicpress: at the moment: wp-cli core check-update, SEO by Rank Math. cpvars
With cpvars you can define name-value associations from the admin.
Then, in your content you can insert [cpvars]name[/cpvars] and get value displayed.
There is also an option to display shortcodes everywhere.
I suppose this is ok for experienced users, but the main problem with allowing users to insert PHP directly is that less experienced users (clients or friends) may use it to insert dangerous things without understanding the problems with such an approach. Also, it is trivial to use this feature to escalate account privileges, so this is basically the same thing as immediately giving anyone that has “edit page or post” access a full administrator account, even if all they can do is edit a draft.
It may be a bit more work, but running PHP code in the context of a page should always be done via a shortcode or a widget that is specific to the purpose of what you’re trying to achieve (like inserting the current date).
I’m a big fan of wp-cli, so I’d like to see a fix in the core. The code was written before CP 1.x, and as I can remember wp core update works correctly, just wp core check-update is buggy.
Just tested now, but not sure this is the right way, by changing values in version.php.
Sure the response could be processed better! This is the response:
I can’t understand why the link at the latest release in my first post is pointing at the previous release (1.0.1), but this one is to the current release(1.1.0)…
But the link is https://github.com/xxsimoxx/cpvars/releases/latest in both…
Quick follow-up: @Simone, I see you’ve removed the risky eval() code. Also wanted to point out (moreso for others) that you’ve also removed those relevant settings and even did a cleanup of the option in your deactivation function – this is good practice. …and good work!