Steve Grunwell

Open-source contributor, speaker, and electronics tinkerer

Category: Code

A home sitting on a midwestern, prairie homestead.

Developer-specific Laravel Homestead Configurations

Since joining Liquid Web, I’ve gotten to revisit Laravel, my favorite application framework for PHP. I’m still doing plenty of WordPress work, of course, but when building web applications — especially those with robust APIs — building atop Laravel makes so much more sense than shoehorning it into a WordPress environment.

In their mission to make application development delightful, Taylor Otwell and the other Laravel developers (including my friend Joe Ferguson) maintain Laravel Homestead, a pre-packaged Vagrant box for Laravel development. While the environment can be installed globally, Laravel Homestead can also be installed on a per-project basis, ensuring each application has its own, dedicated virtual machine.

Continue reading→

My Laravel Tests were Failing because of my App URL

In my role as Senior Software Engineer at Liquid Web, I’ve gotten to get back to my roots of not only doing WordPress, which has been great. In particular, I’m getting back into Laravel, getting to build real web applications in an environment that makes testing a breeze (aside: if you haven’t checked out Adam Wathan’s Test Driven Laravel course, I cannot recommend it enough!).

I ran into an interesting problem today, however, when I updated the APP_URL variable in my .env file: running my [previously 100% green] test suite, I was getting random errors and failures within my feature tests that I hadn’t been seeing before. Controller actions weren’t responding properly, model relationships weren’t always behaving, and redirects following actions were hit-or-miss.

Continue reading→

Screenshot from ExploitBox's CVE-2016-10033 video

Keeping WordPress Secure

A few days ago, a YouTube video was passed around a few Slack teams I’m a member of showing a proof of concept of an unauthenticated remote code execution vulnerability in WordPress core (in other words, a way for people to execute arbitrary code on your server, which is obviously bad). The video, posted by Dawid Golunski of Legal Hackers, purported that the vulnerability was exploited against a clean installation of WordPress with no plugins and only the default configuration.

This morning, Dawid’s new site, ExploitBox, posted details about the vulnerability. In short, by spoofing a request’s “Host” header, it’s possible to trick WordPress into sending a password reset email with a return path pointing to a domain you control.

The author goes on to hypothesize that if an attacker were to first overload the target’s inbox with large messages (effectively filling it to the point that it couldn’t hold more messages), this would cause the mail host to “bounce” (reject) the message, returning it to the sender (the attacker). Assuming the returned email contained the body of the original message, the attacker now has the link that will allow them to change the user’s password.

Continue reading→

The Tuletornen residential project in Sundbyberg, Sweden

Schemify: Automatic structured data for WordPress

It’s been several months in the works, but I’m thrilled to announce that my latest WordPress plugin, Schemify, is now available on WordPress.org!

Schemify is designed to automatically generate Schema.org-compliant structured data for WordPress, with full customization capabilities through actions and filters. With Schemify, you can rest assured that Google, Bing, and other search engines see your posts as articles, pages as webpages, and ensure that your authors get the credit they deserve.

Best of all? Schemify is able to inject structured data into your site without you having to change your markup!

Continue reading→

A series of links in several chains

Using symlinks for WordPress MU plugins

If you haven’t run into them before, WordPress Must-Use (MU) plugins can be a great way to say “no, seriously, my WordPress site needs this plugin in order to function”. Other times, MU plugins may be used to activate required functionality that site maintainers don’t want the site editorial team to have to worry about (for example, caching plugins like Batcache).

There are a lot of things that can be done with MU plugins, but there’s one major limitation right out of the gate: WordPress MU plugins cannot run in sub-directories.

Continue reading→

Custom field IDs for Gravity Forms

If you haven’t had the chance to work with it before, Gravity Forms is pretty fantastic. I was first turned onto it a few years ago while I was at Buckeye Interactive, where it was a mainstay across most of our client sites. Besides presenting an easy-to-manage interface for building forms, the plugin also makes good use of the WordPress Plugin API (thus making my life way easier) and has a vibrant ecosystem of official and unofficial add-ons.

One area where Gravity Forms could stand to improve, however, is making it easier to identify fields. Let’s say, for example, we have a form where we’re collecting a name and an email address; outside of assuming that the regular text field is the name and the input[type="email"] is the email address, Gravity Forms doesn’t really have a straight-forward way to identify fields when you’re doing extra work with submissions (like sending them to a newsletter or a CRM system).

In my new role as Director of Technology at Growella, one of the first things I needed to figure out was how we could reliably map Gravity Forms submissions into third-party tools.

Continue reading→

A rainbow made of different file folders

Working with profiles for new sites in WordPress Multisite

I wanted to take a quick moment to share a pattern I stumbled upon last week while building something for a client: this particular client runs a large, multisite WordPress network and often needs to be able to provision new sites quickly. In this case, we recently built an new theme designed to handle press sites for live events (photos, transcripts, live streams, etc.), and while I could automate a lot of the setup process (there’s literally a one-click “set all of the defaults for me” button on the dashboard), provisioning the new site still means creating the site as a Network Admin, assigning the theme, and clicking that button.

It’s good, but we can do better.

Continue reading→

A photo of a mountain with increasingly smaller copies of the same image overlaid on top.

Automatically Set WordPress Thumbnail Sizes When Switching Themes

Right now, one of my main projects at work is a totally new theme for the official news outlet for a major corporation. Along with a million other changes, one thing that needs to happen ASAP after switching to the new theme is that the image thumbnail sizes – controlled through Settings › Media in wp-admin – need to be changed.

Of course, being the lazy, automation-obsessed developer that I am, I wanted to find a way to automatically set these thumbnail sizes the instant we changed themes. Fortunately, where there’s a hook, there’s a way to make this happen automatically.

Continue reading→

Ron Burgundy and the Channel 4 News Team (from the film Anchorman: The Legend of Ron Burgundy) jumping into the air

Cropping and Resizing Animated Gifs with Gifsicle

I recently had an interesting request on a client project: how can we resize animated gifs without losing the animation in the thumbnails? WordPress lets you upload animated gifs, but as soon as it resizes them the thumbnails are decidedly less animated. As a purveyor of fine, animated gifs, I can tell you that an animated gif with no animation is no gif worth having!

Fortunately, there’s a free, open-source library called Gifsicle designed to manipulate animated gifs. The fun part is using Gifsicle to resize your gifs for you, automatically.

Continue reading→

How did I not know about get_post_types_by_support()?

Every once in a while (well, more often then I’d care to admit, actually), WordPress core surprises me with a function that I had no idea existed. They often come in the form of utility functions, things written when developers decide “oh no, I have to write this piece of logic again?!”. Heck, there have even been talks on these hidden little bits of code that make the world a brighter place.

Today, that function is get_post_types_by_support().

Continue reading→

Page 3 of 7

Be excellent to each other.