Follow

Few days I ago I started working on a plugin.

Please understand I'm not really a fan of WordPress, this is very rare for me to work on a plugin.

Already it does nonce's better (what WordPress calls a nonce does not meet the definition) and does passwords better (argon2id) - right now I'm working on the gravatar part. 1/

· · Web · 0 · 0 · 0

The problem with Gravatar is that it's a tracking nightmare. Not only does gravatar.com use third party tracking cookies, but the avatar is based on an unsalted md5 hash of the user's e-mail address making it easy for *anyone* to discover the e-mail address of who made what comments on a WordPress blog. 2/

So - the WordPress function that does that is `get_avatar()` in the `pluggable.php` file. I use to have a plugin that fixed that issue by salting the hash first, but that was years ago and WordPress bastardized how the gravatar functions work.

I really wish WordPress just used actual namespaced classes for stuff like this, but it doesn't.

3/

So - I created a generic class called "groovtar" in my namespace. It does not depend upon any WordPress functions, and I wrote it so that I could use it elsewhere - and eventually change the url for the avatar to something that doesn't track but I may have to create such a service. If I do, generated avatars will be SVG.

Anyway - I then extend that Groovytar class to make WordPressGroovytar that has the WordPress specific functions.

4/

For example, it needs to be able to extract a e-mail address to hash from a postid because WordPress wants to do that sometimes.

The extended class is then called by my replacement for the `get_avatart()` function.

One of the nice things about an abstract class and an extended class is I can easily unit test the abstract class with phpunit - unit testing WordPress plugins are hard because 5/

they basically need all of WordPress, but by making abstract classes that do not use WordPress defined functions, I can at least write unit tests for the bulk of the plugin *as well* as having the ability to re-use those classes elsewhere.

Well, time to start testing the gravatar privacy fixes...

Right now only obfuscates the e-mail hash, gravatar still tracks. An alternate service will take time.

6/end.

Sign in to participate in the conversation
Switter

Switter, a sex work-friendly social space. Check out Tryst.link, our verified escort directory. Looking for listings? Visit Switter Listings Looking for Backpage alternatives?

Browse thousands of escorts, BDSM providers, sensual masseuses, and more at Tryst Link – the leading independent escort directory.
Canberra escorts, Melbourne escorts, Darwin escorts, and more!

This website contains adult content

By continuing to use Switter, you agree that you are over the age of 18 and have read and agreed to our terms.

Parents/guardians, you can learn more about online safety in the Assembly Four parents guide to adult content.