Tag: AI (Page 2 of 2)

ChatGPT Wrecked Our Type of Content

September 28, 2023 / Tom

A few days ago, Carl and I were talking about the impact that ChatGPT and related technologies have had on those of who spend – or spent – a lot of time writing long form articles showing how to achieve things within the context of software development.

Both he and I, among others – perhaps including some of you who are reading this post or regularly read this blog – have been around long enough to remember what it was like growing up online, learning how the machine works, how to write code, and perhaps even studying it in both high school and college, and maybe beyond that.

The 90s

For me, it was a combination of AOL, the the programming forums, VB3, and then onward and upward to other languages, operating systems, and platforms from there. True story: The first copy of Linux I ever received was Slackware that someone I met in IRC sent to me via USPS. The site doesn’t look enough different today.

So many afternoons, nights, and evenings were spent hopping between playing games like King’s Quest (Six is the best and I’ll fight you for it) and then signing online to see what certain people were building (such as a TCP/IP checkers game built fully in Visual Basic) to random proggies people were using to manipulate AOL, and from trying to wrap my head around C++, to trying to make sense of Dan Appleman’s Programmer’s Guide to the Win32 API.

The 00s

Fast far forward to the early two thousands and sites like Stack Overflow come online (from the minds of long-time bloggers Joel Spolsky and Jeff Atwood, no less) and begin having perhaps the largest scale and gamified way to get your programming-related questions answered quickly.

In fact, I remember listening to the podcast on my iPod Shuffle while running through the suburbs of the north Atlanta metro area. They’d talk about how they were discussing certain aspects of the site from an object-oriented programming standpoint, the technology stack they were using – which was .NET – and they were using Subversion as their version control system.

And I’m old enough to be one of the double-digit user accounts. And I remember them growing into what was originally called The Stack Overflow Trilogy. It was a really cool time to be a young software developer working in web application development.

Today

All of this is to say:

I don’t recall a single new set of sites and/or technologies being introduced that so quickly impacted what those of us who do what we do for a living.

On Blogging

Sure, certain technologies or libraries or languages or tools have come and gone, but when I think about major inflection points of utilities that have impacted software developers, Stack Overflow and ChatGPT (along with its related technologies such as Copilot) are the first thing to come to mind.

I’m shooting from the hip as I’m drafting this late at night and should be giving this more thought, but I digress.

Anyway, during the conversation with Carl, he made the following claim:

I think ChatGPT wrecked our type of content

I’ve been rolling it over in my mind for the past few days not so much because I disagree – I actually firmly agree – but I’ve been thinking about the following two points:

It’s paradoxical. Bloggers wrote the content that helped train a massive LLM that ultimately negate the need for that kind of content. Granted, we could continue to feed the machine, so to speak, but LLMs can learn from themselves given the right interaction.
The goal was never to provide a quick way to copy and paste a solution, but how to learn how to solve a problem when you weren’t sure how to approach it. (And this is something that I think serves anyone in the field of applied computer science well.)

When you’re someone who enjoys writing about technical concepts for yourself and others, the ultimate goal isn’t to show someone how to quickly do something. More so, it’s to show how to approach problem solving in the abstract and to understand the tradeoffs of various solutions.

On Social Media

Then I got to thinking about all of the people in WordPress I’ve met over the years, then I got to thinking about all of the people in adjacent groups I’ve met over the years. Those work work in:

backend languages,
front-end languages,
content creators,
podcasters,
and so on.

So I decided to hop back on to X/Twitter for a bit to see how those people have been using the platform since ownership changed hands earlier this year.

And what I found during my, what you may call, straw poll was that there’s a lot of people who haven’t abandoned the platform at all. Instead, they subscribe for access to the premium features of the platform, who are writing long form content, who are sharing longer form content than I think we’d more likely see on some blogs just five years ago.

So then I brought all of this back to what I’ve traditionally written about and in the field in which I work, and I’ve noticed that there are a lot of people spending a lot of time writing about development work as it relates to WordPress on X/Twitter rather than on their blog.

And here’s why that strikes me as strange:

Old school tweeting was one thing because it included short statements that felt more like parts of a conversation. A very loud, boisterous, crowded conversation, but a conversation of sorts nonetheless.

Now, though, people are writing essays on their premium accounts about content related to a platform that targets the democratization of publishing. An essay does not a conversation make.

Further, publishing content on a platform about the software on which you work that aims to give people the goal to publish content so they can maintain it seems incongruent.

I don’t think anyone should have to make this claim but I’m not someone who cares one way or the other who owns X/Twitter or what’s going on with it from a socio-political-or-economic perspective. The observations I’m making wouldn’t matter who owns it.

Bringing It All Together

So how do I bring the various and seemingly disparate thoughts on all of this together to try to make a cohesive article? I’ll do what I can.

Writing about software development and trying to provide quick solutions to common problems are not the same thing.
Writing long form articles about the concepts in software development and looking for an answer from ChatGPT or related services are not related.

So the first question seems to come to something like:

When people are given the choice to choose between the two, will they search the archives aggregated via RSS first or go to ChatGPT first?

Though the goals of this question are not mutually exclusive, I think getting an answer fast often outweighs the “I’m looking for an answer but it was neat to also read about someone else’s situation while searching for it.” And this is why ChatGPT has “wrecked” some of the content a bunch of us typically write.

It’s not because we don’t want to write it (and no one is stopping us), but it’s hard to know just how many people come for the content and stay for the answer versus come for the answer and stay for the content.

The answer, then, seems to lie somewhere in between either continuing to write as usual, which is a completely viable option, or do what content creator types do and bring the content to the table in a way that’s compelling enough to keep people coming back (or turning in, or watching, or smashing that subscribe button and remembering to hit the bell).

The second observation, though, is a bit less clear to me. Before X/Twitter changed hands, people were already involved in a number of different areas online such as Slack channels for Post Status or The WP Minute, Facebook groups, but they also tended to maintain their own site while sharing their shorter content on X/Twitter (for reasons that I’ve already covered).

Now, the whole thing is all over the place:

Some are spending a lot of time writing long form content on X/Twitter,
Some are participating in various Slack channels,
Some are participating in various Facebook Groups,
Some are blogging,
Some have pulled back from the social web,
Some are doing none, multiple, or all, of the above.

Having choice is fine and picking where to hang out is great – it’s the whole go where you feel most welcome kind of thing – but the degree and/or ways in which many of us have changed in 2023 alone is really something to observe.

Where We’re Headed Isn’t Clear

And, as I said at the outset, the solution to this isn’t clear. If I had to summarize my take it would be something like this:

Long form posts for those on X/Twitter has increased this year and the amount of content people are sharing on their own blogs and syndicating it to X/Twitter has decreased.

I have to leave it at that for now because I don’t know what to make it of it. Maybe it’s just the way it is.

Anyway, Carl also made the comment in our conversation:

I think there’s still space for teaching and writing about concepts

And I agree with this, too. The thing is, I don’t think the way we’ve historically done is it the way to do it moving forward. I won’t be the guy who’s writing his thoughts on X/Twitter (not as a protest or anything) because I don’t see the medium has particularly useful for that in the long term.

I still think blogging and ultimately publishing content on your own property and syndicating it out to social networks is ultimately better than inverting how it’s done (though that’s what’s happening right now).

People can read the content and then take the social aspect of to social media. Or they can drop an email in our inbox. Or they can consume it and move on.

Regardless, how the content is produced is presented is likely the next challenge for those of us who have historically done long form technical writing. And I don’t know what that looks like right now.

Exciting times ahead.

Easily Set Up and Use Visual Studio Code and Other Tools for Python Development

September 1, 2023 / Tom

If you’re to go through the archives of the content here, you’re going to find majority of articles dealing with PHP, JavaScript, HTML, CSS, and variations thereof and all of which will likely be around building solutions on top of WordPress.

But a couple of decades(!) ago, I was working with Python – and other languages – when I was in college. And given some side projects that I’m working on right now, I’m using it again.

This time, though, I’ve got an environment set up that I really don’t want to leave and I want to be able to easily go back and forth between working with PHP and related tooling to Python and similar tooling with as little context switching as possible.

This includes:

easily installation of the runtime,
working within my IDE of choice (which is Visual Studio Code),
easily debugging code,
having proper sniffers and fixers for coding standards,
easily generating docblocks for the code,
and more.

Though it’s obviously outside the content I normally write but given that I’m doing this more and more, I thought I’d share everything I’ve done to set up a Python development environment as a PHP developer.

Summary

If you’re curious about everything covered in this article, here’s a list:

Installing Python via Homebrew
Setting Up Visual Studio Code
- Installing the Python Extension
- Configuration the Python Environment
- Python Coding Standards
- Debugging Python Code
GitHub Copilot
- Installing the Extension
- Generating DocBlocks
- Explaining Code
Conclusion
Resources

Visual Studio Code and Other Tools for Python Development

Installing Python via Homebrew

The majority of the software I install is through Homebrew and I’ve covered it more extensively in the article I wrote when I first set up the machine I use each day.

You can check to see if Python is already installed on your system by running $ which python on your machine. At this point, though, you’ll likely see something like python not found. This is because the Python binary is, at the time of this writing, is python3.

So run $ which python3 and if you’re given a path, then you’ve got it installed. If not, run the following:

$ brew install python

After this, you should be able to run:

$ python3 --version

And you’ll see the current version you’re running. For this article, I’m running 3.9.6.

Don’t Forget `pip`

pip is a Python package manager much like Composer is a PHP package manager so I’ve not found a reason not to install it.

It should be installed by default if you’ve installed Python via Homebrew. Make sure you’re running the latest version. To do this, enter:

$ pip3 install --upgrade pip

Once the process is done, the initial work for installing and setting up Python is done.

Setting Up Visual Studio Code

My goal is to make sure I can swap between PHP development and Python development as quickly as possible by just opening a new instance of the IDE.

Installing the Python Extension

To install the Python extension for Visual Studio Code:

Navigate to the Extensions you have installed (you can use cmd+shift+x on macOS to do this.
If Python is not already installed, search for python and make sure it’s the extension that’s authored by Microsoft. Install it and, if requested, restart Visual Studio Code.

Before getting started with Python in Visual Studio Code, there are still a few things to do.

Configuring the Python Environment

If you’re like me, then whenever you restart Visual Studio Code, it’s going to have Python installed but still look and function much like it would any other time you open it. That is, it’s going to act like it’s a standard PHP editor.

Things change whenever you want to start a new Python-based project (be a single file or something more complex).

Select the Python Interpreter you want to use in your projects. To do this, open the command palette by first pressed cmd+p then typing “Python: Select Interpreter“. Essentially this is asking which version or which binary, of all those that may exist on your system, do you want to use when running your code. Depending on your set up, you’ll see a number of different options (one will also be Global and one will also be Recommended). I favor the Recommended option because it should be the one provided by Homebrew (though it’s possible to have both Global and Recommended be the same, too).
You can now create a new Python file or open an existing one. The Python extension provides various features, including code highlighting, code completion, linting, debugging, and more.
If you opt to create a new file, you’ll need to choose an environment type in the current workspace. There are two types, Venv and Conda. What you opt to use depends on your needs. For the purposes of this article, I’m using Venv.

At this point, Visual Studio Code is ready for Python-based projects along with everything that comes with the environment. This includes IntelliSense, debugging, and running scripts.

But if you’re coming from another development background, you know there’s more to do such as debugging code, coding standards, sniffing and fixing code, docblocks, and and using modern tools like GitHub Copilot to help with any, all, and more than the above.

Python Coding Standards

As is the same with other programming languages, Python has it’s own set of coding standards. When it comes to using Python, all of this is already built into the extension out-of-the-box so there’s very little that we have to do.

PHP Coding Standards, DocStrings, etc.

First though, it’s worth knowing where to look should you need to reference something just in case. At least this is what I find to be the case whenever I’m curious about some standard or decision the plugin makes when it formats my code. Here’s a concise list of resources I have available:

PEP 8 — Style Guide for Python Code. PEP 8 is the official style guide for Python code.
PEP 257 – Docstring Conventions. PEP 257 provides guidelines for writing docstrings (documentation strings) in your code.
Python Coding Style and Naming Convention. A guide on coding style and naming conventions in Python.

Using the Python Extension to Format Code

Assuming you’ve got a file set up in Visual Studio Code, call it hello.py or whatever you’d like, and you’ve selected Venv (or Conda, should you so choose) as your environment of choice, then you’re ready to start writing code, formatting it, and adding inline code to it.

First, in your settings.json file, make sure that you’ve added the following directives:

"editor.formatOnSave": true,
"": {
    "editor.defaultFormatter": "ms-python.autopep8",
},

This will ensure that even if you miss any formatting in the document, it will format it whenever you save it.

Secondly, start by writing a basic function that’s essentially the classic Hello World except it will accept a string and say Hello to whatever you pass to it.

def hello(str):
    return "Hello " + str + "!"

Obviously this function won’t do anything until it’s invoked. So it’s possible to either just invoke the function by using print or we can get a bit more involved with Python and look at how to accept command line arguments while building out this functionality.

Let’s do the latter. To do this, we’ll need to import the sys package and then look at the arguments that are passed to the script. A very rudimentary way of doing this is to look at the arguments and blindly accept the first argument as the the name.

import sys

def hello(str):
    return "Hello " + str + "!"

args = sys.argv
if len(args) > 1:
    print(hello(args[1]))

Now when you run the script, you can run $ python3 hello.py Tom and the output should simply be “Hello Tom!”

But, as mentioned, there are a lot of problems with this implementation the least of which is not blindly accepting output. I’ll come back to this point later in the article.

Before finishing, let’s add one more function that’s formatted like this:

def goodbye(str):
return "Goodbye " + str + "!"

Functionally, this looks fine but it’s ill-formatted per the Python coding standards and if you’re editor is properly set up, then you should see something like the following image:

When you hover over the underlined code, you’ll see a message that reads Expected indented block. So indent the block per the coding standards and you should be good to go.

Finally, update the main file to say goodbye so that it looks like this:

import sys


def hello(str):
    return "Hello " + str + "!"


def goodbye(str):
    return "Goodbye " + str + "!"


args = sys.argv
if len(args) > 1:
    print(hello(args[1]))
    print(goodbye(args[1]))

Debugging Python Code

When working with PHP, it’s a bit of work to get Xdebug set up and working and configured in Visual Studio Code. It’s not has bad as it once was, but it’s also more of an involved process than it is in Python.

Out-of-the-box, the Python extension for Visual Studio Code handles the majority of this for us. Instead of having to configure any third-party module, enable it in a configuration file, then set up a configuration in the IDE, we simply set breakpoints, add watches, and all of the usual actual debugging tasks in Visual Studio code. Then we just tell the editor to Run and Debug.

But given the code above, we can’t simply press a button and run because it’s expecting input from the terminal. There are two ways to handle this.

We can set up an else so that it defaults to an empty string,
We can edit the code inline during debugging.

Each of these are useful in their own context.

Set Up a Conditional

The easiest route is to first set up an else case. The block of code may not look like this

args = sys.argv
if len(args) > 1:
    print(hello(args[1]))
    print(goodbye(args[1]))
else:
     print(hello("World"))
     print(goodbye("World"))

Now if you run the script from the command line, you should see it output Hello World! It should also output Goodbye World!

Now if you set a breakpoint on either of the function calls, let’s say print(hello("World")) and start the debugger, you’ll see the familiar interface that you see when debugging PHP.

From here, you can do the usual debugging behavior. If you’ve set the same breakpoint as I’ve set above, then click on Run and Debug and you should see see the debugger hit breakpoints, add variables to the Watch list, and all of the usual inspections that you can do to variables, function calls, and so on.

But if you’re debugging arguments that come in via the command-line, what then?

Edit Values Inline

I don’t know how often you’ve done this in the past but I’ve find when working with web applications, this can be extremely useful especially with data coming in from another source (like a POST request).

To do this in Visual Studio Code, simply set a breakpoint as you normally would. Assuming you’ve got a variable name set in the Watch list and the breakpoint is on the line where the variable is invoked, then you can modify it by two-finger Set Value.

This will allow you to change the value in real time and then see the output of the result once done. And if you want to do this with command-line arguments, then set a breakpoint and a watch when args is set and change the value to ['...', 'Tom'] and you’ll find that you’ve now simulated updating command line arguments.

GitHub Copilot

As a developer, one of the coolest or nicest or more useful tools to come out in the last year is GitHub Copilot and GitHub Copilot Chat I’ve talked a little bit about my thoughts on using AI when writing software and I stand by it.

This particular extension has made it easier to more quickly understand code when I’m lacking context, generate docblocks faster and more concisely than I normally can, and even recommend suggestions for making sure I’m following best practices regardless of what I’m doing.

But in the context of using Python especially as someone who’s more rusty on it than other languages, I’ve found it extremely helpful when bringing me up to speed when I want to achieve something (such as how to retrieve command line arguments).

To do this, though, we need to install and configure the extension.

Installing The Extension

First, I recommend installing both of the following:

GitHub Copilot. This utility is primarily focused on helping developers write code more efficiently by providing intelligent code suggestions and autocompletions based on the context of their code. It is designed to enhance the developer’s coding experience.
GitHub Copilot Chat. GitHub Copilot Chat beta provides a natural language chat interface to engage with GitHub Copilot, an AI developer tool or “AI pair programmer,” and get coding information and support for tasks from explaining code to finding issues and fixing them.

Note this is free for open source projects. If you’re working on anything that’s licensed as such, then there’s no need to pay; however, if you’re working on anything that’s closed source, it costs money.

Further, note that whatever license you use, make sure you pay attention to the settings GitHub asks as it will ask if it can use your source code to training their language model. For some, it’s not a big deal; for others, this isn’t something you want to do; however, if you’re working in open source, it’s probably expected to share it.

If you’re ensure and you’re not self-employed or you’re using it for an official project for your employer or for someone else, then be sure to ask them.

Generating DocBlocks

Assuming you’ve got GitHub Copilot and Copilot Chat installed, here’s how you can use it to quickly generate aspects of your code that are generally mundane (such as DocBlocks).

Looking at the following function:

def hello(str):
    return "Hello " + str + "!"

Let’s ask Copilot to generate a docblock for it. There are two ways to do this:

You can ask Copilot to generate it inline using a menu item and then ‘accept’ the results to have them automatically inserted.
You can ask Copilot Chat to generate it and then copy and paste the results into the editor.

We’ll look at an example of the latter in the next section so let’s use the first option to generate a docblock.

First, two-finger click or right-click on the function signature and select Copilot > Generate Docs.

Once it’s done processing the code, you’ll likely see something like this:

For the purposes of this acrticle, I’ll accept it. Once done, your function should look something like this:

def hello(str):
    """
    Returns a greeting message with the provided string.

    Args:
        str (str): The name or string to be greeted.

    Returns:
        str: A greeting message with the provided string.
    """
    return "Hello " + str + "!"

You can do this for the rest of the functions in this file or whatever file on which you’re working. In addition to making this much quicker, it also follows the coding conventions of Python so you don’t have to tweak it after the fact.

Explaining Code

Now let’s use Copilot Chat to explain a section of code in the chat window provided by the extension. Since we know how to generate documentation, let’s use the feature to explain the conditional we have.

Specifically, let’s look at this:

args = sys.argv
if len(args) > 1:
    print(hello(args[1]))
    print(goodbye(args[1]))
else:
     print(hello("World"))
     print(goodbye("World"))

Select the block of code in Code, then click on the Copilot Chat icon in the Activity Bar. Next, you can either prompt it with something like “Explain this code” or you can use one of the built in commands it offers such as /explain.

If you use the latter, it should return a lengthy response. Something like this, perhaps:

This Python code reads command-line arguments using the sys.argv list. If there is more than one argument, it calls the hello and goodbye functions with the first argument and prints the results. If there is only one argument, it calls the same functions with the string “World” and prints the results.

The hello function takes a string argument and returns a greeting message that includes the argument. The goodbye function takes a string argument and returns a farewell message that includes the argument.

This code demonstrates how to use command-line arguments in Python and how to call functions with arguments. It also shows how to use conditional statements to handle different cases based on the number of arguments passed in.

To improve the readability of this code, we could add comments to explain what each part of the code does. We could also use more descriptive function and variable names to make the code easier to understand. Additionally, we could use f-strings to format the greeting and farewell messages instead of concatenating strings.

If you want to make the code more succinct, leave the block of code highlighted then prompt Chat with “Make this code more succinct.” It should return something like this:

arg = sys.argv[1] if len(sys.argv) > 1 else "World"
print(hello(arg))
print(goodbye(arg))

And for good measure, let’s ask it to generate a single-line comment to explain what this block of code is doing. We can use a more specific prompt such as “Explain this in a single line comment.”

The first result may be something like this:

This Python code reads a command-line argument and calls the hello and goodbye functions with the argument, or “World” if no argument is provided, and prints the results.

But given that I’m coming from a PHP background, I’m used to inline comments being no more than 120 characters so I’ll prompt Chat with the following: “Shorten the last answer to no more than 120 characters.”

Then it returned this:

Python code reads command-line arg, calls hello and goodbye with arg or “World” and prints results.

And since we’re in Python, we can remove the “Python code” phrase and just go with:

Reads command-line arg, calls hello and goodbye with arg or “World” and prints results.

The final version of your IDE may look something like this.

And that’s it for the initial primer on how to use Visual Studio Code and Other Tools for Python Development.

Conclusion

I obviously contend that AI is more of an assistant to writing software than anything else, but I found this to be a unique case to document. This covers how to use things such as GitHub Copilot and Copilot chat, but also how to set up a new language in Visual Studio Code and leverage modern tools to get easily onboarded or get brought up to speed on how to do certain things in the language.

It’s easy to feel utility to technology fatigue with so much happening in our space. Each month, it seems as if there’s some new pre-processor, linter, JavaScript utility, security analyzer, or something else that promises to make us more product or write better code or get things done in such a way it’s more maintainable.

Perhaps some or all of that is true.

But in all of the years of writing web applications, I’ve yet to really find anything that’s increased productivity and learning so much as I have with using GPT-based tools. And though it’s useful in my day-to-day work in writing PHP and related code, it’s also been extremely useful in getting up to speed with writing, debugging, documenting, and being brought up to speed on Python, too.

Resources

Is It Worth Using ChatGPT to Help Secure Source Code?

August 16, 2023 / Tom

To cut straight to the point, I’m not going to say we need to rely on AI tools to help us to write truly secure code. This isn’t to say we can use tools like ChatGPT to help secure source code, but given how these utilities are trained via their LLMs, there’s only so much they can provide. In short, don’t short change security analysts who are, by nature, trained in this very thing.

That said, I’ve been using tools such as ChatGPT and other AI developer tools to help make recommendations on making code more secure. I’ll give a basic example of what I provided, what it produced, and my thoughts on it.

Note this is but a single, isolated, and simple case so there’s only so much that it can recommend. The bottom line, for me, is not so much the code it recommended but how it offered to change that I’d originally written (and then researching the why it opted to use certain function calls over others).

The Intent of the Code

In the function I’m going to share, the purpose is to look at data in the REQUEST_URI of the $_SERVER array, separate the components of the URI, and then analyze them to determine what best course of action to take.

Namely, do we break it a part and redirect to another page or do we duck out of the functionality because it’s malformed or doesn’t fit with the scheme of the rewrite rule I have in place.

The Code

The Initial Function

I wrote the initial function like this:

add_action('template_redirect', function() {
  $requestUri = $_SERVER['REQUEST_URI'];
  $requestUriParts = array_filter(explode('/', $requestUri));

  if (
    count($requestUriParts) === 2 && 
    $requestUriParts[0] === 'report' && 
    is_numeric($requestUriParts[1])) {
        $userId = intval($requestUriParts[1]);
        include plugin_dir_path(__FILE__) . 'templates/report.php';
        exit;
    }
});

Granted, I made some concessions to keep it relatively simple. That is, there are no exception handling and there are no conditionals to handle the case when indexes of the array are invalid.

But part of this is to see just how much AI can improve the code above. They key things to take away, despite it not handling situations outside of the conditional, are:

I’m verifying the array has the proper number of parts,
The first index of the array is report,
The second index of the array is an integer,
And if all of the above is true, then we’ll redirect to a custom template.

Again, there are some immediate issues that you can spot with this (such as the case of strings, the range of integers for user IDs, and if the file even exists.

But I digress. This is what I fed into ChatGPT to help secure source code.

The Secured Code

Given the code above, this is what ChatGPT produced:

add_action('template_redirect', function () {
    $requestUri = filter_var($_SERVER['REQUEST_URI'], FILTER_SANITIZE_URL);
    $requestUriParts = array_values(array_filter(explode('/', $requestUri)));

    if (
        count($requestUriParts) === 2 &&
        strtolower($requestUriParts[0]) === 'report' &&
        ctype_digit($requestUriParts[1])
    ) {
        $userId = intval($requestUriParts[1]);

        // Validate $userId and ensure it's within an appropriate range
        if ($userId > 0 && $userId <= 1000000) { // Adjust the upper limit as needed
            $templatePath = plugin_dir_path(__FILE__) . 'templates/report.php';

            // Check if the template file exists before including it
            if (file_exists($templatePath)) {
                include $templatePath;
                exit;
            } else {
                // Handle the case where the template file is missing
                die('Report template not found.');
            }
        } else {
            // Handle invalid user IDs
            die('Invalid user ID.');
        }
    } else {
        // Handle invalid URLs
        die('Invalid URL.');
    }
});

Some of the things that immediately jump out at me in terms of improving the code are:

FILTER_SANITIZE_URL
strtolower on the report component of the URL
ctype_digit rather than is_numeric
Verifying a proper range of user IDs
Verifying the template file exists
Handling each case where it could fail

Now in terms of security, I don’t know where this would fall given that it’s not writing or reading data so much as sanitizing and validating it before redirecting a user to a page that should exist.

But I did like the steps that it took as they are things that we should be implementing naturally as engineers. Namely, sanitizing URL, verifying files exists, and making sure ID ranges are acceptable.

This is what struck me as the most interesting part though:

is_numeric. Determines if the given variable is a number or a numeric string. (A PHP string is considered numeric if it can be interpreted as an int or a float.).
ctype_digit. Checks if all of the characters in the provided string, text, are numerical.

Given the definitions above, we can verify that is_numeric(-5) would return true where ctype_digit(-5) would return false. Further, is_numeric(5.5) will be true and ctype_digit(5.5) will be false. This is important, especially when you’re working with non-negative whole numbers such as those that represent user IDs in a system such as WordPress.

I’m not recommending writing lazy code (like my example code above 🙃), feeding it into an AI system, and letting it do work for you. But if you’ve written something as strong and secure as you believe you can, then feeding that to an AI makes more sense as it can help take you a little further. And if you have a security analyst on your team, don’t hesitate to reach out to them for a code review.

For all the talk of AI replacing humans, we’re there yet – not in this field. But that’s not a discussion I care to have right now. If nothing else, using AI tools such as GitHub Copilot and ChatGPT to help secure source code isn’t a bad idea, but it’s not the best idea and it doesn’t replace someone who’s on your team. AI is going to be truly limited by its contextual knowledge of the environment and constraints of the system.

If anything, perhaps they are code assistants and nothing more.

Bankruptcy on Block Editor Blocks (But It’s Not What You Think)

April 21, 2023 / Tom

In August 2022, I started a series on Learning to Build Block Editor Blocks and I continued it for several months. The last thing I wrote in the series was the following:

So as I continue with the series, we’re first going to look at what’s required to implement a custom block that includes:

a heading,

a paragraph,

and an input field to help guide the ultimate output.

We’ll continue to use the customization options we’ve outlined in this post and show how we can apply them to what the user provides and how to ignore them for what we, as the developer, provide.

After that, we’ll look at adding an input to the frontend of the site as well as incorporating a SlotFill.

And though I had intentions to follow through starting at the beginning of the new year, I obviously never followed through with the series. In all of the years that I’ve been writing, sharing code, and generally participating in all things PHP, WordPress, and development, I don’t think I’ve ever simply declared bankruptcy on an actual series or even just on the consistency of blogging in general.

But that’s what I’m doing in this post.