I’ve just taken a look at the admin scripts today for the first time, as my WP site was hacked. I nearly fainted - it looks like something written ten years ago by an absolute beginner.

The main complaint I have, is that they don’t write code with safety in mind. By that, I mean code that will be resilient to the next developer coming along and changing it. Just enforcing the use of {curly braces} within if {…} else {…} statements would go a long, long way to avoiding stupid bugs.

Then there is code and HTML mixed in the admin scripts - very hard to read and follow.

Lastly (from my fairly quick perusal) - references to _POST all over the place. Instead of a single entry point to pick up use data and validate it at the same time, scripts reference _POST freely everywhere, and validate it using preg_replace() too. There is no one place where the code can say “give me variable foo and make sure it is an integer”. That is leaving the door wide open to stupid validation errors and hacks.

And that, appears to be what has happened to my site.

It is time the code base was dicarded and rewritten with fewer entry points, less duplication, everything (and I mean ALL code) wrapped up in objects and functions, rather than being global in-line, and a better system for handling user input.

I daren’t look at how the database access is handled…

– Jason

How can the config file be part of the call-cain?
How can one mix HTML, CSS, Javascript and PHP in one file in the year 2009?
How can you programm a wide spread web app with the “one site one file” paradigm these days.
They truely need some design patterns!
FrontController, Model View Controller, Active Record and Decorator Pattern would be a good start.

True - you don´t have to be pretty to be famous.
But you have to have values to be worth something. (Hope this expression works in english ;) )

Lenz

Having old roots might make the code seem mature, but for me mature code also has to be well documented, something which the WordPress code cannot claim to be.

I have not yet tried LightPress, but maybe I will. Since it runs on top of WordPress I imagine that switching will be easy. Thanks for the tip.

I can understand very well what you are trying to say. Most of it results from the fact, that Wordpress grew out of b2, which had the same problems. But a few years back and with a lot smaller code base that was (a little) less of a problem. I don’t think it’s possible to change the minds of the many people that are comfortable with the code, because they have gotten used to it. Refactoring that mess is a major, major task.

A rewrite would likely be faster (but of course has its’ own problems). However that would probably not fair well with users, because it could break many plugins, one of the major advantages of WP wrt to other blogsoftware. (There is a lightpress project which basically tries to do just that, my first impressions have been quite positive). I am afraid this is a take it or leave situation, I left it (b2 that is) and went to Textpattern, which also has little to no documentation in the code, but has a lot less dependencies, less global variables, and generally more readable code (IMHO).