Tags:

Defensive design in practice

Preventing user error

WP Install Profiles (WPIP) is easy to use, but it can be kind of hard to explain, when most users (myself included), are conditioned to ignore instructions.After the WPIP standalone app launched, a few users ran into a problem: instead of entering a plugin slug, they entered the full name of the plugin.Due to the way the WordPress API works, there’s no good way to search for a plugin by name; you need to have the plugin’s slug (the last segment of the URL for the plugin’s page in the WordPress Plugin Directory) in order to access its other properties.Full plugin names have two differences over plugin slugs: spaces and capital letters. I put together a friendly-but-unmistakeable message about the right way to add a plugin and set it to popup when the plugin name textarea contained either of the offending characters. See the popup image fullsize here.Obviously, this sort of validation alone isn’t enough. Server-side validation is a must, but the method below will prevent most problems before the bad input can get that far.Here’s the code that triggers the modal popup: (The .modal() function refers to Eric Martin’s SimpleModal.)


$('#plugins').change(function(){
var plugins = $(this).val();
var pattern = new RegExp('[A-Z, ]');

if ( plugins.match(pattern) ){
$('#pluginTitleWarning').modal({show: true, backdrop: true});
}
});

UPDATE: Since the validation was added, several dozen install profiles have been uploaded, all with perfectly-formed URL slugs.

Leave a Reply

Your email address will not be published. Required fields are marked *

.