Five years ago, I created JSON Table Editor. Recently I have the time to revisit the project and do some minor bug fixes and enhancements.

1. Array editing.
   In previous version, loading an array of string will give you a table of characters. This is embarrassingly wrong.
   

   The updated version has no more of this problem.

   

2. Improvements on multi-level object editing.
   I changed the button title from ‘Save to Upper Level’ to ‘Finish Editing’, which is more appropriate. I also make the window closed when you click ‘Finish Editing’ button. I also show the updated JSON so we can notice the changes.
   
   The changes also propagated all the way to the top. In previous version, on each child-window we need to click the ‘Save to Upper Level’ button.
   
3. Limiting the proxy
   The proxy in the previous version is just a dumb proxy. It fetches any url requested and dump whatever content. I see a potential misuse here. So I limit the proxy to only fetch JSON, CSV and raw/text content.

   <?php
   $qUrl = $_REQUEST["q"];
   // create a new cURL resource
   $ch = curl_init();
   // set the URL
   curl_setopt($ch, CURLOPT_URL, $qUrl);
   // get only the Head
   curl_setopt($ch, CURLOPT_NOBODY, true);
   // curl_exec return value instead of directly to out
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
   // do the request
   $res = curl_exec($ch);
   // check the content type
   $contentType = curl_getinfo ($ch, CURLINFO_CONTENT_TYPE);
   //only accept json, csv
   curl_close($ch);
    
   //error_log($contentType);
    
   if (strpos($contentType,'/json')!== false || strpos($contentType, '/csv')!== false || strpos($contentType, 'text/plain')!== false)
   {
      // ... SNIP ...
      // Normal CURL processing
   }
   else {
      //error_log('Not JSON');
      echo "Invalid resource. We only retrieve JSON/CSV/text resource. The requested URL returned ".$contentType;
   }
   ?>
   

That’s all, folks! Looking forward to hear your thoughts. Cheers!

The past few days I have been scratching my head due to this seemingly simple problem. I can’t change the order of the pages in my Visio document.

Everytime I tried to drag the tab and change the order, it simply refused as shown above.

Today, I finally found out the cause. I need to change the Page Type from Backgroundto Foreground.

Once I did change to all pages, I noticed that the tab title is no longer italic.

Today I noticed that the comment’s author pictures are broken. Some are visible, some are not.

Using Chrome’s Inspect Element function, I can see that the image URL starts with http://0.gravatar.com/avatar/. When I opened the image URL, Chrome shown “This site can’t be reached” error. My first instinct was replacing http with https. And voila… the the image loads.

Now I need to make this fix permanent on this blog. Digging through the sidebar source code, I found that the avatar image URL is produced by this function: get_avatar (codex URL). This function can be found inside file wp-includes\pluggable.php.

I proceed by adding this change at line 2415 (WordPress 4.8)

	if (strpos($url,"gravatar")>=0)
	{
		$url = str_replace("http://","https://",$url);
	}

Then I realized that my changes could be overwritten by WordPress future updates. Luckily, this function is pluggable. I can just copy over the whole function into my theme’s functions.php. I need to put the function into a plugin and then activate it. This is the only way to override the default get_avatar function.

Since I felt that my approach of using str_replace is probably the worst :D, I Googled for this topic. As it turned out, someone asked about this topic 3 years ago. In that page I confirm that my approach is indeed bad. There is a parameter to indicate what protocol Gravatar will use.

get_avatar( $id, $size, null, false, array('scheme' => 'https') );

By default this parameter is set to null. So I just need to change it to ‘https’.

function get_avatar( $id_or_email, $size = 96, $default = '', $alt = '', $args = null ) {
		$defaults = array(
			// get_avatar_data() args.
			'size'          => 96,
			'height'        => null,
			'width'         => null,
			'default'       => get_option( 'avatar_default', 'mystery' ),
			'force_default' => false,
			'rating'        => get_option( 'avatar_rating' ),
			'scheme'        => 'https', // 'scheme'        => null,
			'alt'           => '',
			'class'         => null,
			'force_display' => false,
			'extra_attr'    => '',
		);
   // ... SNIPPED ...
}

Finally, I bundled this function into a plugin called gravatar-secure. I didn’t bother to submit this plugin to WordPress Plugin Directory since it’s too simple 😀

So if you have similar issue to what I have, you can download the zip file below, extract and examine the source code. Once you’re sure my code is not malicious, you can upload the gravatar-secure folder into your WP’s plugins folder then activate the plugin.

Disclaimer: No guarantee, no warranty whatsoever. Do at your own risk.

the plugin in action here at this blog