Tweet This, go fuck yourself
Howard Beale put it best when he said that he was mad as hell and not going to take it anymore. This is how I feel right now after having to deal with the Tweet This WordPress plugin. Simply put, this plugin is the fucking worst. This plugin is so bad, that I’m writing my first blog post in almost two years so I can publicly rant about this and get it out of my system.
Today, the public-facing side of our WordPress installation went down. Hard. The admin panel loaded, albeit very slowly, but was still available. At first I thought the problem was Apache acting up, as per usual. Restarted Apache, no change. Time to check the database. Database is good, off to the error logs. Ah ha!
PHP Warning: fopen(http://th8.us/ttph.php?s…….. in plugins/tweet-this/tweet-this.php on line 29
PHP Warning: fread(): supplied argument is not a valid stream resource in plugins/tweet-this/tweet-this.php on line 30
PHP Warning: fclose(): supplied argument is not a valid stream resource in plugins/tweet-this/tweet-this.php on line 30
Loading up http://th8.us in my browser and it times out. I try to ping it and still nothing; it’s down for the count. My immediate thought is that this plugin is opening up HTTP connections for every post for people who want to, or are trying to, share posts on Twitter. So I load up the Settings and change the default URL shortener to TinyURL and restart Apache for good measure. Load up the error logs and it’s still coming through. Try to load up the site and nothing. Joy. Time to roll up my sleeves and dive into this code.
I put on a pair of 3d glasses, because apparently this developer has never heard of, or practiced, writing readable and maintainable code, and find this nugget.
// Big brother is watching.
function tt_phone_home($status) {
global $current_site; global $wpdb; $wpv = get_bloginfo(‘version’);
$siteURL = $current_site->domain; $blogURL = get_bloginfo(‘url’);
$title = get_bloginfo(‘name’); $email = get_bloginfo(‘admin_email’);
$description = get_bloginfo(‘description’);
$lang = get_bloginfo(‘language’);
$posts = number_format($wpdb->get_var(“SELECT COUNT(*)
FROM $wpdb->posts WHERE post_status = ‘publish’”));
$settings = $wpdb->get_var(“SELECT option_value
FROM $wpdb->options WHERE option_name = ‘tweet_this_settings’”);
$phone = tt_read_file(‘http://th8.us/ttph.php?s=’ . $siteURL . ‘&b=’ .
$blogURL . ‘&v=1.3.9&u=’ . $status . ‘&p=’ . $posts . ‘&t=’ .
urlencode($title) . ‘&d=’ . urlencode($description) . ‘&l=’ .
urlencode($lang) . ‘&e=’ . urlencode($email) . ‘&w=’ . $wpv .
‘&x=’ . urlencode($settings));
}
What the fuck is this shit? tt_phone_home()? It’s sending home our site URL, blog URL, installed version of WordPress, amount of published posts, blog title, description language and the administrator email. Fan-fucking-tastic. Mention of this is nowhere to be found in the plugin readme or FAQ.
If you’re going to have a plugin phone home on every page load, and not tell anybody about it or have any setting to turn it off aside from commenting it out, you damned be sure to make sure that server never goes down, or at least have your file_get_contents() call in tt_read_file() timeout instead of just sitting there opening up connections to a dead host.
Tweet This, go fuck yourself.
2 comments