WP e-Commerce breaks intentionally other Plugins or Themes

codestyling | 10. June 2011 | 12:29

Since days I got incomming questions about my plugin “Codestyling Localization” with the same problem: “Why does it not work?” I spent a lot time to find the reason for, thanks to a commenteer pointing me to the e-Commerce WordPress plugin. After activation of this plugin, my plugin suspends its functionality.
After investigation of e-Commerce I was shocked. I found code at this plugin showing a lot of ignorance in programming a plugin and doesn’t play cooperative with any other plugins or themes!

… keep the plugin working brute force

WP e-Commerce seems to claim the right, that it is the only one plugin at your blog. If it isn’t the case, this plugins claims the right to dictate, what other plugins can do or not. It behaves link a king and all other will get a bad break.
Where this harsh statement comes from? It’s very easy and can be shown best with code snippets from this plugin in version 3.8.4 from WordPress repository:

PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

/**
 * wpsc_admin_css_and_js function, includes the wpsc_admin CSS and JS
 * No parameters, returns nothing
 */
function wpsc_admin_include_css_and_js(  ) {
	$siteurl = get_option( 'siteurl' );
	if ( is_ssl ( ) )
		$siteurl = str_replace( "http://", "https://", $siteurl );
 
	wp_admin_css( 'dashboard' );
	//wp_admin_css( 'media' );
 
	$version_identifier = WPSC_VERSION . "." . WPSC_MINOR_VERSION;
	wp_enqueue_script( 'livequery',                      WPSC_URL . '/wpsc-admin/js/jquery.livequery.js',             array( 'jquery' ), '1.0.3' );
	wp_enqueue_script( 'wp-e-commerce-admin-parameters', $siteurl . '/wp-admin/admin.php?wpsc_admin_dynamic_js=true', false,             $version_identifier );
	wp_enqueue_script( 'wp-e-commerce-admin',            WPSC_URL . '/wpsc-admin/js/admin.js',                        array( 'jquery', 'jquery-ui-core', 'jquery-ui-sortable' ), $version_identifier, false );
	wp_enqueue_script( 'wp-e-commerce-legacy-ajax',      WPSC_URL . '/wpsc-admin/js/ajax.js',                         false,             $version_identifier ); // needs removing
	wp_enqueue_script( 'wp-e-commerce-variations',       WPSC_URL . '/wpsc-admin/js/variations.js',                   array( 'jquery' ), $version_identifier );
 
	wp_enqueue_style( 'wp-e-commerce-admin', WPSC_URL . '/wpsc-admin/css/admin.css', false, $version_identifier, 'all' );
	wp_enqueue_style( 'wp-e-commerce-admin-dynamic', $siteurl . "/wp-admin/admin.php?wpsc_admin_dynamic_css=true", false, $version_identifier, 'all' );
 
	// Prototype breaks dragging and dropping, I need it gone
	wp_deregister_script( 'prototype' );
 
	// remove the old javascript and CSS, we want it no more, it smells bad
	remove_action( 'admin_head', 'wpsc_admin_css' );
 
	// Localize scripts
	wp_localize_script( 'wp-e-commerce-admin', 'wpsc_adminL10n', array(
			'unsaved_changes_detected' => __( 'Unsaved changes have been detected. Click OK to lose these changes and continue.', 'wpsc' ),
			'dragndrop_set' => ( get_option( 'wpsc_sort_by' ) == 'dragndrop' ? 'true' : 'false' ),
			'l10n_print_after' => 'try{convertEntities(wpsc_adminL10n);}catch(e){};'
		) );
}
.....
add_action( 'admin_head', 'wpsc_admin_include_css_and_js' );
timing: 0.052s

The above shown function will be executed if WordPress is about to display an administration page. Therefor WordPress calls the hook admin_head (beside others) and forces so the execution of the above shown function. Inside this function you will find the following part (can also be found inside a second function) that more precisely illustrates the problem:

PHP
1
2

// Prototype breaks dragging and dropping, I need it gone
wp_deregister_script( 'prototype' );
timing: 0.033s

Ahh, it is ok to remove for all administration pages the ability to utilize the prototype.js library, because somebody is not able to write code coping with the compatibility mode of protoype and jQuery ?
I would understand the fact, that a plugin author may protect it’s own adminstration pages against unwanted script code. But WP e-Commerce doesn’t care about if the page being rendered is it’s own one or one of an other plugin. I consider this as attack against all other plugins which are based on the prototype.js library!

known victim: “Codestyling Localization”

My Plugin is based on utilization of prototype.js library code and ensures, that this library will only be loaded, if one of my plugin admin pages are about to be rendered. But because WP e-Commerce has removed the ability to enqueue the library, my plugin doesn’t work any longer even if it’s correctly requesting the script library!
In my opinion this is not a accidentally break, it is an intentionally break of other plugins. I know a lot plugins loading additional code accidentally in backend pages and this I would name accidentally. But this removement is an intentionally break which harzards the consequences of malfunction at other plugins or themes!

Conclusion and Reaction

I have to circumvent this issue somehow. Currently I see only 2 ways to ensure my plugins functionality:

  1. I brutally load prototype.js at my own admin pages again.
  2. I present a fat, red warning message a my plugin pages if e-Commerce is active.

The last one is the worst one, because on the one hand side the user knows, where the issue comes from. But it doesn’t give the functionally of my plugin back to the user. So i only can go the first way and can only ensure a proper working plugin doing so (and only at my own plugin pages!).

I will also send a detailed explanation to the Authors of WP e-Commerce by mail. But independend from this I had to express it here loadly because this kind of rambo programming contradicts other authors good work. If this remains untold, it will never change.

Categories
English, WordPress (US)
Comments rss
Comments rss

« IDN Sites, WordPress Admin and JSON problems Scripting Guard - a WordPress Plugin protects itself »

10 responses    Leave a comment

Christopher Ross

Christopher Ross

10.06.2011 | 13:50

Thanks for pointing this out for me, it’s yet another item to add to a very long list of bug checking on a WordPress blog.

What surprises me is how well structured the WordPress theme reviews are compared to what gets accepted to the WP plugins directory. It’s my understanding that the team for themes is massive vs. a small team (or single person) for the plugin repository but I can tell you from experience working closely with the WP review process that something like this would have been flagged before being released as a theme.

reply »

Clifton Griffin

Clifton Griffin

10.06.2011 | 14:01

You only have to do one project with WP-ecommerce to vow never to use it gain.

It’s awful software. I’ve had pretty good luck with Shopp recently. Imperfect as the rest but the devs seem to at least have a plan with a structure.

reply »

Sarah Gooding

Sarah Gooding

11.06.2011 | 00:57

You should check into MarketPress: http://wpmu.org/marketpress-plugin-gets-a-huge-update-including-a-wp-e-commerce-product-importer/

It functions much more smoothly and it also has an importer for people previously using WPEC. You can move all your products over in one click. You can download it for free in the WP plugins repo: http://wordpress.org/extend/plugins/wordpress-ecommerce/ Also compatible with multisite networks and BuddyPress

reply »

Dan Milward

Dan Milward

11.06.2011 | 01:12

Thanks for bringing that to our attention, you are right, and we’ll fix that asap. Ill link to the changesets in Trac as soon as we have it patched for you.

Our motives were definitely not to break other people’s plugins but to fix something in our own Plugin. We have a massive community of Plugin developers that make their living selling WP e-Commerce add-on Plugins. The last thing we want to do is make it hard for people.

Best
Dan

reply »

toClanWars

toClanWars

26.06.2011 | 04:24

I don’t believe too much in those kind words, Dan.

It seems to me that “Codestyling Localization” guy didn’t bring first your attention on this.

As is read in that link it seems that there are vested interests around your commercial plugins for not removing that piece of code.

I bought yesterday your “Gold Cart Plugin” and I’ve spent one day of work trying to guess what piece of code broke completely down my WP Admin zone functionality.

As I thought your plugin was a bullet proof one, I firstly aimed on the Theme and on other Plugins.

I finished up in this page to find out the truth: You are culprit of an absolutly Rambo way of programming (as very well said by the owner of this web).

The sad thing is that there isn’t a word about this in your own Support Forums.

I cross my fingers for not finding more incompatibilities now on.

reply »

David

David

15.06.2011 | 05:27

We’ll be watching you Dan.

reply »

cj

cj

17.06.2011 | 07:00

I guess it was nice for Dan to come and do damage control, but I am a brand new WP e-commerce purchaser, and since activating it, many of my other plugins do NOT work at all. I am not a programmer and I don’t understand much of what has been written here, but I DO sell music online and wp e-commerce seems to be in the process of making my job VERY VERY hard. I am not happy right now. Nothing works right and I have no other options at the moment, even though I already spent the money. This sucks. Thanks a lot for nothing.

Sarah, what a great recommendation. I wish I had known about it before I bought this stupid plugin…

reply »

Raz

Raz

20.06.2011 | 07:17

Hi CJ. I use the WP e-Commerce Plugin on a number of my client sites and I have not had any issues with it - I am not a developer either. I use the MP3 player and the digital downloader - I just installed them like any other WordPress Plugin. If you need a hand you can email me on razrgeezer at gmail dot com. I am happy to help people setup their WordPress sites - especially when it is to do with music (my little side passion) as I know it can be hard sometimes.

Here is a site I found that uses the WP e-Commerce Plugin to sell music online. I use this link when I am recommending the Plugin to my customers in the music industry: http://tommyandthefallenhorses.com/?page_id=188

I would NOT recommend using MarketPress. See what Donnacha, one of the lead WordPress developers, has to say about WPMU: http://wpcandy.com/reports/joost-de-valk-accuses-wpmu-dev-of-copyright-infringement.

Dan if you are reading this, do you have any update for us regarding this issue?

reply »

Gary Cao

Gary Cao

07.07.2011 | 15:00

Hi guys,

I’m one of the lead developers of WP e-Commerce.

I admit that the code shouldn’t have handled compatibility that way. It was a hack. However we couldn’t remove it in our latest 3.8.5, because we need to test thoroughly to make sure removing it doesn’t break something else. If there’s indeed still some compatibility issue, we need to fix the root of the problem and test the solution.

We will include this fix in our upcoming 3.8.6 release, which probably will be ready next week.

Thanks again for bringing this into our attention, although I personally think it would have been nicer if you had sent us an email and let us have a chance to fix it first.

Gary.

reply »

hoffcamp

hoffcamp

08.08.2011 | 03:18

I made a plugin here, WP e-Commerce compatibility, that does only one thing: re-register the prototype script library.

Hopefully the WP e-Commerce people will address this in the near future.

reply »