admin管理员组文章数量:1023815
I want to embed WordPress default gallery in comments which has embed code like this:
[gallery link="file" columns="2" size="medium" ids="1,2"]
To do so, I added this code which enables shortcodes in the comments:
add_filter( 'comment_text', 'do_shortcode' )
But someone suggested that is not a secure way to do so. Hence, how should I enable shortcodes in comments the right way or for now I can manage with only gallery shortcode too if there is a way to do that?
I want to embed WordPress default gallery in comments which has embed code like this:
[gallery link="file" columns="2" size="medium" ids="1,2"]
To do so, I added this code which enables shortcodes in the comments:
add_filter( 'comment_text', 'do_shortcode' )
But someone suggested that is not a secure way to do so. Hence, how should I enable shortcodes in comments the right way or for now I can manage with only gallery shortcode too if there is a way to do that?
Share Improve this question edited Apr 16, 2019 at 9:24 cjbj 15k16 gold badges42 silver badges89 bronze badges asked Apr 16, 2019 at 8:25 luckyankitluckyankit 31 bronze badge1 Answer
Reset to default 0Indeed, if you allow all kinds of shortcodes to be used in comments, you do not know what effects you get. It might even become a security issue if you have powerful shortcodes installed (perhaps even without knowing it, as a feature you do not use). So, the trick is to selectively allow certain shortcodes. First, let's add a filter to get_comment_text (other than comment_text this will also affect your comments feed).
add_filter ('get_comment_text','wpse334485_filter_shortcodes',10,3);
Now we must make sure that this filter will apply only the gallery filter. That is, we need to strip all shortcodes from the comment except the gallery shortcode. Here we go:
function wpse334485_filter_shortcodes ($comment_text, $comment, $args) {
$comment_text = strip_shortcodes ($comment_text);
return do_shortcode ($comment_text);
}
The above code will strip all shortcodes, so it's not complete. Luckily the strip_shortcodes function has a filter which allows you to influence which tags are removed. Here it is:
add_filter ('strip_shortcodes_tagnames','wpse334485_allow_gallery_shortcode',10,2);
function wpse334485_allow_gallery_shortcode ($tags_to_remove, $comment_text) {
return array ('[gallery]');
}
Note that I didn't test this code, so some debugging may be necessary.
I want to embed WordPress default gallery in comments which has embed code like this:
[gallery link="file" columns="2" size="medium" ids="1,2"]
To do so, I added this code which enables shortcodes in the comments:
add_filter( 'comment_text', 'do_shortcode' )
But someone suggested that is not a secure way to do so. Hence, how should I enable shortcodes in comments the right way or for now I can manage with only gallery shortcode too if there is a way to do that?
I want to embed WordPress default gallery in comments which has embed code like this:
[gallery link="file" columns="2" size="medium" ids="1,2"]
To do so, I added this code which enables shortcodes in the comments:
add_filter( 'comment_text', 'do_shortcode' )
But someone suggested that is not a secure way to do so. Hence, how should I enable shortcodes in comments the right way or for now I can manage with only gallery shortcode too if there is a way to do that?
Share Improve this question edited Apr 16, 2019 at 9:24 cjbj 15k16 gold badges42 silver badges89 bronze badges asked Apr 16, 2019 at 8:25 luckyankitluckyankit 31 bronze badge1 Answer
Reset to default 0Indeed, if you allow all kinds of shortcodes to be used in comments, you do not know what effects you get. It might even become a security issue if you have powerful shortcodes installed (perhaps even without knowing it, as a feature you do not use). So, the trick is to selectively allow certain shortcodes. First, let's add a filter to get_comment_text (other than comment_text this will also affect your comments feed).
add_filter ('get_comment_text','wpse334485_filter_shortcodes',10,3);
Now we must make sure that this filter will apply only the gallery filter. That is, we need to strip all shortcodes from the comment except the gallery shortcode. Here we go:
function wpse334485_filter_shortcodes ($comment_text, $comment, $args) {
$comment_text = strip_shortcodes ($comment_text);
return do_shortcode ($comment_text);
}
The above code will strip all shortcodes, so it's not complete. Luckily the strip_shortcodes function has a filter which allows you to influence which tags are removed. Here it is:
add_filter ('strip_shortcodes_tagnames','wpse334485_allow_gallery_shortcode',10,2);
function wpse334485_allow_gallery_shortcode ($tags_to_remove, $comment_text) {
return array ('[gallery]');
}
Note that I didn't test this code, so some debugging may be necessary.
本文标签: shortcodeHow to Enable embedding Wordpress default gallery in comments
版权声明:本文标题:shortcode - How to Enable embedding Wordpress default gallery in comments? 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745584407a2157500.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论