[wp-hackers] is there a way to make sure that a shortcode can be used only by certain userroles?

Haluk Karamete halukkaramete at gmail.com
Wed Nov 13 14:53:06 UTC 2013


Thank you all. It looks like for 3.6 and up, my arsenal would be

content_save_pre<http://codex.wordpress.org/Plugin_API/Filter_Reference/content_save_pre>
&
 has_shortcode.

Just to make sure... would the above 2 cover all the basis?

What I care the most is the
content_save_pre<http://codex.wordpress.org/Plugin_API/Filter_Reference/content_save_pre>
section.
The key question is;

Are all POSTS & PAGES & CPTS go thru
content_save_pre<http://codex.wordpress.org/Plugin_API/Filter_Reference/content_save_pre>?
Or
better put;

Is there a  way to save a post or page without going thru the
content_save_pre<http://codex.wordpress.org/Plugin_API/Filter_Reference/content_save_pre>
?


On Wed, Nov 13, 2013 at 6:46 AM, John <dailyrants at gmail.com> wrote:

> has_shortcode was introduced in 3.6.0. You might find that useful here.
>
>
> On Tue, Nov 12, 2013 at 4:42 PM, Nikola Nikolov <nikolov.tmw at gmail.com
> >wrote:
>
> > Since the regex that matches shortcodes is quite complex, I can suggest
> to
> > you the following VERY ugly hack :)
> >
> > function filter_out_protected_shortcode( $content ) {
> > // Check to see if the current user can or can't do a specific task
> > // it would probably be different in your case
> > if ( ! current_user_can( 'edit_others_posts' ) ) {
> > global $shortcode_tags;
> > // Back-up the currently registered shortcodes
> > $_sc_tags = $shortcode_tags;
> >
> > // Change the shortcode's handler to return an empty string instead of
> the
> > actual content
> > $shortcode_tags = array( 'xyx' => '__return_empty_string' );
> >
> > // Now, since we overrided the $shortcode_tags variable
> > // Only the [xyx] shortcode will be parsed - and it will be replaced
> > // with an empty string :)
> > $content = do_shortcode( $content );
> >
> > // Restore the original shortcode handlers
> > $shortcode_tags = $_sc_tags;
> > }
> >
> > return $content;
> > }
> > add_filter( 'content_save_pre', 'filter_out_protected_shortcode', 10 );
> >
> > So what happens here is that we hook to the "content_save_pre" filter as
> > Jesse suggested.
> > We then check if the user can use that shortcode. If they can't, we
> > override the global $shortcode_tags variable to only contain our
> shortcode
> > with a callback "__return_empty_string" - which as the name suggests
> > returns an empty string.
> > After that, we parse the content and if the shortcode was found there -
> it
> > will be replaced with an empty string.
> >
> > This is not a perfect solution, since if the shortcode was surrounded by
> > two empty lines(one before and one after), you would get three empty
> lines.
> >
> > I haven't tested that code, but it should in theory work.
> >
> > Also - the chances are that no shortcodes would be parsed for that
> > request(since that's a request for updating/saving a post) and you can
> skip
> > the copying/restoring of the $shortcode_tags variable, but I always
> prefer
> > to put things back together the way I found them, than to leave them
> > messy(debugging something like that is a pain).
> >
> > Well, that's about it - it's an UGLY hack, but I believe that the core
> > handling of the shortcodes is better than anything that I would come-up
> > regex-wise(and I'm generally somewhat decent in writing those).
> >
> >
> > On Tue, Nov 12, 2013 at 10:08 PM, Jesse Friedman <
> > highfive at jesserfriedman.com> wrote:
> >
> > > You could filter the content when the post is saved and if the user
> > doesn't
> > > have the right permissions, then I strip the shortcode or present a
> > > warning.
> > >
> > > you could try using
> > >
> http://codex.wordpress.org/Plugin_API/Filter_Reference/content_save_pre,
> > > then maybe some regex to find the shortcode and strip it out
> > >
> > >
> > > On Tue, Nov 12, 2013 at 2:57 PM, Haluk Karamete <
> halukkaramete at gmail.com
> > > >wrote:
> > >
> > > > What I mean by that is that is this...
> > > >
> > > > let's say there is an admin-editors-only shortcode. let's call it
> "xyx"
> > > > shortcode for the sake of an example.
> > > >
> > > > is it possible to have a contributor or author to not to be able to
> use
> > > > that shortcode? they all get stopped with a warning that the post
> > cannot
> > > be
> > > > saved (or created)  because it contains the "xyx" shortcode!
> > > >
> > > > to cover all the possibilities (such as posting thru email, or thru
> > some
> > > > other esoteric ways) , what is the best hook(s) that I need to watch
> > out
> > > so
> > > > that there are no loop holes left...
> > > >
> > > > I hope it was clear and did not confuse you...
> > > > thank you
> > > > _______________________________________________
> > > > wp-hackers mailing list
> > > > wp-hackers at lists.automattic.com
> > > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > > >
> > >
> > >
> > >
> > > --
> > > thanks
> > >
> > > *jesse friedman*
> > > jes.se.com
> > > Book: Web Designers Guide to WordPress -
> > > http://wdgwp.com/onamazon<http://wdgwp.com/onamazon>
> > > Twitter: @professor <http://twitter.com/professor>
> > > Facebook: Like<
> > > https://www.facebook.com/pages/Jesse-Friedman/204793299545174>
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list