Shortcodes in comment fields

  • Resolved son goku

    (@son-goku-1)


    6 years, 6 months ago

    Hello,

    I am wondering how can I add a country shortcode into comment field.

    [geoip_detect2 property="country"]

    From what I noticed comment field has to be a wysiwyg field (not text as it is by default). Is there any other way to do this? By custom php function or so?

    Regards,
    Michal

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author Benjamin Pick

    (@benjamin4)

    Yes, there is – simply add do_shortcode as a filter. (This is what I do for widgets)
    However, why would you allow your users to use shortcodes? Maybe it makes more sense to add it to your theme’s template?

    Thread Starter son goku

    (@son-goku-1)

    something like that?

    add_filter( 'comment_text', 'do_shortcode' );

    • This reply was modified 6 years, 6 months ago by son goku.
    Plugin Author Benjamin Pick

    (@benjamin4)

    Depends if you want to get the country of the poster or of the viewer? See https://core.trac.www.ads-software.com/ticket/24913

    But check if the shortcodes that are available on your side are XSS-safe, i.e. that you cannot circumvent the HTML and JS sanitation or shortcodes that may disclose private information/links – shortcodes are not meant to be used by any website users, normally only editors can use them.

    Thread Starter son goku

    (@son-goku-1)

    Displayed city / country should be different for each viewer.

    Don’t worry. I am the only person who will paste shortcodes. I will edit one comment from many on a single page and add country / city name.

    I’m just trying to mage geoip work with comment field – that’s all.

    So is my shortcode proper and safe?

    Thread Starter son goku

    (@son-goku-1)

    any reply on that?

    Plugin Author Benjamin Pick

    (@benjamin4)

    Don’t worry. I am the only person who will paste shortcodes.

    Because 1) others can’t post comments or because they 2) don’t know they can post shortcodes? If 2, this is called “security by obscurity” and well, it’s not really security because a bot can crawl the internet and try out everything.

    For my shortcode: I have fiddled around a bit and couldn’t “hack” it, but I can’t guarantee it either.

    And then, which shortcodes are possible on your sites mainly depend on the plugins you are using … in the worst case it can not only add HTML or JS to your site, but even execute code on your server.

    So anyway, this is how you could do it but it would be more secure to add the shortcode to your template code or so: echo do_shortcode('[geoip_detect2 property="country"]');

    Thread Starter son goku

    (@son-goku-1)

    I have 2 spam/security plugins which does not allow 100% of bots to write comments so that’s not the case

    so what will your shortcode do if I paste it in my child theme’s function’s php file?

    echo do_shortcode('[geoip_detect2 property="country"]');

    will it allow to add [geoip_detect2 property=”country”] in comment field or what? Could you be more specific?

    Plugin Author Benjamin Pick

    (@benjamin4)

    My plugin is mainly aimed at plugin and theme developers, I cannot give free support for all sites.

    This code should not go in the functions.php but in comment-single.php or so (depending on your theme) at the place where the shortcode’s result should be shown. It will execute the shortcode and place the text at this exact location. This was just an idea on how to avoid enabling this for comments so that you can decrease the risks. I can only inform about the risks …

    Thread Starter son goku

    (@son-goku-1)

    https://www.ads-software.com/support/topic/shortcodes-in-comment-fields/ addon helped

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Shortcodes in comment fields’ is closed to new replies.