sevenspark

Hi @girdy74 !

The plugin is still maintained ?? I’d estimate the next update will be out in the next few weeks.

Thanks!

You’re welcome! Yes, if you run the Form Scanner it should auto-find that field and allow you to just select it and add it to the Allow List. Or of course you can add it to the Allow List directly ??

Well, I wrote out a detailed reply, which was then auto-held for moderation by the WP forum system. Not sure when it’ll be reviewed/approved, so in the meantime I’d recommend reading through the guide we’ve linked to in the changelog and admin panel (post-update).

Hopefully this one doesn’t get held up as well.

Hi @daymobrew,

Please see the doc linked in the changelog and admin panel for full details: https://sevenspark.com/docs/contact-form-7-dynamic-text-extension/allow-data-access

The Background & Security Considerations section covers this, but in short, the CF7_get_custom_field shortcode allows access to any metadata for any post on the site. That could include sensitive data that not all users should have access to, and shouldn’t be displayed publicly. Potentially, a user with Contributor+ credentials could maliciously or unintentionally reveal that data as anyone with edit capabilities can add the shortcode post content as well as contact forms.

In order to prevent this potential security vulnerability, metadata access is now disallowed by default, but access can be configured in the settings by the admin.

For sites where some users with edit capabilities may be untrusted, the admin would need to allow-list just the keys that are safe for any user to access.

For sites where all users with edit capabilities are trusted, the admin can open up full access if they prefer.

You won’t need to edit your forms, unless you’re currently exposing sensitive data that needs to be removed. You’ll only need to use the allow list if you are using one of the shortcodes in question.

Again please see the link above for complete details on the potential vulnerability, how the plugin has changed, and how to test for and resolve any issues after updating using the new tools provided. (It should be very quick and easy using the form scanner).

Hope that helps!

Chris

There was a security vulnerability (which required an authorized user with Contributor+ credentials to exploit) that exposed a potential XSS attack. A fix was implemented as soon as it was reported and the WP Plugin Team reinstated it on the 3rd just a few hours after you opened this actually ??

Thanks!

There’s an option to make the entire item a toggle in the Pro version – please see Disable Link / Full Item Toggle

Hi Rolf,

Is “UACF7_POSTINFO” a custom shortcode that you’ve written? If so, what is your code? Are you sure you’re returning the proper value? (Shortcodes must return, not print/echo, their value).

Without knowing any more, my best guess given what you’ve described is that you have a custom shortcode that is mistakenly echoing rather than returning its value.

Hi Derat,

There isn’t a setting for this, but if you want you could override it with your own CSS:

@media screen and (min-width: 920px){
  .bellows-menu-toggle {
    display: none;
  }
  .bellows.bellows-mobile-collapse {
    display: block;
  }
}

Make sure to add it in your Bellows CSS Tweaks setting.

Hope that helps! ??

Hi @guglielmirent ,

The plugin only works with text fields, so it won’t be relevant for a selectbox

Presumably the order number is a variable available during your page generation process. If you can grab that order number via a shortcode (either with an existing on in your setup, or by writing a Custom Shortcode), then you can add it into the form via the DTX. You could potentially write some code to try to parse it out of the URL, but it’d likely be more robust to pull that value from the actual source than from the URL.

Hope that helps!

Hi @germanero,

I don’t think using the DTX will be the proper approach here. (To be clear, the plugin only pulls values that can be determined via shortcode – that is, server side. The CF7_GET shortcode you’re using pulls the values from the query string in the URL. If you’re trying to grab a client side value, you’d need Javascript, which is outside the scope of this plugin)

But if you have two CF7 separate forms, then you can just add a static value in each of them to differentiate between the two.

And you likely don’t need a special input at all, you can just add some sort of differentiator in the email message body that gets sent to you via the Mail tab in the CF7 plugin.

Hope that makes sense ??

Great to hear that, Rick, glad you’re enjoying it!

@finanzbeben great, glad to hear that! ??

@mafox2 You should always stay up to date with the latest version as a first step – the string may not have been translatable in that old version, I’m not sure off the top of my head.

Once you are up to date, the ShiftNav settings are in Appearance > ShiftNav, and the “Back Button Text” setting can be found under the “General” tab. You’ll want to make sure it is blank if you want to be able to translate it via a translation plugin.

Hope that helps!

Hi there,

For both the search placeholder and the back button text, the default text is localized (translatable), but the value is also configurable.

That means, you can set the value to whatever you want in the settings (the Control Panel setting for the back button, the placeholder shortcode attribute for the search placeholder text), but if you do set a value there, it’ll override the translatable value.

So, if you have a single-language site and want to change the value, you can use the setting/shortcode attribute to do so.

If you have a multilingual site, then make sure not to set a value so that the default translatable strings are used, which can then be translated through your translation software of choice.

Hope that helps! ??

Hi Biggi,

Looking at the Network panel on your site, you have a CORS issue which is preventing the icon font files from loading on your site.

Note that this is blocking both your theme’s Font Awesome and Bellows (there’s nothing Bellows-specific going on here).

I believe this is occurring because you have the the site served from he www subdomain, but your assets are all loaded from the non-www domain

You need to either serve everything from a consistent origin, or update your CORS on your server to allow serving cross origin requests.

Hope that helps!

Chris

@tessawatkinsllc yup that’s worth pointing out ??

The GUID shortcode will create a value like this:

730E00A3-3490-4D26-BB26-8BE6431D94F5

So neither 6 digits nor numeric; but if the requirement is just for a globally unique string, then it’s a great option ??