Tag Archives: shortcodes

Andrew Ozz 8:30 pm on August 30, 2015
Tags: , shortcodes   

Shortcodes roadmap

The ShortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. is well loved by developers. Thousands of plugins use it for many cool features.

Unfortunately it wasn’t documented well when it was added. Even now the documentation is somewhat incomplete. The API was also very permissive, allowing many unintended user cases.

The result of these early mistakes is that there are plugins which use shortcodes in very unintended ways: mixed with HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers. tags, nested several levels deep, with huge attributes, etc.

What are shortcodes:

  • With one word: placeholders.
  • Convenient way to add dynamic content inside post_content at run time.

What shortcodes are not:

  • A way to conceal user input in post_content.
  • A way to store any type of data in post_content. There are better places and methods for that, like post metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress..

Shortcodes “live” in the same context as HTML tags. They should obey the same rules. Also — no interlinking between HTML tags and shortcodes. Think of the [ and ] being equal to < and >.

Both <p title="<b>my title</b>"> and [paragraph title="<b>my title</b>"] should be illegal for the same reasons. Also <p title="[my-span]">. I know the current shortcodes parser mostly supports these, and some plugins use them, but that will probably need to change “for the greater good”.

There is simply no good reason for trying to support mixing of shortcodes and tags with the current parser. These cases take longer time and more resources on every front-end page load. They require much more complex code to sanitize and ensure they are safe to run. If plugins cannot operate without mixing shortcodes and HTML tags, they will eventually have to implement their own placeholders and parsers, and ensure all data is sanitized properly. This will require a lot less time, effort and processing as the plugins would know what to expect.

We’ve been talking about this with @miqrogroove for a while now. There are several very interesting suggestions in his post on the subject: http://www.miqrogroove.com/blog/2015/shortcode-v44/.

We both agree that we need to create shortcodes roadmap, similar to the taxonomyTaxonomy A taxonomy is a way to group things together. In WordPress, some common taxonomies are category, link, tag, or post format. https://codex.wordpress.org/Taxonomies#Default_Taxonomies. roadmap. This will allow us to fix the shortcomings in the Shortcode API and clear the path for future improvements.

#roadmaps, #shortcodes

Daniel Bachhuber 8:11 pm on August 24, 2015
Tags: , , , shortcodes,   

Shortcake (Shortcode UI) chat summary – August 24th, 2015

Present: @danielbachhuber, @goldenapples, @miqrogroove, @azaozz

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1440442841000013

  • We triaged the remaining issues for v0.5.0. Daniel will be picking them up over the next day.
  • A big project for v0.6.0 will be to go through coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.’s feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. guidelines and identify what we need to change to be valid.
  • Spent time discussing @miqrogroove summary of shortcode problems, and proposed solutions

Next chat: same time and place

Next release: v0.5.0 – this week (a bit overdue)

#feature-plugins, #meeting-notes, #shortcode-ui, #shortcodes, #updates

Robert Chapin 8:05 pm on July 23, 2015
Tags: , 4.2.3, , , shortcodes   

Changes to the Shortcode API

Earlier today, we released WordPress 4.2.3, which includes a relatively large security fix that affects the ShortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.. Due to the nature of the fix – as is often the case with security fixes – we were unable to alert pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors ahead of time, however we did make efforts to scan the plugin directory for plugins that may have been affected.

With this change, every effort has been made to preserve all of the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. features of the Shortcode API. That said, there are some new limitations that affect some rare uses of shortcodes.

Reminder: Never, under any circumstances, should you hack core files. This includes downgrading specific files. Doing so could have unintended consequences on your WordPress installation, including major security implications.

Basic Shortcode Usage

A brief explanation on the original purpose of shortcodes will help to explain the change. In a basic post, like this example, shortcodes are used to insert dynamic code:

Here are my images. [gallery]

Here you can see that the shortcode stands on its own as a dynamic element within the blogblog (versus network, site) post content. This is the central premise of the Shortcode API: make it easy to insert blocks of dynamic code.

Shortcodes with Filtered Styles

In today’s release of WordPress 4.2.3, however, we’ve added some new limitations that affect some existing plugins. Take, for example, the following shortcode, which is no longer recognized:

<div style="background-image: url('[shortcode]');">

The shortcode in the example above appears in a context that is no longer supported. Further, this use of a shortcode stretches the imagination for how the Shortcode API was intended to be used. Fortunately, there are some workarounds still available, so that site administrators are not overly restricted in their use of HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers..

Workaround

The following example still functions as expected and is considered more acceptable:

<div [shortcode]>

Going forward, plugins implementing shortcodes for inline styles should output the entire style attribute rather than a bare value. Keep in mind that this workaround – just as the original example above – is only available to administrators and editors (i.e. only roles with unfiltered_html). Less-privileged users are still prevented from using shortcodes to output whole attributes in this manner. If a plugin is intended to work with author and contributor roles, we recommend that the plugin output an entire <div>.

Shortcodes with Bad Quotes

The following example is also no longer allowed:

<a href="/[shortcode query="?ref="]">

In the above situation, the shortcode is now properly recognized as HTML and it is rejected by the API. Apart from the example being confusing, WordPress cannot parse that shortcode.

Workaround

Instead, either of the following examples would be appropriate:

Example 1: <a href="/[shortcode query='?ref=']">
Example 2: <a href='/[shortcode query="?ref="]'>

Administrators as well as lesser-privileged authors can continue to use shortcodes in this way, as long is it conforms to the usual HTML filtering rules. However, as explained in the first example, administrators are now somewhat limited in this situation in one case: if the content in this href attribute is generated by a shortcode that does not conform to the HTML filters, then the shortcode is rejected for all users.

We do not make this change lightly and understand that it may affect some usecases. The above examples and explanations should help plugin authors make the modifications needed to support the Shortcode API.

#4-2, #4-2-3, #dev-notes, #plugins, #shortcodes

Daniel Bachhuber 8:01 pm on July 20, 2015
Tags: , , , shortcodes,   

Shortcake (Shortcode UI) chat summary – July 20th, 2015

Present: @danielbachhuber, @matth_eu

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1437419017000004

Next chat: same time and place

Next release: v0.5.0 – Tuesday, August 4th

#feature-plugins, #meeting-notes, #shortcode-ui, #shortcodes, #updates

Daniel Bachhuber 7:46 pm on June 29, 2015
Tags: , , shortcodes   

Shortcake (Shortcode UI) chat summary – June 29th, 2015

Present: @danielbachhuber, @samuelsidler, @matth_eu

  • Sam shared with us the possibility of getting Shortcake committed to WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. While he can’t make any guarantees, this is the direction he suggested:
    • Better first-run experience with the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party so people can evaluate it better. He recommends adding a few “example” shortcodes, and mention that they’re examples / not to be included in core. Pull quote and PDF could be a good start.
    • Decide on the appropriate UXUX User experience for inserting new shortcodes. The experience is currently tucked away under “Add Media”. We’ve been exploring a “Add Post Element” button alongside “Add Media”, or dedicated buttons in the editor for some post elements.
    • Inline editing would be really nice. We should see if we can make it the default experience for most shortcodes, and all existing core shortcodes. We should also experiment with content blocks, and see what other editors are doing.
  • Matt lost his internet, so we didn’t talk about any code things.

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1435604506000006

Next chat: same time and place

Next release: v0.5.0 – Tuesday, August 4th

#meeting-notes, #shortcode-ui, #shortcodes

Daniel Bachhuber 8:27 pm on June 22, 2015
Tags: , , shortcodes   

Shortcake (Shortcode UI) chat summary – June 22nd, 2015

Present: @danielbachhuber, @goldenapples, @davisshaver

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1434999676000006

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Daniel Bachhuber 7:57 pm on June 8, 2015
Tags: , , shortcodes   

Shortcake (Shortcode UI) chat summary – June 8th, 2015

Present: @danielbachhuber, @matth_eu, @goldenapples

  • ShortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. UIUI User interface v0.4.0 will be shipping tomorrow (June 9th) or Wednesday (June 10th). Here are all of the issues.
  • We spent some time discussing the bugs in the backlog.

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Daniel Bachhuber 11:35 pm on June 1, 2015
Tags: , , shortcodes   

Shortcake (Shortcode UI) chat summary – June 1st, 2015

Present: @danielbachhuber, @matth_eu

If you’d like to get involved, our documentation could really use some editing / additions. Feel free to open a GH issue with suggestions, or stop by #feature-shortcode in SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1433185206000006

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Daniel Bachhuber 11:41 pm on May 11, 2015
Tags: , , shortcodes   

Shortcake (Shortcode UI) chat summary – May 11th, 2015

Present: @danielbachhuber, @matth_eu, @goldenapples

  • Fusion pushed Image Shortcake to production today. It’s a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party that uses Shortcake to replace with [img]. The biggest outstanding implementation issue is aligning an image left or write with text wrap. @goldenapples will continue to explore in Shortcake.
  • We’d like users to be able to edit shortcodeShortcode A shortcode is a placeholder used within a WordPress post, page, or widget to insert a form or function generated by a plugin in a specific location on your site. attributes with a rich-text editor. However, coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. doesn’t easily support this use-case. For now, it looks like we’ll transparently encode and decode attributes with HTMLHTML HyperText Markup Language. The semantic scripting language primarily used for outputting content in web browsers. values. @matth_eu will create a core ticketticket Created for both bug reports and feature development on the bug tracker. see how we can make this less of a hack.
  • We’re still looking to ship v0.4.0 on or around June 9th. Enhancements will be landing in the next couple of weeks so we can have a week or two of soaking before publishing to WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/.

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1431371317000011

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Daniel Bachhuber 8:15 pm on April 27, 2015
Tags: , , shortcodes   

Shortcake (Shortcode UI) chat summary – April 27th, 2015

Present: @danielbachhuber, @matth_eu

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1430161317000487

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes