This plugin adds creates a whitelist of shortcode tags that can be applied to comments, bbPress and BuddyPress.
This plugin is designed to safely allow bbcode shortcodes and other
safe shortcodes to be embedded in bbpress topics and replies and also
blog comments. You don’t wan’t users entering shortcodes such as
[bbp-login] in the middle of their reply.
It doesn’t actually implement the shortcodes though,
for that you need a separate plugin. I recommend my own bbPress2
BBCode plugin, as this is fully whitelist aware, in that it also
parses the contents of the shortcodes, so [b][bbp-login][/b] also
gets parsed for safety. Something that doesn’t happen with non
whitelist aware shortcode plugins.
bbpress-shortcode-whitelist
folder and its contents to the /wp-content/plugins/
directoryIn admin settings. In addition to supported plugins, verified plugins
and any self-declared plugins, you can also enable a custom list of
shortcodes you want your forum users to be able to use.
If your shortcodes contain no calls to do_shortcode($content), then they
are probably already safe as far as I’m aware. If they do contain calls
to do_shortcode($content), then you can make them safe by creating a
function or class method in your plugin similar to:
function yourplugin_do_shortcode($content) { if(function_exists('bbp_whitelist_do_shortcode')) { return bbp_whitelist_do_shortcode($content); } else { return do_shortcode($content); } }
And then replace calls to do_shortcode($content) inside your shortcode
handlers with calls to this new function. What this means is that if
the whitelist plugin is not active, your plugin will still work, but
if it is active, it will parse the contents of your shortcodes to make
sure they are also safe.
To self-declare your plugin to the shortcode whitelist
plugin, include the following code somewhere in your plugin, changing
the names, unique identifier and the array of safe to use in the forums
shortcodes that your plugin provides:
function yourplugin_get_shortcode_whitelist() { $plugin_name = 'Your Plugin Name'; $plugin_author = 'Plugin Author Name'; $shortcodes = array('test','test2'); //array of safe shortcodes the plugin provides. return array('name'=>$plugin_name,'tag'=>'your-plugin-unique-identifier','author'=>$plugin_author,'shortcodes'=>$shortcodes); } if(!isset($bbpscwl_selfdeclared_plugins)) $bbpscwl_selfdeclared_plugins = array(); $bbpscwl_selfdeclared_plugins[] = yourplugin_get_shortcode_whitelist();
Ask me to verify it. I’ll take a look at the code when I get a chance,
will make sure it works and let you know if I find anything that needs
fixing or if I can add it to the verified plugins list.
No, but any one can suggest plugins that have safe
shortcodes that I should auto-detect and verify, I’ll take a look when
I get a chance. Also, I’ll fix any bugs anyone finds. I may make the
admin screen a bit more user friendly when I get a chance.