Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter tequenikality


    After over 8 hours of research and trial-and-error, I’ve devised a pseudo-way of achieving this:

    add_filter( 'shortcode_atts_wpcf7', 'custom_shortcode_atts_wpcf7_filter', 10, 3 );
    function custom_shortcode_atts_wpcf7_filter( $out, $pairs, $atts ) {
            $my_attr = 'your-message';
            $user_id = get_current_user_id();
            if ( isset( $atts[$my_attr] ) and $user_id != 0 ) {
                    $description = get_user_meta( $user_id , 'description', true );
                    $out[$my_attr] = $description;
            return $out;

    This filter allows me to set the default from the user’s bio (description), as long as I add the attribute to the shortcode and set the form’s field to default to it.

    In this snippet, it doesn’t matter what the attr ‘your-message’ is set to in the shortcode – in the form, it will default to the user’s description regardless of the attribute’s content, as long as the attribute is set.

    If you want to adapt this code to your own form, change $my_attr to the name of the field you want to default, add default:shortcode_attr to the field in the form editor and add whatever you set $my_attr to into the end of the shortcode on your page.

    Hope someone else finds this useful to justify my 8+ hours of suffering 😆

    Forum: Requests and Feedback
    In reply to: User ID’s
    Thread Starter tequenikality


    That’s not entirely the case. You’re thinking as an experienced coder – not everyone is. For example, the script that compromised my site was hard-coded with User ID #1, no detection or anything. And indeed, I wouldn’t know how to retrieve a recursive list of all ID’s in a timely manor.

    Would it stop a professional hacker? No not even close. But it’s a stumbling block. The key to security isn’t necessarily to make it IMPOSSIBLE to hack something because that in of itself is impossible – it’s to make it so difficult that it isn’t worth a pro’s time for the potential gains.

    Besides, if a user submitted the function to randomly generate ID’s and there were no egregious language errors for example, would there be a specific reason to reject it? Perhaps it’s security gains are only small, but they are there nonetheless. The change wouldn’t worsen security or cause an inconvenience for users, would it?

Viewing 2 replies - 1 through 2 (of 2 total)