has_shortcode was introduced in 3.6.0. You might find that useful here.
Post by Nikola NikolovSince the regex that matches shortcodes is quite complex, I can suggest to
you the following VERY ugly hack :)
function filter_out_protected_shortcode( $content ) {
// Check to see if the current user can or can't do a specific task
// it would probably be different in your case
if ( ! current_user_can( 'edit_others_posts' ) ) {
global $shortcode_tags;
// Back-up the currently registered shortcodes
$_sc_tags = $shortcode_tags;
// Change the shortcode's handler to return an empty string instead of the
actual content
$shortcode_tags = array( 'xyx' => '__return_empty_string' );
// Now, since we overrided the $shortcode_tags variable
// Only the [xyx] shortcode will be parsed - and it will be replaced
// with an empty string :)
$content = do_shortcode( $content );
// Restore the original shortcode handlers
$shortcode_tags = $_sc_tags;
}
return $content;
}
add_filter( 'content_save_pre', 'filter_out_protected_shortcode', 10 );
So what happens here is that we hook to the "content_save_pre" filter as
Jesse suggested.
We then check if the user can use that shortcode. If they can't, we
override the global $shortcode_tags variable to only contain our shortcode
with a callback "__return_empty_string" - which as the name suggests
returns an empty string.
After that, we parse the content and if the shortcode was found there - it
will be replaced with an empty string.
This is not a perfect solution, since if the shortcode was surrounded by
two empty lines(one before and one after), you would get three empty lines.
I haven't tested that code, but it should in theory work.
Also - the chances are that no shortcodes would be parsed for that
request(since that's a request for updating/saving a post) and you can skip
the copying/restoring of the $shortcode_tags variable, but I always prefer
to put things back together the way I found them, than to leave them
messy(debugging something like that is a pain).
Well, that's about it - it's an UGLY hack, but I believe that the core
handling of the shortcodes is better than anything that I would come-up
regex-wise(and I'm generally somewhat decent in writing those).
On Tue, Nov 12, 2013 at 10:08 PM, Jesse Friedman <
Post by Jesse FriedmanYou could filter the content when the post is saved and if the user
doesn't
Post by Jesse Friedmanhave the right permissions, then I strip the shortcode or present a warning.
you could try using
http://codex.wordpress.org/Plugin_API/Filter_Reference/content_save_pre,
then maybe some regex to find the shortcode and strip it out
Post by Haluk KarameteWhat I mean by that is that is this...
let's say there is an admin-editors-only shortcode. let's call it "xyx"
shortcode for the sake of an example.
is it possible to have a contributor or author to not to be able to use
that shortcode? they all get stopped with a warning that the post
cannot
Post by Jesse Friedmanbe
Post by Haluk Karametesaved (or created) because it contains the "xyx" shortcode!
to cover all the possibilities (such as posting thru email, or thru
some
Post by Jesse FriedmanPost by Haluk Karameteother esoteric ways) , what is the best hook(s) that I need to watch
out
Post by Jesse Friedmanso
Post by Haluk Karametethat there are no loop holes left...
I hope it was clear and did not confuse you...
thank you
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
--
thanks
*jesse friedman*
jes.se.com
Book: Web Designers Guide to WordPress -
http://wdgwp.com/onamazon<http://wdgwp.com/onamazon>
Facebook: Like<
https://www.facebook.com/pages/Jesse-Friedman/204793299545174>
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers