danielgm
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Still no is_post_template?You’re right, that function does work for posts.
I used the template name instead of the full file name when I tested.
This worked for me:
is_page_template( 'single-custom.php' )Thanks so much!
Forum: Fixing WordPress
In reply to: Still no is_post_template?No, is_singular only recognizes post types, not post type templates. It’s like get_post_type which will just return ‘post’ no matter if the default or a custom post template is used.
Forum: Plugins
In reply to: [Temporary Login Without Password] Front-end temp loginTheme-my-Login is good for always redirecting to the same URL depending on the user role. I was thinking about something more flexible and spontaneous.
You would know where to redirect by remembering the initial URL called.
Examples:
https://wp-site.com/?wtlwp_token=0e17194f4463cc51730cb0fef7c44280 -> log in and redirect 302 -> https://wp-site.com/https://wp-site.com/category/widgets/?wtlwp_token=0e17194f4463cc51730cb0fef7c44280 -> log in and redirect 302 -> https://wp-site.com/category/widgets/https://wp-site.com/post-title?wtlwp_token=0e17194f4463cc51730cb0fef7c44280 -> log in and redirect 302 -> https://wp-site.com/post-titlehttps://wp-site.com/wp-admin/edit.php?wtlwp_token=0e17194f4463cc51730cb0fef7c44280 -> log in and redirect 302 -> https://wp-site.com/wp-admin/edit.phpIn the plugin backend, you would only generate:
https://wp-site.com/wp-admin/?wtlwp_token=0e17194f4463cc51730cb0fef7c44280 -> log in and redirect 302 -> https://wp-site.com/wp-admin/But you could put an info box explaining that it’s possible to append the token to other URLs in order to have the temporary user visit that particular page directly, with the privileges afforded by the chosen user role.
Forum: Plugins
In reply to: [Temporary Login Without Password] Can we add more custom fields to itHow about putting custom fields behind a collapsible link. This way it does not clutter up the interface but is available for those who use ACF or some other custom fields plugin and want to assign some of those fields to temp users.
Forum: Plugins
In reply to: [Temporary Login Without Password] Lock and delete icon not clickableI fixed it like this for now:
.copied-text-message { padding: 0 20px 20px 20px; }admin/css/wp-temporary-login-without-password-admin.css
Forum: Plugins
In reply to: [Temporary Login Without Password] Lock and delete icon not clickableHere you can see said span overlapping the two action icons causing them to become unclickable. Screen res is similar to yours and makes no difference.
Do you see any other options to get rid of this scenario? We will think about different alternatives of this and will be incorporated into plugin.
Not at the moment, no. Looking forward to your next updates!
Yes, I also think higher protection should be the default given that the main use case is the low trust one. Really, if an owner needs to give away plugin installation privilege, no plugin can protect him, and he should have a contract with the third party.
Only the admin role is relevant, as the next highest role is editor and they cаn’t do anything critical. The admin role is what the external dev would ask for to help and it is what he needs. Just not all of it.
Maybe you could make a fake user role “Administrator with safety” available (usermeta _wtlwp_trust = 0) as the default admin role and the normal administrator (usermeta _wtlwp_trust = 1) can only be added to the available roles once the owner has checked a box that he understands that this means that that person could make a copy of his entire site in just a few minutes and that he ought to have a contract with that person.
I don’t see any reason ever for a temporary user to be able to create other temporary users, delete existing users, or your plugin (which would turn all temporary users into permanent users) so those existing restrictions should remain non-configurable, I think, to protect owners from their own bad judgment.
- This reply was modified 8 years, 2 months ago by danielgm.
Oh, that’s right regarding plugins and themes. I forgot about the use case of someone setting up the whole installation for the owner. But this is a high-trust scenario anyway.
It seems the main scenario is some plugin dev is given access to look into a problem with his plugin on the owner’s site.
In that case, allowing access to plugin installation means the third party can install a backup plugin and walk away with the whole database and every file in the installation and the owner wouldn’t even know this happened.
Even staging sites often contain significant intellectual property and/or user data.
You’re already restricting a few things for temporary users such as adding or deleting users which are not explained on the plugin settings page. I think there should be an explanation about these restrictions on that page.
Perhaps you could then present additional checkboxes when an admin temp login is created like so:
1) I fully trust this party (blocks only plugin itself, user editing/deleting)
2) Disallow plugin/theme installation
3) Disallow users.php
4) Disallow popular backup plugins already installedWith a notice that other plugins may also be exposing private information or providing file level access and a hook for developers to add those to the block list.
What do you think?
Forum: Plugins
In reply to: [Temporary Login Without Password] Lock and delete icon not clickableBasically the top-padding on the spans with class “copied-text-message” is such that it overlaps these two icons, making them so difficult to click.
Forum: Plugins
In reply to: [Temporary Login Without Password] Can we add more custom fields to itI also think this would be beneficial. Maybe you can look at plugins like ACF, the custom fields of which are automatically available on native user profile pages and some user profile plugins. Maybe if you put the same hook into your plugin they would show on your plugin’s admin screens as well. I think it is probably:
<?php do_action( 'show_user_profile', $profileuser ); ?>Forum: Plugins
In reply to: [Uji Countdown] Incomplete language files supplied and not appliedApplying the mo-files can be fixed easily be replacing in file classes/class-uji-countdown.php:
load_plugin_textdomain( $domain, FALSE, dirname( plugin_basename( __FILE__ ) ) . '/lang/' );with
load_plugin_textdomain( $domain, FALSE, UJIC_FOLD . '/lang/' );Please fix that in the next version.
Forum: Plugins
In reply to: [Theme My Login] Cannot assign an empty string to a string offsetAh, that’s too bad. PHP 7 has been out for quite a while now and it brings a major speed boost. Hope you’ll get around to it soon.
Forum: Plugins
In reply to: [Open Graph and Twitter Card Tags] So important… multiple og_image supportYes, it works. Thank you very much!
If the overlay function is activated and an overlay image uploaded through the plugin, all fb_images will be watermarked unless png_overlay argument is supplied as false or how does it work? What happens if I don’t supply png_overlay for each fb_image_additional?
How can I trigger the plugin’s Facebook cache reset function after adding items to fb_image_additional?
Forum: Plugins
In reply to: [Open Graph and Twitter Card Tags] So important… multiple og_image supportSo I used the following code:
add_filter( 'fb_og_image_additional', 'extra_preview_images' ); function extra_preview_images() { $fb_image_additional = array( 'https://domain.com/wp-content/uploads/og_image2.jpg', 'https://domain.com/wp-content/uploads/og_image3.jpg' ); return $fb_image_additional; }But somehow this outputs only the first letter of each new image url:
<meta property="og:image" content="h"/> <meta property="og:image" content="h"/>
