Category Archives: WordPress

WordPress Multisite unfiltered_html Capability

Roles other than Super Admin cannot be assigned the unfiltered_html capability in WordPress Multisite. You can set it for a role. But WordPress disables the capability after the fact.

This creates a unique WordPress challenge. Your site admins will not have the ability to add a hard coded iframe or embed markup to posts.

Solution

WordPress does not offer an easy function to find a users role. I have provided a function to achieve that as part of the solution.

/**
 * Simulate assigning the unfiltered_html capability to a role.
 */
add_action( 'admin_init', 'tsg_kses_remove_filters' );
function tsg_kses_remove_filters()
{
    $tsg_current_user = wp_get_current_user();

    if ( tsg_user_has_role( 'rolename', $tsg_current_user ) )
        kses_remove_filters();
}

/**
 * Check if a user has a role.
 */
function tsg_user_has_role( $role = '', $user = null )
{
    $user = $user ? new WP_User( $user ) : wp_get_current_user();

    if ( empty( $user->roles ) )
        return;

    if ( in_array( $role, $user->roles ) )
        return true;

    return;
}

/**

* Simulate assigning the unfiltered_html capability to a role.

add_action( 'admin_init', 'tsg_kses_remove_filters' );

function tsg_kses_remove_filters()

{

$tsg_current_user = wp_get_current_user();

if ( tsg_user_has_role( 'rolename', $tsg_current_user ) )

kses_remove_filters();

}

/**

* Check if a user has a role.

function tsg_user_has_role( $role = '', $user = null )

{

$user = $user ? new WP_User( $user ) : wp_get_current_user();

if ( empty( $user->roles ) )

return;

if ( in_array( $role, $user->roles ) )

return true;

return;

}

Automatic Featured Image for WordPress Posts

The following script will automatically set the first image in a WordPress post as the Featured Image. It will always set the featured image, however, you can select an alternate image.

You could add a checkbox using post meta to bypass this functionality. On this particular site, we preferred to force the blogger to set a featured image. The wrong image only encourages the user to set a better one.

/**
 * Set the first image in the post content as Featured Image.
 */
add_action( 'save_post', function( $post_id, $post = NULL ) {

    if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
        return;

    if ( !isset( $_REQUEST[ 'post_type' ] ) || $_REQUEST[ 'post_type' ] != 'post' )
        return;

    tsg_set_featured_image( $post );

}, 10, 2 );

add_action( 'transition_post_status', function( $new_status, $old_status, $post ) {

    if ( $post->post_type != 'post' )
        return;

    tsg_set_featured_image( $post );

}, 10, 3 );

function tsg_set_featured_image( $post )
{
    if ( $post->post_type != 'post' )
        return;

    if ( has_post_thumbnail( $post ) )
        return;

    $attachment_id = tsg_get_first_attachment_id( $post );

    if ( !empty( $attachment_id ) )
        update_post_meta( $post->ID, '_thumbnail_id', $attachment_id );
}

/**
 * Get attachment ID from image url.
 */
function tsg_get_first_attachment_id( $post )
{
    $image_url = tsg_get_first_image_from_post_content( $post );

    if ( empty( $image_url ) )
        return;

    $image_extension = explode( '.', $image_url );
    $image_extension = end( $image_extension );

    if ( !in_array( $image_extension , [ 'png', 'PNG', 'jpg', 'JPG', 'jpeg', 'JPEG' ] ) )
        return;

    $image_url = parse_url( $image_url );

    // Uncomment and add your domain if you only want the database lookup to occur for your domain.
    // if ( strpos( $image_url[ 'host' ], 'yourdomain.com' ) === false )
    //     return;

    $image_path = preg_replace( '/-\d+[Xx]\d+\.' . $image_extension . '/', '.' . $image_extension, $image_url[ 'path' ] );

    $attachment_id = tsg_get_post_id_by_guid( $image_path );

    return $attachment_id;
}

/**
 * Get the first image from the post content.
 */
function tsg_get_first_image_from_post_content( $post )
{
    if ( empty( $post->post_content ) )
        return;

    $content = apply_filters( 'the_content', $post->post_content );

    preg_match_all( '/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $content, $matches );

    if ( empty( $matches[ 1 ] ) )
        return;

    return $matches[ 1 ][ 0 ];
}

/**
 * Get post ID by guid.
 */
function tsg_get_post_id_by_guid( $guid )
{
    global $wpdb;

    $post_id = $wpdb->get_col(
            $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE instr( guid, '%s' ) > 0", $guid )
        );

    if ( !empty( $post_id[ 0 ] ) )
        return $post_id[ 0 ];
    else
        return;
}

/**
 * Describe the new functionality on the Featured Image metabox.
 */
add_action( 'admin_footer-post-new.php', 'tsg_featured_image_notice' );
add_action( 'admin_footer-post.php', 'tsg_featured_image_notice' );
function tsg_featured_image_notice()
{
    global $current_screen;

    if ( $current_screen->post_type != 'post' )
        return;
    ?>
    <script type="text/javascript">
        jQuery( '#set-post-thumbnail-desc' ).after( '<p class="hide-if-no-js howto" id="set-post-thumbnail-desc1">The first image in your post is set automatically as the featured image, however, you are able to select an alternate image</p>' );
    </script>
    <?php
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

/**

* Set the first image in the post content as Featured Image.

add_action( 'save_post', function( $post_id, $post = NULL ) {

if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )

return;

if ( !isset( $_REQUEST[ 'post_type' ] ) || $_REQUEST[ 'post_type' ] != 'post' )

return;

tsg_set_featured_image( $post );

}, 10, 2 );

add_action( 'transition_post_status', function( $new_status, $old_status, $post ) {

if ( $post->post_type != 'post' )

return;

tsg_set_featured_image( $post );

}, 10, 3 );

function tsg_set_featured_image( $post )

{

if ( $post->post_type != 'post' )

return;

if ( has_post_thumbnail( $post ) )

return;

$attachment_id = tsg_get_first_attachment_id( $post );

if ( !empty( $attachment_id ) )

update_post_meta( $post->ID, '_thumbnail_id', $attachment_id );

}

/**

* Get attachment ID from image url.

function tsg_get_first_attachment_id( $post )

{

$image_url = tsg_get_first_image_from_post_content( $post );

if ( empty( $image_url ) )

return;

$image_extension = explode( '.', $image_url );

$image_extension = end( $image_extension );

if ( !in_array( $image_extension , [ 'png', 'PNG', 'jpg', 'JPG', 'jpeg', 'JPEG' ] ) )

return;

$image_url = parse_url( $image_url );

// Uncomment and add your domain if you only want the database lookup to occur for your domain.

// if ( strpos( $image_url[ 'host' ], 'yourdomain.com' ) === false )

// return;

$image_path = preg_replace( '/-\d+[Xx]\d+\.' . $image_extension . '/', '.' . $image_extension, $image_url[ 'path' ] );

$attachment_id = tsg_get_post_id_by_guid( $image_path );

return $attachment_id;

}

/**

* Get the first image from the post content.

function tsg_get_first_image_from_post_content( $post )

{

if ( empty( $post->post_content ) )

return;

$content = apply_filters( 'the_content', $post->post_content );

preg_match_all( '/<img.+src=[\'"]([^\'"]+)[\'"].*>/i', $content, $matches );

if ( empty( $matches[ 1 ] ) )

return;

return $matches[ 1 ][ 0 ];

}

/**

* Get post ID by guid.

function tsg_get_post_id_by_guid( $guid )

{

global $wpdb;

$post_id = $wpdb->get_col(

$wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE instr( guid, '%s' ) > 0", $guid )

);

if ( !empty( $post_id[ 0 ] ) )

return $post_id[ 0 ];

else

return;

}

/**

* Describe the new functionality on the Featured Image metabox.

add_action( 'admin_footer-post-new.php', 'tsg_featured_image_notice' );

add_action( 'admin_footer-post.php', 'tsg_featured_image_notice' );

function tsg_featured_image_notice()

{

global $current_screen;

if ( $current_screen->post_type != 'post' )

return;

jQuery( '#set-post-thumbnail-desc' ).after( '<p class="hide-if-no-js howto" id="set-post-thumbnail-desc1">The first image in your post is set automatically as the featured image, however, you are able to select an alternate image</p>' );

</script>

<?php

}

Convert Taxonomy Options to Term Meta

WordPress 4.4 introduced Taxonomy Term Meta. Until this version, meta had to be stored as an Option. Most tutorials would tell you to give it a prefix followed by the ‘term_id’ so you can grab the data easily later. I already had a site with lots of populated meta. What I needed was a conversion script to move meta from an Option into real Term Meta.

/**
 * Convert Taxonomy Options to Term Meta
 */
$taxonomy = 'my_taxonomy';
$option_prefix = 'taxonomy_';

$taxonomy_terms = get_terms( $taxonomy, array( 'hide_empty' => false ) );
$counter = 0;

foreach ( $taxonomy_terms as $term )
{
    $term_id = $term->term_id;
    $option = get_option( $option_prefix . $term_id );

    if ( !empty( $option ) )
    {
        $counter++;

        foreach ( $option as $meta_key => $meta_value )
        {
            delete_term_meta( $term_id, $meta_key );

            if ( !empty( $meta_value ) )
                update_term_meta( $term_id, $meta_key, $meta_value, true );
        }
    }
}

echo "Processed " . $counter . " Taxonomy Term Options";

$counter = 0;

foreach ( $taxonomy_terms as $term )
{
    $term_meta = get_term_meta( $term->term_id );

    if ( !empty( $term_meta ) )
        $counter++;
}

echo " >> [ " . $counter . " ] Taxonomy Terms now have Term Meta.";

/**

* Convert Taxonomy Options to Term Meta

$taxonomy = 'my_taxonomy';

$option_prefix = 'taxonomy_';

$taxonomy_terms = get_terms( $taxonomy, array( 'hide_empty' => false ) );

$counter = 0;

foreach ( $taxonomy_terms as $term )

{

$term_id = $term->term_id;

$option = get_option( $option_prefix . $term_id );

if ( !empty( $option ) )

{

$counter++;

foreach ( $option as $meta_key => $meta_value )

{

delete_term_meta( $term_id, $meta_key );

if ( !empty( $meta_value ) )

update_term_meta( $term_id, $meta_key, $meta_value, true );

}

echo "Processed " . $counter . " Taxonomy Term Options";

$counter = 0;

foreach ( $taxonomy_terms as $term )

{

$term_meta = get_term_meta( $term->term_id );

if ( !empty( $term_meta ) )

$counter++;

}

echo " >> [ " . $counter . " ] Taxonomy Terms now have Term Meta.";

I found a couple of interesting quirks with Term Meta while converting my site.

The first is that if you run get_term_meta( $term->term_id ) it will present you with an array of arrays. The value is stored as the first key of these sub-arrays. Where you might have had $term_meta[‘my_key’] for your option, you now need $term_meta[‘my_key’][0]. If the value returned is an array, it will need to be unserialized. This only applies if you want all Term Meta for a taxonomy. If you use get_term_meta( $term->term_id, ‘my_key’, true ) it will automatically perform both these tasks to return a single meta key.

Another difference shows itself when saving values. An Option will overwrite the value (array) in most cases. However the update function for Term Meta will only update individual meta keys. You need to iterate through and store them individually. However this is no bueno when using checkboxes. If the checkbox is unchecked, it will not be present in the postdata. Below is my generic save function for Term Meta, it will delete a value if it was stored previously but is no longer available.

/**
 * Save Term Meta
 */
add_action( 'create_my_taxonomy', 'tsg_save_term_meta', 10, 2 );
add_action( 'edited_my_taxonomy', 'tsg_save_term_meta', 10, 2 );

function tsg_save_term_meta( $term_id )
{
    $term_meta = $_POST['term_meta'];

    if ( !empty( $term_meta ) )
    {
        $term_meta_old = get_term_meta( $term_id );
        foreach ( $term_meta_old as $meta_key => $meta_value )
            if ( !array_key_exists( $meta_key, $term_meta ) )
                delete_term_meta( $term_id, $meta_key );

        foreach ( $term_meta as $meta_key => $meta_value )
            update_term_meta( $term_id, $meta_key, $meta_value );
    }
}

/**

* Save Term Meta

add_action( 'create_my_taxonomy', 'tsg_save_term_meta', 10, 2 );

add_action( 'edited_my_taxonomy', 'tsg_save_term_meta', 10, 2 );

function tsg_save_term_meta( $term_id )

{

$term_meta = $_POST['term_meta'];

if ( !empty( $term_meta ) )

{

$term_meta_old = get_term_meta( $term_id );

foreach ( $term_meta_old as $meta_key => $meta_value )

if ( !array_key_exists( $meta_key, $term_meta ) )

delete_term_meta( $term_id, $meta_key );

foreach ( $term_meta as $meta_key => $meta_value )

update_term_meta( $term_id, $meta_key, $meta_value );

}

When you’re all finished converting and everything is sweet. You’ll probably want to clean up your options table. Use this function at your own risk.

/**
 * Delete All Taxonomy Term Options - USE AT YOUR OWN RISK
 */
global $wpdb;

$wpdb->query( $wpdb->prepare("
        DELETE FROM " . $wpdb->prefix . "options
        WHERE option_name LIKE %s
    ",
    array( 'taxonomy\_%' )
));

/**

* Delete All Taxonomy Term Options - USE AT YOUR OWN RISK

global $wpdb;

$wpdb->query( $wpdb->prepare("

DELETE FROM " . $wpdb->prefix . "options

WHERE option_name LIKE %s

array( 'taxonomy\_%' )

));

Use CloudFlare to Secure WordPress by Country Codes

Firstly, check that you have the IP Geolocation option enabled on CloudFlare.

The most efficient way to do this with PHP would be to place the code below in the top of your wp-login.php, but WordPress will overwrite this file when it updates. The next best position is at the top of wp-config.php. If you follow the way WordPress loads, wp-login.php will require wp-load.php first, then after 4 minor lines of code, it will then get wp-config.php.

/**
 * CloudFlare - Connecting IP - for wp-config.php.
 */
if ( !empty( $_SERVER['REMOTE_ADDR'] ) && !empty( $_SERVER['HTTP_CF_CONNECTING_IP'] ) )
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

/**
 * CloudFlare - Limit WordPress Login to Australia with Whitelist - for wp-config.php.
 * It is best to bypass for IPv6 unfortunately, unreliable country code from CloudFlare at the moment.
 */
$ip_whitelist = array( '::1', '127.0.0.1' );

if ( in_array( $_SERVER['PHP_SELF'], array( '/wp-login.php' ) ) && !in_array( $_SERVER['HTTP_CF_IPCOUNTRY'], array( 'AU' ) ) )
{
    if ( !in_array( $_SERVER['REMOTE_ADDR'], $ip_whitelist ) && !preg_match( '/^([0-9a-f\.\/:]+)$/', $_SERVER['REMOTE_ADDR'] ) )
    {
        header( 'Location: /' );
        exit;
    }
}

/**

* CloudFlare - Connecting IP - for wp-config.php.

if ( !empty( $_SERVER['REMOTE_ADDR'] ) && !empty( $_SERVER['HTTP_CF_CONNECTING_IP'] ) )

$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

/**

* CloudFlare - Limit WordPress Login to Australia with Whitelist - for wp-config.php.

* It is best to bypass for IPv6 unfortunately, unreliable country code from CloudFlare at the moment.

$ip_whitelist = array( '::1', '127.0.0.1' );

if ( in_array( $_SERVER['PHP_SELF'], array( '/wp-login.php' ) ) && !in_array( $_SERVER['HTTP_CF_IPCOUNTRY'], array( 'AU' ) ) )

{

if ( !in_array( $_SERVER['REMOTE_ADDR'], $ip_whitelist ) && !preg_match( '/^([0-9a-f\.\/:]+)$/', $_SERVER['REMOTE_ADDR'] ) )

{

header( 'Location: /' );

exit;

}

This is just a different interpretation of my friends script. My version does not allow WordPress to waste CPU before booting the IP from the login page. It also allows for an IP whitelist to bypass this for trusted IP addresses.

It is best to pair this with a plugin like Simple Login Lockdown. There are also some useful .htaccess rules you can use, but I won’t go into that here.

Stay logged in with WordPress on Subdomains

A clients site performs some magic to show different content per subdomain. By default each subdomain asks you to login, which is a bit annoying. It would be convenient if admins of a single WordPress installation could stay logged in when they jump between subdomains. Due to unique requirements, we’re doing this without WordPress Multisite.

I found that all we needed to do was set the cookie domain and path in wp-config.php. At first it seemed only COOKIE_DOMAIN and COOKIEPATH would be needed, but it did not behave until COOKIEHASH was also set. You could probably set it to anything you like, I just had a defined variable already.

/**
 * Set cookie properties to allow persistent login across subdomains.
 */
define('MY_DOMAIN', 'thatstevensguy.com');
define('COOKIE_DOMAIN', MY_DOMAIN);
define('COOKIEPATH', '/');
define('COOKIEHASH', md5(MY_DOMAIN) );

/**

* Set cookie properties to allow persistent login across subdomains.

define('MY_DOMAIN', 'thatstevensguy.com');

define('COOKIE_DOMAIN', MY_DOMAIN);

define('COOKIEPATH', '/');

define('COOKIEHASH', md5(MY_DOMAIN) );

This may also work between WordPress installations across subdomains. I haven’t tested this theory. Both installations would require the same login details and this config. It is working with WordPress versions 3.8+.