If you don’t have an existing shortcode to get the value you need, you can write a custom shortcode. If you’re familiar with PHP, it’s really easy. All you do is define a shortcode tag and a function that handles processing that tag. Here’s a basic template to create a [my_special_shortcode] shortcode: Which just means that when the following shortcode is processed: [my_special_shortcode] it’ll be replaced by the text hey I’m a custom shortcode! For full details on how to write a custom shortcode, use custom attributes and content, etc, please review the following resources: Creating Custom shortcodes WordPress shortcode API
Third party shortcodes are those included in your theme or another plugin. As long as these shortcodes return a string value that can be displayed in a text input field, you can use them with the DTX.
The Dynamic Text Extension includes some shortcodes out of the box to make it easy to get started with the most common use cases. PHP GET Variables CF7_GET key=’foo’ This shortcode gives you access to the PHP GET variables, i.e. the arguments in the query string. Example To get the foo argument from the URL https://mysite.com?foo=bar You would use the shortcode CF7_GET key=’foo’ in a dynamic text tag: [dynamictext inputname “CF7_GET key=’foo'”] PHP POST Variables CF7_POST key=’foo’ Provides access to the PHP $_POST variables array by key. Example [dynamictext inputname “CF7_POST key=’foo'”] Blog/Site Info CF7_bloginfo show=’url’ Provides access to the basic site info from the get_bloginfo() function. Examples Dynamic Text tag: [dynamictext inputname “CF7_bloginfo show=’url'”] Shortcode variations: CF7_bloginfo show=’name’ Site Title CF7_bloginfo show=’url’ Site URL CF7_bloginfo show=’version’ WordPress version Post Info CF7_get_post_var key=’title’ Provides access to information about the current post/page that the form is displayed on based on the properties of the current global $post object. Example Dynamic Text tag: [dynamictext inputname “CF7_get_post_var key=’title'”] Shortcode variations: CF7_get_post_var key=’title’ Current post title CF7_get_post_var key=’slug’ Current post slug CF7_get_post_var key=’post_author’ Current post author’s ID Current URL CF7_URL Returns the current URL of the page the form is on. Shortcode does not have any arguments. Example Dynamic Text tag: [dynamictext inputname “CF7_URL”] Custom Fields CF7_get_custom_field key=’my_custom_field’ Access custom meta fields from the current post/page. Use the custom field’s ID as the key. Example Dynamic Text tag: [dynamictext inputname “CF7_get_custom_field key=’my_custom_field'”] Current User Info CF7_get_current_user key=’user_field’ Access current user’s info based on wp_get_current_user() If no key is provided, will default to user_login. Example Dynamic Text tag: [dynamictext inputname “CF7_get_current_user key=’user_nicename'”] Shortcode variations: CF7_get_current_user Current username CF7_get_current_user key=’ID’ Current user’s ID CF7_get_current_user key=’user_nicename’ Current user’s “Nice name” CF7_get_current_user key=’user_email’ Current user’s email address Referrer URL CF7_referrer Access the referrer URL, if it exists. Note […]
What is a shortcode? A shortcode is a string of text that is processed and replaced by the output of a PHP function. WordPress shortcodes are denoted by square brackets surrounding the text string. For example, you might have a shortcode called “name”. Then in a WordPress page, you might have this content: When the page is served to the user, [name] is replaced by the output of the associated function, which should return the current user’s name. In this case, the output displayed to the user might be: So a shortcode is just a mapping of a string to a function that processes that string and some option attributes and returns a value. How shortcodes are used in the Dynamic Text Extension With a standard text field in Contact Form 7, you can set a default value. Here’s we’ve set the name field to “John” With the DTX, we can use a shortcode for the default value in a Dynamic Text field In this case, we’ve used the included shortcode, CF7_get_current_user, which returns the user name dynamically. However, we’ve eliminated the brackets, due to the syntax required for Contact Form 7. (The DTX acts as an intermediary to process the shortcode properly even without its brackets). Shortcode syntax within the DTX When using a shortcode as the Dynamic Value, you must: Remove the square brackets [] Convert all double quotes ” to single quotes ‘ These two changes are required to avoid syntax errors within Contact Form 7. So, this shortcode: becomes when placed inside the dynamictext CF7 tag, e.g.:
ShiftNav Pro includes several shortcodes for adding custom content to your menu. They can be placed in the Custom Content areas above and below the menu in the ShiftNav Control Panel.
Jump to: Overview Background & Security Considerations Access Control Post Meta Access User Data Access What to do after updating to v4.2.0 or later Form Scanner Tool Validation Tool Programmatic Control via Filters Overview As of CF7 DTX v4.2.0, all access to post metadata and user data accessed via the CF7_get_custom_field and CF7_get_current_user shortcodes is disallowed by default. To allow access to specific metadata or user data, administrators can add those keys to the Allow Lists by going to their admin panel > Contact > Dynamic Text Extension. Keys that are not on the allow list will not return their data. If a disallowed key is encountered when outputting one of the above shortcodes, a PHP Warning will be triggered, indicating the key value that needs to be allow-listed. We’ve provided both a Form Scanner Tool and a Validation Tool to make it easy to determine which keys need to be allow-listed. Background & Security Considerations To give users flexibility when setting up their contact forms, the DTX provides two shortcodes for general access of post and user data: CF7_get_custom_field allows access to any meta data for any post. CF7_get_current_user allows access to any user data for the current user. This means that any logged-in user with the ability to edit posts (Contributor+ access) has the potential to access or reveal sensitive data. If there are untrusted users with access, this can pose a security risk. To address this potential vulnerability, access to all post meta and user keys for these shortcodes is disallowed by default. Administrators have the authority to add specific keys that they have deemed safe to expose to the Allow Lists, so that those keys can then be used with the above shortcodes. Only keys that are listed on the allow lists will return values when […]
