CookieMonster-plus v.1.3.13 now plays nice with ampersands

Had a report from Steve Dawson that ampersands were not being passed through properly. The short story is, now it is working when you type the & in the "Text" rather than "Visual" panel.

[cmp_tag "input value='Test?example=" example "&other=...' size='50'"]
->

The long version of the story involves digging into the WordPress core code to figure out where all the & encoded ampersands were coming from and finally finding all the places! (And nobody really wants to hear it, so ...)

Three new caveats:

  1. If you switch back to the Visual editor after making the appropriate changes in the Text editor, WordPress will be "helpful" and change them from & to & and break things again.
  2. Using this now turns off "smart quotes" and other things that wptexturize() does to the things we type. Most people will never notice the difference. This note is for those who do notice and may have issue with that.
  3. You can only put one cookie value into a given HTML tag. This becomes more of a potential issue in this use case where you might want to pass along a name and email as it passes from one site to another. Since the primary use case I'm aware of for this feature is to pass an affiliate ID, I think it is a fair solution until I process through all the potential implications of my next solution.

As usual, get the updated plugin and drop a note on the help desk if you have any questions, suggestions, or results to share!

CookieMonster-plus update (1.3.12) — WP 4.3 compatibility

The CookieMonster-plus plugin has had another big update. This supersedes the last update that dealt with the WP 4.2.3 security update that broke how and where certain shortcodes work. It also has a more general, if slightly more complicated, solution to the new behavior of WP core.

Cookie Image
C is for Conversion, that's good enough for me!

WordPress core changed up the shortcode behavior for security reasons and I understand their reasoning, but it broke plugins like CM+ that already had taken into consideration the dangers of user input being "injected" into your web page. What changed is that now they ignore any short codes that are a part of an HTML tag, but not all the parameters. So, for those who used a CM+ shortcode to fill in a form field's value, it stopped doing that with the WP 4.2.3 update.

For example

<input type='text' name='email' value='[email]'>

used to do the right thing. As of WP 4.2.3, it just left the value blank.

The way around this, as validated by WP core developers, is to have the shortcode generate the whole HTML tag. In order to do that in a robust way, I added a new shortcode to CM+ that you feed three unnamed parameters: before, cookie, and after.

This allows for mechanical translation from a tag with an embedded [cookie_name] shortcode to the new format. There are instructions for this, as well as a web-based translation tool, available from the download page.

The good news is that any other customization you're doing on WordPress pages with [firstname] or other CM+ cookie shortcodes should work as always -- as long as it isn't embedded in a parameter of an HTML tag. The even better news is that the latest version of the CM+ plugin gives us a way to use the shortcodes in the old way as well. The best news is that this means the upgrades to Paul Myers's Email Affiliate System that CM+ turned into The BEAST (Blog and Email Affiliate SysTem) should all still be viable with the security of the latest version of WordPress.

As always, feel compelled to download CookieMonster-plus and sign up for my plugin announcement list on that download page.

Are Sunk Costs Sinking Your Ship?

WordPress › Error

There has been a critical error on this website.

Learn more about troubleshooting WordPress.