Creating archive like functionality through birectional relationships

I could use some guidance in something where I may have developed myself into a corner. Here is the situation I have:

  • CPT: Communities
  • CPT: Innovators
  • CPT: Success Stories

Any Innovator or Success story needs to be tied to a Community. I’ve attempted to do this through a ACF Bidirectional relationship field. I did this instead of a taxonomy because I didn’t want them to have to manage a community taxonomy and a community post type every time a new one was added. It also makes listing associated innovators and success stories on a community page relatively simple. The problem is now that I am doing it that way, I can’t use the archive system.

What I need to be able to do is list the communities, and have them link to a list of their associated innovators or success stories depending on the intent. Ideally the titles of these listing pages can be dynamic as well. There is an old plugin called CPT-onomies that converts a CPT into a taxonomy for another but I am hesitant to use it since it has been 2 years from last update. Is there an elegant and dynamic solution to this or should I just make taxonomies?

For a visual representation, here is the design. Slides 4 and 5 are good example.

Many thanks.

WordPress (not woocommerce) Request A Quote functionality

I’ve seen plugins for WooCommerce that provide Request A Quote functionality (turning their cart into a quote request) as well as plugins that are glorified forms (allowing you to select multiple products while ON the form) to submit a request for.

What would be the best solution (coded or plugin) to allow customers to click a button on item pages (custom post types currently) that would add that item’s data to the main contact form (We’re using Gravity Forms currently)?

I’ve looked through the GF docs and they have ways to programmatically add data to the fields.. but I need it to persist while the customer is browsing other pages on the site.


Ex: Customer goes to four different pages, clicks the ‘Request A Quote’ button (we’ll show an alert after they do, that directs them to the Request Form or allows them to keep browsing). Once the customer is navigated to the Request Form, they see the info for the items (we can scrape the title, item #, etc from the post they click the button on) within the main forms Textarea.

Should abilities have their state and functionality separated?

I’m developing a top-down game using Javascript and Canvas in an ECS architecture.

I’m wondering, which of these is better from a design / elegance point of view?

Method 1: Combining the ability function and its metadata into one object:

// in ability factory createBlinkAbility() {   return {     cooldown: 5000,     castTime: 1000,     hotkey: "q",     execute(entity: Entity, scene: Scene) {       let position = entity.get(CT.Position);        let level = scene.queryComponent(CT.Level);        position.x = Helpers.randomInt(0, level.width);       position.y = Helpers.randomInt(0, level.height);     }   } }  function executeCurrentCast(entity: Entity, ability: Ability) {   ability.execute(entity); // all abilities have an execute function } 

Method 2: Separating ability metadata from its function:

// in ability factory createBlinkAbility() {   return {     type: "blink",     cooldown: 5000,     castTime: 1000,     hotkey: "q"   } }  // in ability factory castBlink = (entity: Entity, scene: Scene) => {   let position = entity.get(CT.Position);    let level = scene.queryComponent(CT.Level);    position.x = Helpers.randomInt(0, level.width);   position.y = Helpers.randomInt(0, level.height); }  function executeCurrentCast(entity: Entity, ability: Ability) {   switch (ability.type) {     case "bow": this.abilityFactory.castBow(entity); break;     case "blink": this.abilityFactory.castBlink(entity); break;     ...   } } 

I know in general in an ECS architecture it is wise to separate "state" from "actions", but I’m not sure if this would also apply to things like abilities. It seems like it might be wise to maintain that separation, but the code seems like it might be "cleaner", or shorter at least, in the former case.

Lastly, I’m not really concerned with the performance differences between these two approaches, but rather which is better from a design standpoint.

Add a functionality to quickly filter custom posts in Admin Area

I am creating a website for a doggie rescue, basically configuring the backend so they can manage dogs, volunteers, etc.

The legacy system had a feature where the user could start typing into an input field and all matching results would be displayed as you typed, most likely making ajax calls.

They would like to have this feature in WordPress. I tried using Admin Columns but you have to create the filter, modify the value and then click the Filter button and wait for it to load the results. I want to avoid the "click filter button and wait for page to come back with results" part.

One of the CPT that I am creating, volunteers, apparently has 40K records, and they would like to filter through them by using this "filter as you type" idea.

Is this possible from WPAdmin? I mean, adding a text input field that would filter all the posts using AJAX?


How to stop WooCommerce from removing link functionality in uploaded PDF products

my site uses WooCommerce to sell downloadable PDFs which should have clickable links, but when these PDFs are downloaded after purchase, the links are no longer clickable. I’ve searched everywhere I can think to try to find a resolution to the problem. Has anyone encountered this before?

I’ve tried downloading with multiple browsers and opening the files in Acrobat and Preview, to no avail, so I think it looks like the links are being removed on upload to the site. I use an image optimiser (Smush) to process images on upload to the site, but this doesn’t affect PDFs.

I’m a little perplexed, any insight would be much appreciated.

12.1.1 “Part” functionality having issues with Dataset

I made some large datasets of SEM micrograph images and metadata in 12.0 and they have been working no problem for several weeks. but now when I run the notebook in 12.1.1, it seems that it fails to define the Part of the dataset I need. I just reinstalled 12.0 and the problem is still happening now, so maybe I’m just an idiot.



Does antivirus software detect scrceen grabbing functionality in a running program?

Let’s say a malicious actor publishes a piece of software that calls a screenshot function (e.g. Graphics.CopyFromScreen() or the UIAutomation Framework in .NET) every so often, but doesn’t notify the user of that. I download and install that software.

Assuming that the software is signed with a valid publisher certificate, I have a few questions around that:

  • Would that screengrabbing behaviour be detected by an(y) Antivirus solution?
  • If yes, do legitimate screengrabbing programs need exceptions in an antivirus program to allow that behaviour?
  • If no, will at least the exfiltration of the data be detected by the AntiVirus software? (I guess the exfiltration can happen in so many different ways that it’s a bit of an arms race to see that bytes are being sent that encapsulate/encode the screengrab and not some form of telemetry, for example)

I’ve been googling for a while but can’t seem to find anything on the topic.

Potential Security Issue in Custom Taxonomy Search Functionality

I’m wishing to add some functionality to a client WordPress site that allows you to include taxonomy terms from custom post types in the WordPress search, and come across the following answer:

Include custom taxonomy term in search

This solution does work, but in the comments a user has mentioned that it’s “probably not a good idea to inject the raw publicly available search string directly into an SQL query.” and added a link for further reading. I can’t see anything in this link that relates to the specifices of the answer though.

For quick reference the code for the answer is below, would this code be a security risk? And if so what would the solution be so you can still have the functionality of being able to include taxonomy terms in the WP search without the security risk?

Many thanks

// search all taxonomies, based on:  function atom_search_where($  where){ global $  wpdb; if (is_search())     $  where .= "OR ( LIKE '%".get_search_query()."%' AND {$  wpdb->posts}.post_status = 'publish')"; return $  where; }  function atom_search_join($  join){ global $  wpdb; if (is_search())     $  join .= "LEFT JOIN {$  wpdb->term_relationships} tr ON {$  wpdb->posts}.ID = tr.object_id INNER JOIN {$  wpdb->term_taxonomy} tt ON tt.term_taxonomy_id=tr.term_taxonomy_id INNER JOIN {$  wpdb->terms} t ON t.term_id = tt.term_id"; return $  join; }  function atom_search_groupby($  groupby){ global $  wpdb;  // we need to group on post ID $  groupby_id = "{$  wpdb->posts}.ID"; if(!is_search() || strpos($  groupby, $  groupby_id) !== false) return $  groupby;  // groupby was empty, use ours if(!strlen(trim($  groupby))) return $  groupby_id;  // wasn't empty, append ours return $  groupby.", ".$  groupby_id; }  add_filter('posts_where','atom_search_where'); add_filter('posts_join', 'atom_search_join'); add_filter('posts_groupby', 'atom_search_groupby'); 

How to implement a “Forgot password?” functionality using php-encryption’s KeyProtectedByPassword and 2FA?

I’m currently migrating the encryption functionality used in a PHP project from mcrypt (which was deprecated in PHP 7.1.x and no longer works from PHP 7.2 onward) to openssl, using the defuse/php-encryption library.

I would like to encrypt some of the data using the lib’s KeyProtectedByPassword feature, so that the data is encrypted by a key that is itself protected by the user’s password. Using the library is quite straight-forward, so that’s not my issue here. Instead, I wonder if it’s possible at all to implement a “Forgot password” functionality while preserving the encrypted data for the user?

My understanding is that there’s no way around knowing the password to get the encryption key (otherwise the whole feature would be useless), so that would mean that the data is lost when the password is lost. There is a changePassword method, but that requires supplying the current password as well, so that won’t help.

I also have 2FA implemented for the user accounts as a voluntary option.

  1. Could it help to save the key encrypted in a way that it can be decrypted using 2FA, in order to have a second measure to restore access, or will that introduce other security concerns?
  2. How would I approach that? Simply using the 2FA secret key is not an option, as someone with access to the database could then just read that out and use it to decrypt the user’s data.

I already read similar questions like this and this follow-up. I might implement additional measures as suggested in the answers there as well, but I would like to get an answer considering 2FA and the use of this specific library.

What are the downsides of asking your current users to participate in a study (e.g. for new functionality)?

What I mean is, you rarely see companies put some form of banner out there on their homepage saying:

“Hey, we’re developing some new stuff and would like our customer’s opinions on it. Take a quick test!”

Usually, they do those tests behind closed veils and with specifically filtered testers (e.g. in remote testing).

So my question is, what is the primary reason for that?

These thoughts come to mind as arguments against it:

  • Only specific users would participate and skew the perspective. The average user, who is the main buyer, will ignore it; while the power or frequent users will use the chance to complain or inject their very specific wishes.
  • Your users are also accustomed to the site by now and will most probably view any new design changes as “bad” and will vote for keeping what they already know.

On the other hand, these are the things that could be said in favor of it:

  • You can get insight into problems that only long-term users might face, while new users do not even know they exist.
  • You build more loyalty due to the trust you display for their opinion.

I guess I kind of answered my own question, as it usually depends on context. You use foreign, new users to test things that are supposed to attract new paying customers, while you can ask existing users when you want to improve deeper & more complex functionality.

But it seems you never see the second case, but most always the first one.

Does anyone have further points to add to the two lists or other thoughts related to that?