Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • Hiding Custom Taxonomy Parents

    Hiding Custom Taxonomy Parents

    I have a few custom taxonomies that I want to be shown as textboxes and in order to do that, the simplest way is in the custom taxonomy, you set them up as hierachical true. This makes them behave like categories. The problem is I really don’t want these things to be hierarchical. That is, I don’t want people adding in a parent/child relationship.

    The simplest way around this is to cheat with CSS:

    select#newtropes_parent {
    display: none;
}
.form-field.term-parent-wrap {
    display: none;
}

    That hides the parent value. In order to have it show on the proper pages, I put it in a file called shows.css, in the same folder as my shows.php file that controls all the settings for the shows CPT (this includes the custom taxonomies used by shows) and wrapped it in this:

    add_action( 'admin_enqueue_scripts', 'shows_my_scripts', 10 );
function shows_my_scripts( $hook ) {
	global $current_screen;
	wp_register_style( 'shows-styles', plugins_url('shows.css', __FILE__ ) );
	if( 'post_type_shows' == $current_screen->post_type || 'tropes' == $current_screen->taxonomy ) {
		wp_enqueue_style( 'shows-styles' );
	}
}

    Now you can’t see that there are parents. Perfect. Done.

  • WordPress Multisite: Block Site

    WordPress Multisite: Block Site

    This came up when I was looking at WordPress.com, where one has the freedom to post anything within their ToS, and I saw someone’s moronic blog about how specific people were evil. Pick whatever you want, it doesn’t matter except assume it was something offensive to a minority.

    The Terms of Use says this:

    In particular, make sure that none of the prohibited items (like spam, viruses, or serious threats of violence) appear on your website.

    This was not a serious threat of violence, it was just ignorant, offensive, and stupid. I looked at the site and thought “What I want most in this moment is a big ass button to block this person from posting on my .com site, and to prevent them from ever being able to comment on any blog I own.”

    It doesn’t exist. (I will note I found BuddyBlock but I have no idea how well that would work, and it’s for BuddyPress only.)

    Part of the cool thing about WordPress Multisite is that you can run your own social network. With that power comes responsibility though. Users should be able to protect themselves while remaining on your network, allowing them to block other users they just don’t want to talk to.

    So why don’t we? Well effective blocking is hard. As I mentioned in my post about how (most) contact forms fail at this, the biggest issue is people can just fake who they are are try again. This is a little harder on a Multisite, where a legitimate email and account can be required to comment, but by default all members of a network can comment on any blog on the network. This means we’re opening ourselves up to the potential to more abuse.

    How would that big block work? There are a few approaches and I think the best route would be two fold.

    Blocking Users

    Everyone should have the ability to mute or block a user. As an end user, if I never want to see comments from John Smith again, I should be able to press ‘block.’ Then I would just see a note like [comment hidden] whenever I run into a comment from him on any blog on the network. On a non Multisite, I’d actually like to see that for any site that requires registration. Allow users to mute each other.

    As an admin, if I block John Smith, then his comments are immediately discarded. If you wanted to get fancy, then you’d hide his comment from everyone who isn’t him, so he thinks he’s still talking to people and just being ignored. A silence mode. Use some JS so an admin has to click to expand and see what’s going on, so if John Smith is escalating, he can be banned.

    That would be the other thing. Banning users from your sites on a Multisite should be totally possible. And on .com a way to report “User X keeps working around my blocks.” would help a lot.

    Also for admins, perhaps they should be able to see “X people have blocked this user” on the Dashboard. That said, I can see a massive possibility for abuse with that. If John Smith was an admin of his own blog and saw ’10 people blocked you…’ it could cause problems. It would be trivial to hide it from the user, so you could never know how many people blocked you, but I can think of a few fast workarounds. Easiest is to add a second admin account to my own blog on the network and check.

    Blocking Blogs

    This is mostly an issue on WordPress.com, since it’s one of the few places I know of that has a ‘reader’ that shows you blogs that you might be interested in. That’s how I found the offending blog, by the way. A friend runs a religious blog on .com and the one we both found appalling was a recommended blog to her. I’ve already talked to some people behind the scenes of .com about that and how the algorithm may need some turning. But even if she had stumbled on to it via a search, should she not be able to say “Ew! Block!”

    I would write it so that if someone clicked ‘block blog’ the following things happen:

    1. The owner of the blog is blocked from commenting on any blog I own
    2. The URL of the blog is placed on my blacklist
    3. Optionally, all admins of the blog are added to my blacklist

    Now I don’t have to see anything anymore.

  • Looking Back at MovableType

    Looking Back at MovableType

    For the first time in years, I looked at Movable Type.

    I walked away, like so many people, in May of 2004 when the restrictions and pay requirements were too much. I’d played with b2 before and WordPress, but that was when I fully moved to WordPress. While I’d remembered that the Open Source version had been fully restored in version 3.3, I forgot that when they released v6 in 2016, they ‘terminated’ the Open Source licensing option. Again.

    In doing normal research of things, I ended up on MovableType.com, and was struck by how modern and out of date the site felt.

    The site isn’t mobile friendly. Or at least not iPad friendly. It does this peculiar zoom in where the content is focused but it still has a sidebar. This means flicking down to read can causes my screen to wobble side to side as well. The zoom also didn’t work consistently, making me have to fix it over and over.

    That said, it has a much nicer design and layout than I expected.

    MovableType.com front page

    I have to say, that’s a much more modern front page than WordPress.org and less cartoony than the current WordPress.com pages. The same can’t be said of navigation, which was a little confusing. If you don’t know you have to purchase to download, seeing the Software License section without clarification is weird. That should be even more obvious, I think. I shouldn’t have to click on “Release Notes” and then see Install MT on the sidebar.

    Once I ended up in the documentation, I poked around and had a laugh at the software requirements.

    PHP 5.0 or higher (5.3 or higher is recommended)

    Sounds familiar, doesn’t it?

    The rest of the install direcrions are incredible weird and hands on. It has none of the simplicity I’ve come used to with WordPress. And please remember, I think that WordPress is far too complex for a new user, still, because WP’s NUX sucks. MT’s is worse.

    What interested me the most is that, while you can’t get MT for less than $900, they have a public GitHub repo available.

    Still, I didn’t install it. Instead I read the documentation to see what using it would look like, and was rather startling to read the author page on creating entries and see an interface that looked old.

    MT's post editor looks like WP 2.x

    It reminded me of WP 2.5. Which I guess is understandable since the documentation on how to import from WP to MT is very old. No, I’m serious, it has screenshots of what looks like WP 2.5 as their documentaion.

    While I still think that MT lost out big time when they decided to separate from the Open Source community, their product doesn’t draw me in. It doesn’t look fun or nice to use, and that’s probably a reason it’s not as popular as it could be. The GitHub page has 22 contributors. WordPress 4.5, led by my coworker and friend Mike, had 298. Even the official, but not really used like that, WP GitHub repo has over 30 contributors.

    I wonder how the web would have looked if Six Apart had never made the license changes.

    I wonder would power 26% of the Internet in that world.

  • Adding Post Meta Data to Quick Edit

    Adding Post Meta Data to Quick Edit

    After Monday’s post, where I added custom taxonomy data to Quick Edit as dropdowns, you know I had to tackle adding more data. While most of my data is custom taxonomies, some is post-meta and one is a weird cross-relational CPT to CPT(s). CMB2 themselves noted that this isn’t something easy to do. But I had already tackled this in one way and felt confident.

    When I showed my initial function to add the quick edit box, you may have noticed I had multiple cases:

    add_action('quick_edit_custom_box',  'lezchars_quick_edit_add', 10, 2);
function lezchars_quick_edit_add($column_name, $post_type) {
	switch ( $column_name ) {
		case 'cpt-shows':
			// Multiselect - CPT where characters may have multiple
			break;
		case 'postmeta-roletype':
			// Single Select - Custom Taxonomy
			break;
		case 'taxonomy-lez_gender':
			// Taxonomy in a dropdown
			break;
		case 'taxonomy-lez_sexuality':
			...
			break;
	}
}

    I actually added in the values for gender when I did the sexuality. I renamed the cases from just ‘roleype’ to ‘postmeta-roletype’ and ‘shows’ to ‘cpt-shows’ in order to help remind me what was what. WordPress itself adds in taxonomy- as a prefix for taxonomies, so it was in-keeping with the theme.

    In order to add the new code for roles, I edit my case for postmeta-roletype in lezchars_quick_edit_add and everything will be awesome. I just have to get the data, validate it, sanitize it, update it, and javascript it.

    Here we go!

    Understanding the Data

    In order to know how to save the data, and how to get it, we should understand how we’re creating it in the first place. Like I said before I’m using CMB2. I do this on a post by post basis. This means my code is going to be saved as post meta. I know that for extracting and updating that data I’ll need to know three things: post ID, post meta key, and post meta value.

    I have a global variable $lez_character_roles which allows me to use the same data in my CMB2 array for this data and I’ll be able to reuse this all over the place. The array keys are the slugs (regular, recurring, guest) and the values are the names (Regular/Main Character, etc…).

    I’m already extracting the data for displaying in the custom column. While my custom column code covers both the shows CPT stuff (which is complicated in order to handle multiple shows), I’m only going to concentrate on adding the post meta data for role type. Here’s the code:

    add_action( 'manage_post_type_characters_posts_custom_column' , 'custom_post_type_characters_column', 10, 2 );
function custom_post_type_characters_column( $column, $post_id ) {

	// Snipped the annoying code to get the show title

	switch ( $column ) {
		case 'cpt-shows':
			echo implode(", ", $show_title );
			break;
		case 'postmeta-roletype':
			echo ucfirst(get_post_meta( $post_id, 'lezchars_type', true ));
			break;
	}
}

    As you can see, the line echo ucfirst(get_post_meta( $post_id, 'lezchars_type', true )); is super straightforward. That’s why we’re starting with this. Oh and the reason it’s set to ‘true’ is that a character should only have one role. Admittedly, this gets weird when a character is regular, then leaves and comes back as a guest, but we default to ‘highest role applicable.’

    Of note, this shows the role ‘key’ (‘recurring’ vs ‘Recurring Character’) but that’s okay. If I was to show the full data here, it could make the page very content-heavy. I wanted to avoid that. If, instead, I wanted to show the display name, I’d add a global for $lez_character_roles (see how that array pays off?) and then change the case to do this:

    case 'postmeta-roletype':
	$roleslug = get_post_meta( $post_id, 'lezchars_type', true );
	echo $lez_character_roles[$roleslug];
	break;

    For my use case, the simpler method is enough.

    Making the Dropdown

    We’re going to use the same function we used last time, lezchars_quick_edit_add, and add in a switch for the column name postmeta-roletype with this (omitting other cases for brevity):

    add_action('quick_edit_custom_box',  'lezchars_quick_edit_add', 10, 2);
function lezchars_quick_edit_add($column_name, $post_type) {
	global $lez_character_roles;

	switch ( $column_name ) {
		// CPT: Shows (snipped)

		// Post Meta: Role Type
		case 'postmeta-roletype':
			?>
			<fieldset class="inline-edit-col-left">
			<div class="inline-edit-col">
			<span class="title">Character Role</span>
				<input type="hidden" name="lez_roletype_noncename" id="lez_roletype_noncename" value="" />
				<select name='postmeta_lez_role' id='postmeta_lez_role'>
					<option class='lez_role-option' value='0'>(Undefined)</option>
					<?php
					foreach ($lez_character_roles as $roleslug => $rolename) {
						echo "<option class='lez_role-option' value='{$roleslug}'>{$rolename}</option>\n";
					}
						?>
				</select>
			</div>
			</fieldset>
			<?php
			break;

		// Taxonomy: Gender (snipped)
		// Taxonomy: Sexuality (snipped)
	}
}

    That array for my roles really makes life easier here!

    I will note, in retrospect making the character roles a taxonomy would have made a lot of other things easier when I started making the pages for statistics, but that’s another post.

    Saving the Data

    Again, we’re re-using what we have. Remember the function lezchars_quick_edit_save?

    add_action('save_post', 'lezchars_quick_edit_save');
function lezchars_quick_edit_save($post_id) {
	global $lez_character_roles;

	// Criteria for not saving: Auto-saves, not post_type_characters, can't edit
	if ( ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) || ( 'post_type_characters' != $_POST['post_type'] ) || !current_user_can( 'edit_page', $post_id ) ) {
		return $post_id;
	}

	$post = get_post($post_id);

	// RoleType
	if ( isset($_POST['postmeta_lez_role']) && ($post->post_type != 'revision') ) {
		$lez_roletype = esc_attr($_POST['postmeta_lez_role']);
		if ( array_key_exists( $lez_roletype, $lez_character_roles ) ) {
			update_post_meta( $post_id, 'lezchars_type', $lez_roletype );
		}
	}

	// Sexuality went here

	// Gender went here
}

    Here we’ve added our global for the character roles again, because we want to make sure the role is a legit role before we save it. Like update_option, the update_post_meta function will add the meta field for the post if it does not exist. Makes our life super easy, doesn’t that?

    Javascript Hell Again

    Now the shit I hate. Again, since we can’t pass post data to quick edit natively, we have to use javascript. We use our two functions for that:

    add_action('admin_footer', 'lezchars_quick_edit_js');
function lezchars_quick_edit_js() {
	global $current_screen;
	if ( ($current_screen->id !== 'edit-post_type_characters') || ($current_screen->post_type !== 'post_type_characters') ) return;
	?>
	<script type="text/javascript">
	<!--

	// Sexuality
	function set_inline_lez_quick_edit_defaults( sexualitySet, genderSet, roleSet, nonce ) {

		// revert Quick Edit menu so that it refreshes properly
		inlineEditPost.revert();
		var sexualityInput = document.getElementById('terms_lez_sexuality');
		var genderInput	= document.getElementById('terms_lez_gender');
		var roleInput	= document.getElementById('postmeta_lez_role');
		var nonceInput	 = document.getElementById('lez_sexuality_noncename');
		nonceInput.value   = nonce;

		// Set Sexuality Option
		[snip]

		// Set Gender Option
		[snip]

		// Set Role Option
		for (i = 0; i < roleInput.options.length; i++) {
			if (roleInput.options[i].value == roleSet) {
				roleInput.options[i].setAttribute("selected", "selected");
			} else { roleInput.options[i].removeAttribute("selected"); }
		}

	}

	//-->
	</script>
	<?php
}

    and

    // Calls the JS in the previous function
add_filter('post_row_actions', 'lezchars_quick_edit_link', 10, 2);

function lezchars_quick_edit_link($actions, $post) {
	global $current_screen;
	if (($current_screen->id != 'edit-post_type_characters') || ($current_screen->post_type != 'post_type_characters')) return $actions;

	$nonce = wp_create_nonce( 'lez_sexuality_'.$post->ID);
	$sex_terms = wp_get_post_terms( $post->ID, 'lez_sexuality', array( 'fields' => 'all' ) );
	$gender_terms = wp_get_post_terms( $post->ID, 'lez_gender', array( 'fields' => 'all' ) );
	$role_term = get_post_meta( $post->ID, 'lezchars_type', true );

	$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="';
	$actions['inline hide-if-no-js'] .= esc_attr( __( 'Edit this item inline' ) ) . '" ';
	$actions['inline hide-if-no-js'] .= " onclick=\"set_inline_lez_quick_edit_defaults('{$sex_terms[0]->name}', '{$gender_terms[0]->name}', '{$role_term}', '{$nonce}')\">";
	$actions['inline hide-if-no-js'] .= __( 'Quick&nbsp;Edit' );
	$actions['inline hide-if-no-js'] .= '</a>';
	return $actions;
}

    This works. It’s ugly as hell, but it works. Sadly it’s broken. If you quick edit twice, it shows the first values. I’m sure I’ll figure that out eventually.

  • Customizing Taxonomies as Dropdowns in Quick Edit

    Customizing Taxonomies as Dropdowns in Quick Edit

    When you go to quick edit for a post, you will automatically see your custom taxonomies as editable fields:

    Custom Taxonomies showing in quick edit!

    But there’s a problem … I don’t want these to be text fields nor do I want them to be checkboxes. When it’s just you running a site, there’s less to worry about with regards to these things. You know what you’re adding, and if you typo, you blame yourself. At the same time, WordPress only has two options for these sorts of things: tags (freeform text) and categories (checkboxes).

    Technically they’re settings for hierarchical, where false is text and true is checkboxes, and I’ve hidden the parent field (a topic for another post). But doing that makes them all check boxes, and I want to restrict people to one and only one checkbox. Except I don’t. The UX of having checkboxes vanish is pretty shitty, and it isn’t logical that you would only check one box.

    Let me explain. In this example, which is practical, I have a taxonomy for human sexuality. I chose taxonomies and not post-meta because that would allow me to sort much more easily on data by groups. Simply, I can grab a list of all people who are flagged as ‘pansexual’ with one function and not have to reinvent the wheel.

    That means I can use radio buttons or a dropdown. I feel a dropdown is a better, cleaner, UX, so that’s what I’m going to do. You can use the same logic here, though, so don’t worry.

    After reading ShibaShake’s documentation on adding in quick edit values I winced. Adding it with quick_edit_custom_box is super easy. The problem is that you have to use an incredibly weird amount of javascript to get the post ID and pass data back and forth. As weird and annoying as that was, it actually works. The example, of course, is comparing a CPT, where as I am using a custom taxonomy, so my own code was a little crazier.

    Remove the taxonomy from Quick Edit

    To do this starts out sounding like the stupidest idea ever, but you want to set show_in_quick_edit to false in your taxonomy. That does what it sounds like, removing the item from the quick edit page. Obviously now I have to add it back.

    It’s important to note that if you don’t have any custom columns in your post list view, the rest of this won’t work. I do, and since part two of all this will be about being able to edit those custom columns, I don’t have to worry. If you do, here’s how you add a fake column… Ready? You add and remove the column. I know, I know, WP can be weird:

    add_filter('manage_posts_columns', 'lezchars_add_fake_column', 10, 2);
function lezchars_add_fake_column( $posts_columns, $post_type ) {
    $posts_columns['lez_fakeit'] = 'Fake Column (Invisible)';
    return $posts_columns;
}
add_filter('manage_edit-post_columns', 'lezchars_remove_fake_column');
function remove_dummy_column( $posts_columns ) {
    unset($posts_columns['lez_fakeit']);
    return $posts_columns;
}

    Like I said, I know it’s weird.

    Add the Quick Edit Box

    Since I know I’m going to be building out a few more of these, and one is a cross-relational CPT to CPT drama, I’ve broken mine out into a switch/case basis.

    // Add quick Edit boxes
add_action('quick_edit_custom_box',  'lezchars_quick_edit_add', 10, 2);
function lezchars_quick_edit_add($column_name, $post_type) {
	switch ( $column_name ) {
		case 'shows':
			// Multiselect - CPT where characters may have multiple
			break;
		case 'roletype':
			// Single Select - Custom Taxonomy
			break;
		case 'taxonomy-lez_sexuality':
			?>
			<fieldset class="inline-edit-col-left">
			<div class="inline-edit-col">
			<span class="title">Sexual Orientation</span>
				<input type="hidden" name="lez_sexuality_noncename" id="lez_sexuality_noncename" value="" />
				<?php 
				$terms = get_terms( array( 'taxonomy' => 'lez_sexuality','hide_empty' => false ) );
				?>
				<select name='terms_lez_sexuality' id='terms_lez_sexuality'>
					<option class='lez_sexuality-option' value='0'>(Undefined)</option>
					<?php
					foreach ($terms as $term) {
						echo "<option class='lez_sexuality-option' value='{$term->name}'>{$term->name}</option>\n";
					}
						?>
				</select>
			</div>
			</fieldset>
			<?php
		break;
	}
}

    This is all pretty basic stuff. I’m simply making a form for a drop-down based on the contents of my taxonomy. If you want to make it radio buttons, do that.

    Saving The Changes

    Now we’re getting a little weirder. We need to save our changes, but only if it’s not an auto-save, and if it’s the correct post type (post_type_characters for this page), and if the user can edit the page:

    add_action('save_post', 'lezchars_quick_edit_save');
function lezchars_quick_edit_save($post_id) {
    // Criteria for not saving: Auto-saves, not post_type_characters, can't edit
    if ( ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) || ( 'post_type_characters' != $_POST['post_type'] ) || !current_user_can( 'edit_page', $post_id ) ) {
		return $post_id;
	}

	$post = get_post($post_id);

	// Lez Sexuality
	if ( isset($_POST['terms_lez_sexuality']) && ($post->post_type != 'revision') ) {
		$lez_sexuality_term = esc_attr($_POST['terms_lez_sexuality']);
		$term = term_exists( $lez_sexuality_term, 'lez_sexuality');
		if ( $term !== 0 && $term !== null) {
			wp_set_object_terms( $post_id, $lez_sexuality_term, 'lez_sexuality' );
		}
	}
}

    The two checks going on here are first to be sure it’s the right POST action to save on, and then to only update if the term already exists. If you wanted to append terms instead of replace, you could add a ‘true’ param to wp_set_object_terms, however I want only set one sexuality per person in this case.

    At this point, the code actually works!

    The new dropdown

    Changing the current selection for the dropdown

    There’s one problem though. If you’re working along with me this far, you’ll have noticed that the default selection is always ‘(Undefined)’ and that’s not what we want. The extension of this problem is we have to use bloody javascript to edit it. Damn it.

    // Javascript to change 'defaults'
add_action('admin_footer', 'lezchars_quick_edit_js');
function lezchars_quick_edit_js() {
	global $current_screen;
	if ( ($current_screen->id !== 'edit-post_type_characters') || ($current_screen->post_type !== 'post_type_characters') ) return;
	?>
	<script type="text/javascript">
	<!--
	function set_inline_lez_sexuality( widgetSet, nonce ) {
		// revert Quick Edit menu so that it refreshes properly
		inlineEditPost.revert();
		var widgetInput = document.getElementById('terms_lez_sexuality');
		var nonceInput = document.getElementById('lez_sexuality_noncename');
		nonceInput.value = nonce;

		// check option manually
		for (i = 0; i < widgetInput.options.length; i++) {
			if (widgetInput.options[i].value == widgetSet) {
				widgetInput.options[i].setAttribute("selected", "selected");
			} else { widgetInput.options[i].removeAttribute("selected"); }
		}
	}
	//-->
	</script>
	<?php
}

// Calls the JS in the previous function
add_filter('post_row_actions', 'lezchars_quick_edit_link', 10, 2);

function lezchars_quick_edit_link($actions, $post) {
	global $current_screen;
	if (($current_screen->id != 'edit-post_type_characters') || ($current_screen->post_type != 'post_type_characters')) return $actions;

	$lez_nonce = wp_create_nonce( 'lez_sexuality_'.$post->ID);
	$lez_sex   = wp_get_post_terms( $post->ID, 'lez_sexuality', array( 'fields' => 'all' ) );

	$actions['inline hide-if-no-js'] = '<a href="#" class="editinline" title="';
	$actions['inline hide-if-no-js'] .= esc_attr( __( 'Edit this item inline' ) ) . '" ';
	$actions['inline hide-if-no-js'] .= " onclick=\"set_inline_lez_sexuality('{$lez_sex[0]->name}', '{$lez_nonce}')\">";
	$actions['inline hide-if-no-js'] .= __( 'Quick&nbsp;Edit' );
	$actions['inline hide-if-no-js'] .= '</a>';
	return $actions;
}

    Please don’t ask me to explain that. And yes, I know we should be using Unobtrusive Javascript and hooking into the DOM instead, but I don’t yet know how to do that.

    I do know that if I wanted to add in multiple checks, one way is to duplicate the function set_inline_lez_sexuality( widgetSet, nonce ) and rename it to set_inline_lez_gender and then extend the actions like this:

    $actions['inline hide-if-no-js'] .= " onclick=\"set_inline_lez_sexuality('{$sex_terms[0]->name}', '{$sex_nonce}');set_inline_lez_gender('{$gender_terms[0]->name}', '{$gender_nonce}')\">";

    There are more combinations and concatenations one can do here. Knock yourself out. It’s enough javascript for me today!

  • Not Mailbag: Where Contact Forms Fail

    Not Mailbag: Where Contact Forms Fail

    My friend Andy, reading last Friday’s post, remarked no one should have to put up with crap like that. He’s right, and I mentioned that most contact forms don’t allow you to filter via your WordPress blacklists or comment moderation settings.

    Surprised?

    You should be.

    Back in March 2014, I raised this with Jetpack, saying that the Feedback ignores Blacklists.

    You have a moderation list and a blacklist.

    You have a user you want to block from commenting forever. You add them to the blacklist. Surprise! They can still use the feedback form!

    This should behave just like the blacklist on comments: It blackholes them. Done and gone. After all, you didn’t want them around.

    Logically I can see why it doesn’t use the comment checks. If you have a check to only let users who have an approved comment, leave more comments freely, this would be a problem. There’s no ‘pending’ value for feedback.

    And the first reply … Well it made me mad back then. I say this as someone who is good friends with the fellow who commented, but back in 2014, I wanted to smack the back of his head.

    This would be super easy to get around, just changed the alleged from email address. Besides, blacklist tends to be things that shouldn’t be displayed publicly automatically, allowing contacts would let them appeal the blacklist.

    I could see grounds for adding a filter to have grunion follow the commenting blacklist though. Less sold on an admin option.

    Now go back and read last week’s post. I have not blacklisted the rather vile word used in that comment because I have a friend who is dyslexic and often says ‘cuntry’ instead of ‘country.’ It’s an honest mistake on her part. We added in an autocorrect to her phone and tablet. But blocking short words is hard. Still. The IP address? You bet that hit my blacklist.

    If I still had a comment form, that moron could still harass me.

    As I replied to George:

    Sure, and it’s just as easy to get around the current blacklists in WP. The point is, though, if you’ve put someone’s email on your comment blacklist, the assumption can be made that you have a good reason. You DON’T want this person commenting on your site, so why are you making it easy for them to harass you? And yeah, I used ‘harass’ intentionally.

    Certainly I can and do block their emails on the server, but I still have to go in and clean out the messages in feedback once and a while, and I for one get a lot of pretty vile garbage from people. So having one less place to have to read their BS would be beneficial.

    It’s always been relatively easy to work around if you’re a dedicated troll, but if the blacklist just blackholed their contact messages, it does a lot for your mental health.

    Because he’s right that a dedicated asshole will work around the blacklists. They do it today. Still, I feel there’s no reason to make it easier for them. And while I can block from a server level, not everyone has my skills. And for those people, should we not introduce Akismet level scans on feedback forms?

    You see, the reason I was mad at George back then is his argument felt like he was saying “since it can be worked around, this is a bad idea.”

    That is absolutely not what he meant.

    Even if I didn’t know George well, I have simple proof he didn’t think this was a stupid idea, he thought it was an idea that begat caution. What proof? He didn’t close the issue. In fact, he gave it a milestone to review.

    Now, sadly, it’s been two years with no traction. Every so often someone bumps the milestone, which means it’s among the 600+ tickets that need attention. But it lingers. It’s not a priority.

    Jetpack and Akismet are both owned by the same company. If you have the Akismet plugin installed and activated, and have an active subscription, every form submission will be checked for spam.

    They need to take it to the next level. So do all forms plugins. From what I can tell, Ninja Forms has a field simple spam prevention but no blacklists. Gravity Forms has an old, not-updated, 3rd party plugin for a Gravity Forms Email Blacklist.

    In fact … the only contact form plugin I could find that actually uses WordPress’ built in blacklist would be Takayuki-san’s Contact Form 7.

    Let us protect ourselves from abuse.