Adds theme support to customize the output of the widget

[ste93cry]

Hello, first of all thank you for the fantastic widget you created. It would be useful to have the ability to override totally the HTML markup generated by the widget. Many plugins usually offers a way to override their templates in the theme directory. Is this something planned for the next version, or can it be done?

[cabrerahector]

Hi there!

It would be useful to have the ability to override totally the HTML markup generated by the widget

This is already possible :) Check this FAQ for more.

[ste93cry]

I saw that the HTML can be customized thought the backend panel, however a template gives more flexibility so my issue is about adding the template support.

[cabrerahector]

I saw that the HTML can be customized thought the backend panel

Not only through the backend panel, but also via WordPress filter hooks.

however a template gives more flexibility

I'm not sure I'm following here. Could you please provide an example?

[ste93cry]

Not only through the backend panel, but also via WordPress filter hooks.

This is nice, but I still think a templating is thew way to go because there is a clear separation of roles (logic and templating). Obviously I wouldn't remove the filters, but I would run them after the content has been outputted from a template file).

I'm not sure I'm following here. Could you please provide an example?

I didn't see the filter hook, so I could do the same thing with them. However, a template means that I can reuse it, it's in the theme directory so it's easier to handle and I don't have to care about adding a filter because the plugin automatically should load it or fallback to the template in the plugin's directory.

I know this is out of scope for this issue, but I would suggest also to remove the plugin version from the HTML comments for security purposes.

[cabrerahector]

Since you mentioned other plugins use templates, a link could help. I'd like to avoid reinventing the wheel if there's already a "standard" way to do it.

I know this is out of scope for this issue, but I would suggest also to remove the plugin version from the HTML comments for security purposes.

I use them for debugging, actually. It helps speed the support process when people report issues with WPP. Honestly, I don't see how HTML comments can pose a security threat but I might be wrong. If you could elaborate on that I might think about it.

[ste93cry]

Since you mentioned other plugins use templates, a link could help. I'd like to avoid reinventing the wheel if there's already a "standard" way to do it.

I don't think there is a standard way that every plugin uses, but the common practice I see in many plugins is to check if a template exists in the theme directory and include. As a fallback, they use default template stored in the plugin directory. Examples of how this work is WordPress itself (the search form that can be overriden by creating a template with a specific name in the theme directory), WooCommerce (templates are stored in the plugin directory, but copying them to your own theme directory overrides the defaults one) and I also like how Flexible Posts Widgets works, by giving the developer the ability to not only overwrite the two default templates, but also adds new one. This means that the user is able to assign a custom template for each widget instance.

I don't see how HTML comments can pose a security threat but I might be wrong. If you could elaborate on that I might think about it.

Honestly I'm not a security expert, and for sure there are many other ways to get the version of a WordPress plugin, but just opening the HTML markup of the page and seeing that the site is using a specific version in my opinion is really bad for security because it gives the attacker the ability to just search if there is any known vulnerability for that version. For example, many websites removes the WordPress version from the metatags and it's a best practice to hide Apache/PHP version from the response headers. As I understand that it could be useful to have them under debug, maybe you could print the comments only if the WP_DEBUG constant is defined

[nimmolo]

Hi - thanks for the plugin!! I came here looking for how to modify the HTML output template, so after reading this thread i will use the filters.

I can give another example of a post-listing plugin that uses templates for HTML output. I don't know much about securit, I just know it's easier to write templates than filters (but probably not easier to write the plugin!!!) :P

YARPP "yet another related posts plugin" uses the template structure too. It looks for them in the theme folder.

Hope this helps. YARPP is pretty huge but maybe the basic structure will be apparent.

[Jany-M]

I would like to add, that the example on the WPP Filters Page, for the filter wpp_custom_html, doesnt actually work.
Could you please update with a working one?

However, I find the separate template solution - like YARPP, much better.
Thank you!

[cabrerahector]

Hi @Jany-M!

I would like to add, that the example on the WPP Filters Page, for the filter wpp_custom_html, doesnt actually work.
Could you please update with a working one?

Just copied & pasted the example code into my theme's functions.php file as is and it works fine for me. What happens on your side?

[Jany-M]

Oh weird, I got a blank page... I pasted exactly the same code, so I'm not sure what was wrong then.
I am now using the other filter, which was even better for what I needed to do :)

[cabrerahector]

Idea from @FlyJam at wordpress.org (link): have the plugin detect the presence of custom templates and allow the user pick the one they wish to use with the widget via a dropdown.