Skip to content
Home » Documentation » Contact Form 7 – Dynamic Text Extension » Filter: Modify Built-in Shortcode Responses

Filter: Modify Built-in Shortcode Responses

Contact Form 7 – Dynamic Text Extension (DTX) comes with built-in shortcodes to allow users to quickly configure dynamic form fields with prefilled data from various sources.

Advanced users may want to extend this functionality by modifying or formatting the value that is retrieved, so we introduced the wpcf7dtx_shortcode filter. The filter sends four (4) parameters:

  1. $value (string—the sanitized & escaped value that is being outputted by DTX, possibly obfuscated depending on settings)
  2. $raw_value (mixed—the raw value retrieved by the built-in shortcode, or the default value depending on settings)
  3. $tag (string—shortcode tag that was used, without the CF7_ prefix)
  4. $atts (array—associative array of the entire shortcode’s attributes, combined and filtered with user input)

Example of Custom Modifications

/**
 * Custom DTX Shortcode Modification
 *
 * @param string $value The sanitized & escaped value that is being outputted by DTX, possibly obfuscated depending on settings.
 * @param mixed $raw_value The raw value retrieved by the built-in shortcode, or the default value depending on settings.
 * @param string $tag Shortcode tag that was used, without the "CF7_" prefix
 * @param array $atts Associative array of the entire shortcode's attributes, combined and filtered with user input.
 *
 * @return string the modified value
 */
function custom_dtx_shortcode($value, $raw_value, $tag, $atts)
{
    // Do something cool to $value
    return $value;
}
add_filter('wpcf7dtx_shortcode', 'custom_dtx_shortcode', 10, 4);

Security Concerns

To keep your website safe, we highly recommend returning an escaped value. Escaping output is the process of securing output data by stripping out unwanted data, like malformed HTML or script tags. This process helps secure your data prior to rendering it for the end user. Learn more about the escaping functions provided by WordPress.

Alternatively, you can run your custom value through DTX’s escaping filter as you return it like this:

return apply_filters('wpcf7dtx_escape', $value);

You can pass up to four (4) parameters to the DTX escaping filter to modify how escaping is performed, including whether or not to obfuscate the value, which escaping method to use, and what protocols you want to allow for URL escaping.

Additional escaping examples with DTX

If $value is a multi-line text you’re using to prefill a textarea element and you do not want it obfuscated:

return apply_filters('wpcf7dtx_escape', $value, false, 'textarea');

If $value is a URL like https://example.com and you want it obfuscated:

return apply_filters('wpcf7dtx_escape', $value, true, 'url');

If $value is a URL but you also want to allow specific protocols like mailto, tel, and sms (see documentation on allowed protocols), while also obfuscating it.

return apply_filters('wpcf7dtx_escape', $value, true, 'url', array('http', 'https', 'mailto', 'tel', 'sms'));

Maintain the obfuscating setting from the shortcode’s attributes (it is passed in the $atts array keyed as obfuscate) and automatically detect URL vs text by omitting the third parameter:

return apply_filters('wpcf7dtx_escape', $value, $atts['obfuscate']);

View Source Code

View the current source code. This feature was introduced in version 4.3.0 of the Contact Form 7 – Dynamic Text Extension WordPress plugin.

Related Post Module Attributes Before

array(29) {
  ["post_type"]=>
  string(4) "post"
  ["post_id"]=>
  string(1) "0"
  ["exclude"]=>
  string(1) "0"
  ["title"]=>
  string(32) "Related Articles & Tutorials"
  ["description"]=>
  string(0) ""
  ["max"]=>
  string(1) "3"
  ["post_ids"]=>
  string(0) ""
  ["exclude_ids"]=>
  string(0) ""
  ["is_series"]=>
  string(0) ""
  ["featured_term"]=>
  string(3) "307"
  ["exclude_terms"]=>
  string(0) ""
  ["exclusive"]=>
  string(1) "1"
  ["order"]=>
  string(4) "DESC"
  ["show_image"]=>
  string(2) "on"
  ["image_size"]=>
  string(6) "medium"
  ["menu_order_label"]=>
  string(0) ""
  ["show_order_label"]=>
  string(2) "on"
  ["show_date"]=>
  string(2) "on"
  ["show_meta_keys"]=>
  string(2) "on"
  ["show_modified"]=>
  string(0) ""
  ["show_author"]=>
  string(0) ""
  ["show_categories"]=>
  string(0) ""
  ["show_primary_category"]=>
  string(0) ""
  ["show_description"]=>
  string(0) ""
  ["show_reading_time"]=>
  string(2) "on"
  ["show_cta"]=>
  string(2) "on"
  ["cta"]=>
  string(9) "Read more"
  ["autoplay"]=>
  string(0) ""
  ["allow_sticky"]=>
  string(0) ""
}

Related Post Module Attributes

array(29) {
  ["post_type"]=>
  string(4) "post"
  ["post_id"]=>
  string(1) "0"
  ["exclude"]=>
  string(1) "0"
  ["title"]=>
  string(32) "Related Articles & Tutorials"
  ["description"]=>
  string(0) ""
  ["max"]=>
  string(1) "3"
  ["post_ids"]=>
  string(0) ""
  ["exclude_ids"]=>
  string(0) ""
  ["is_series"]=>
  string(0) ""
  ["featured_term"]=>
  string(3) "307"
  ["exclude_terms"]=>
  string(0) ""
  ["exclusive"]=>
  string(1) "1"
  ["order"]=>
  string(4) "DESC"
  ["show_image"]=>
  string(2) "on"
  ["image_size"]=>
  string(6) "medium"
  ["menu_order_label"]=>
  string(0) ""
  ["show_order_label"]=>
  string(2) "on"
  ["show_date"]=>
  string(2) "on"
  ["show_meta_keys"]=>
  string(2) "on"
  ["show_modified"]=>
  string(0) ""
  ["show_author"]=>
  string(0) ""
  ["show_categories"]=>
  string(0) ""
  ["show_primary_category"]=>
  string(0) ""
  ["show_description"]=>
  string(0) ""
  ["show_reading_time"]=>
  string(2) "on"
  ["show_cta"]=>
  string(2) "on"
  ["cta"]=>
  string(9) "Read more"
  ["autoplay"]=>
  string(0) ""
  ["allow_sticky"]=>
  string(0) ""
}