[wp-trac] [WordPress Trac] #58333: WordPress 6.2.1 Shortcodes some shortcode no longer works!
WordPress Trac
noreply at wordpress.org
Thu May 18 07:09:25 UTC 2023
#58333: WordPress 6.2.1 Shortcodes some shortcode no longer works!
--------------------------+-----------------------
Reporter: jorcus | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 6.2.2
Component: Shortcodes | Version: 6.2.1
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+-----------------------
Comment (by miyarakira):
>> Since shortcode blocks still work in template parts, an easier work
around is to..
> How confident are you that support for shortcodes in template parts
won’t also be rescinded?
I'm wondering about this also.
This security fix removed `do_shortcode` from the function
`get_the_block_template_html` in the file `wp-includes/block-
template.php`.
It seems the same security vulnerability would exist in the block `core
/post-content` which applies `the_content` filter, including
`do_shortcode`.
https://github.com/WordPress/wordpress-
develop/blob/d5792c7a8861330d53adc05dacfdfdccb822b1d4/src/wp-
includes/blocks/post-content.php#L54
A while ago I was made aware of these places where `do_shortcode`
processes the entire page HTML, because it was breaking certain HTML
attributes which contained `[]` square brackets. I had to implement a
workaround to prevent it from doing so. But now in WP 6.2.1, one of those
places no longer runs `do_shortcode`, which broke the workaround - and I
had to release a quick fix for it.
It'd be great to be informed of these breaking changes in advance:
- Will the breaking change in 6.2.1 be reverted in 6.2.2 to run
`do_shortcode` again?
- If not, will the `core/post-content` block continue to run
`do_shortcode`, or will it be removed also?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58333#comment:53>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list