[wp-trac] [WordPress Trac] #58366: Shortcode Support Regained but Content Filters are messing with Shortcode HTML

WordPress Trac noreply at wordpress.org
Wed Oct 11 03:02:53 UTC 2023 

#58366: Shortcode Support Regained but Content Filters are messing with Shortcode
HTML
-------------------------------------------------+-------------------------
 Reporter:  domainsupport                        |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  new
 Priority:  normal                               |   Milestone:  6.5
Component:  Shortcodes                           |     Version:  6.2.2
 Severity:  normal                               |  Resolution:
 Keywords:  needs-testing has-testing-info       |     Focuses:
  needs-unit-tests has-patch                     |
-------------------------------------------------+-------------------------
Changes (by peterwilsoncc):

 * milestone:  6.4 => 6.5


Comment:

 Replying to [comment:61 ryno267]:
 > @nicolefurlan I object! ;)  It feels like an important issue with a
 working hack but I understand dev cycles and making releases. I just
 really hope it doesn't miss 6.5...

 At the moment [attachment:"58366-poc.diff"] is available as a proof of
 concept but needs further testing to validate it fixes the issue with line
 breaks disappearing.

 If it proves successful, I'll work on a pull request to get the code in a
 form that is ready for commit (the POC is really, really hacky).

 As getting this right has proven difficult, I agree with @nicolefurlan
 that getting this in to the 6.4 cycle is best avoided with the release
 candidate due next week.

 It would be helpful to get some testing of the POC, these are some of the
 things that need to be tested:

 * short codes are not executed in user submitted content (comments and
 other form data)
 * that it resolves the issue with line-breaks being stripped from
 shortcodes in block themes
 * paragraph and line break tags are not added inappropriately around the
 shortcode
 * content is not stripped for users without the `unfiltered_html`
 capability

 I really would like to get this fix in but getting the POC validated,
 converting it to a suitable patch and writing up unit tests within the
 week is not possible.

 If a few folks could test [attachment:"58366-poc.diff"] and see if it
 solves the problems without reintroducing the security issues that would
 be most helpful.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58366#comment:62>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list