[wp-trac] [WordPress Trac] #19927: Improve support escaping a shortcode tag

WordPress Trac noreply at wordpress.org
Tue Dec 17 01:24:18 UTC 2013 

#19927: Improve support escaping a shortcode tag
-------------------------------------+------------------------------
 Reporter:  bobbingwide              |       Owner:
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Shortcodes               |     Version:  3.3.1
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |
-------------------------------------+------------------------------
Description changed by SergeyBiryukov:

Old description:

> In do_shortcode_tag there is some code that allows a shortcode to be
> escaped. It is commented with
> // allow [[foo]] syntax for escaping a tag
> This code is fine if do_shortcode() is only invoked once on a particular
> chunk of data.
>
> But if the code is run more than once then the 'escaped' shortcode once
> again gets selected for processing and the shortcode is expanded.
> e.g. [ [ caption ] ] will be 'escaped' to [ caption ] which then gets
> processed.
>
> Although this multiple invocation does not normally happen in vanilla
> WordPress, it is very easy to cause it to occur.
>
> In my case I noticed the problem since I had added the filter for
> 'the_content' with a different priority from the WordPress default.
> e.g. add_filter( 'the_content', 'do_shortcode'); I'd missed the '11'.
>
> Having removed that offending line of code I then discovered that
> Artisteer generated themes call get_the_excerpt() as well as
> the_excerpt() AND I'd added do_shortcode for both these filters.
>
> The fix is simple. Instead of simply removing the outer square brackets,
> ensure that the first left square bracket is the escaped character [

New description:

 In do_shortcode_tag() there is some code that allows a shortcode to be
 escaped. It is commented with
 `// allow [[foo]] syntax for escaping a tag`
 This code is fine if do_shortcode() is only invoked once on a particular
 chunk of data.

 But if the code is run more than once then the 'escaped' shortcode once
 again gets selected for processing and the shortcode is expanded.
 e.g. `[ [ caption ] ]` will be 'escaped' to `[ caption ]` which then gets
 processed.

 Although this multiple invocation does not normally happen in vanilla
 WordPress, it is very easy to cause it to occur.

 In my case I noticed the problem since I had added the filter for
 'the_content' with a different priority from the WordPress default.
 e.g. `add_filter( 'the_content', 'do_shortcode');` I'd missed the '11'.

 Having removed that offending line of code I then discovered that
 Artisteer generated themes call get_the_excerpt() as well as the_excerpt()
 AND I'd added do_shortcode for both these filters.

 The fix is simple. Instead of simply removing the outer square brackets,
 ensure that the first left square bracket is the escaped character [

--

--
Ticket URL: <http://core.trac.wordpress.org/ticket/19927#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list