[wp-trac] [WordPress Trac] #34983: shortcodes not working in input fields
WordPress Trac
noreply at wordpress.org
Thu Dec 10 16:59:11 UTC 2015
#34983: shortcodes not working in input fields
--------------------------+-----------------------------
Reporter: mikelopez | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Shortcodes | Version: 4.4
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
So here's the gist of it...
Won't work:
`<input type="text" value="[shortcode]">`
Works:
`<input type="text" value=[shortcode]>`
At first I thought it's because the shortcode is enclosed in quotes but
apparently that's not the case as the both the following work just fine.
`<a href="[shortcode]">`
`<a href=[shortcode]>`
Narrowed down the issue to `do_shortcodes_in_html_tags()` where I found
this:
{{{
if ( ( false === $single || $open < $single ) && ( false === $double ||
$open < $double ) ) {
// $attr like '[shortcode]' or 'name = [shortcode]' implies
unfiltered_html.
// In this specific situation we assume KSES did not run because
the input
// was written by an administrator, so we should avoid changing
the output
// and we do not need to run KSES here.
$attr = preg_replace_callback( "/$pattern/s", 'do_shortcode_tag',
$attr );
}}}
What bothers me is the part where it says "assumes KSES did not run
because the input was written by an administrator".
Why not really check if an admin did write the input, at least for posts?
Attached is a patch that I did which possibly needs improvement from the
WP gods :)
Thanks.
Mike
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34983>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list