[wp-trac] [WordPress Trac] #33116: do_shortcode('<[shortcode]') doesn't work
WordPress Trac
noreply at wordpress.org
Mon Jul 27 19:23:09 UTC 2015
#33116: do_shortcode('<[shortcode]') doesn't work
--------------------------+--------------------
Reporter: Kleor | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.2.4
Component: Shortcodes | Version: 4.2.3
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
--------------------------+--------------------
Comment (by knutsp):
Replying to [comment:4 markjaquith]:
> Should we support running shortcodes in non-HTML contexts like this?
I would prefer to call it non-web content/context, as emails and other
contexts may be HTML, too.
Is it a real opportunity not to without deprecating `do_shortcode()`?
Anyway, is shortcodes become very limited, plugin developers will have to
revert to their own templating system, or clone the shortcode functions
and removing the strict limitations. This may not enhance safety, if that
is the concern here.
I would like Core to offer a safe, standardized and flexible way of
substituting certain patterns in all kinds of content, but with clearly
documented (and stable) limitations. This is where shortcodes come in as
very handy, and hopefully trustworthy.
It seems the use case in this ticket demonstrates that allowing a < in
front of the shortcode should be allowed. I don't know, or understand, the
nature of the vulnerability with the shortcode API i 4.2.3, but I hope the
above patch doesn't reintroduce something dangerous.
Another concern may be maintainability. I think that when the shortcode
API was introduced in such a general way, very liberal, too liberal maybe,
Core has no choice without steering up a lot of noise and then desperate
workarounds.
The shortcode API is just too useful, and too much used now, to put strict
constrains on, if not absolutely necessary.
If I don't know what I'm talking about, please ignore.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33116#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list