Missing field with last update

  • Resolved Theo

    (@dubeux)


    1 year, 2 months ago

    Some of my acf fields were escaped by the last update, as explained here. Although I do realize acf is developed for not-so-newbie users, many of us are not devs. The instructions they’ve written seem detailed, but I do think they could do something a bit easier for the many users who, for example, have no other registered users at all (since that is where the vulnerability may come from).

    For instance, I’m using a WYSIWYG field type – and that’s an affected one, by this update. You can disable this specific field (but they DO NOT RECOMMEND DOING IT) adding this code to your functions.php:

    add_filter( ‘acf/shortcode/allow_unsafe_html’, function ( $allowed, $atts ) { if ( $atts[‘field’] === ‘your-field’ ) { return true; } return $allowed; },10,2);

    (replace “your-field” with your affected field’s name)

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • A total of 120 of my client websites where affected by this latest release (Spotify iframe player not working as a result).

    For me, it came without a warning.

    I downgraded ACF to version 6.2.3 until I can find a solution. But like you, I am a designer and not a coder, so much of the security page warning hasn’t helped me a bit.

    I will try your filter, thanks for posting.

    Plugin Support ACF Support

    (@acfsupport)

    Hi @dubeux and @avviano

    ACF Support Team here. This forum is generally used by ACF users to help each other out. 

    However, we would love to continue investigating and troubleshooting this issue, please can you create a ticket using our ?support form and we can look into it further.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Missing field with last update’ is closed to new replies.