Support

Account

Home Forums Bug Reports ACF_Form() Security Issues Reply To: ACF_Form() Security Issues

  • I can tell you how I worked around this issue.

    The docs for acf_form have you add a function called acf_form_head() right before the get_header() function on pages where you want to use acf_form().

    Instead of adding that function, I added my own variant of acf_form_head(). In my variant, it doesn’t use that base_64 encoded string to figure out the settings. Instead I have a hard-coded array with the setting that I want to enforce with this form.

    Here is some example code that might get you started:

    https://gist.github.com/mattkeys/ad9c068fd8176d3dd7b78808828911a1

    I hope this helps you in the meantime while this hopefully gets resolved more officially in a future ACF update.