Support

Account

Home Forums ACF PRO Message field stripping out input tags

Solved

Message field stripping out input tags

  • I have enabled the message field to display shortcodes with the following code:

    add_filter('acf/load_field/type=message', 'acf_load_field_message', 10, 3);
    // Allow shortcodes in messages
    	function acf_load_field_message($field)
    	{
    		$screen = get_current_screen();
    		if ($screen->post_type !== "acf-field-group") {
                $field['message'] = do_shortcode($field['message']);
    		}
    		return $field;
    	}

    However in my shortcode, I need to render some <input> tags, but they are being removed from the code displayed in the message field.

    I was using an older version of ACF and this wasn’t happening. It started only after I updated to the most recent version.

    I believe ACF may be doing this for safety reasons, but can I disabled it somehow?

    Thanks!

  • Hi John!

    Thanks for the response!

    I’m still facing the same issue even after replacing it with the prepare_field filter.

    It’s just the <input> that’s being removed from the code. The other tags are working fine.

    I have tried debugging the value of $field[‘message’] after “do_shortcode” with multiple different priorities and it always has the <input>, so it must be being filtered out after these actions are called.

    Another relevant information is that if I enable the “Escape HTML” option, the code is printed correctly, including the <input>.

  • I think it is related to this update from Aug 25th:

    * Enhancement – Improved security by running all user-generated content through wp_kses() by default

    It started working after I replaced the line 75 of class-acf-field-message.php from:

    echo acf_esc_html( $m );

    to

    echo $m;

    Is there a way to avoid this function from running on the message field?
    Thanks!

  • Ok, problem solved!

    Here is the code I had to add to make it work:

    function custom_wpkses_post_tags( $tags, $context ) {
    	
        if ( 'acf' === $context ) {
    		$tags['input'] = array(
    			'type' => true,
    			'disabled' => true,
    			'checked' => true,
    			'style' => true,
    			'name' => true,
    			'value' => true,
    		);
    	}
    
    	return $tags;
    }
    
    add_filter( 'wp_kses_allowed_html', 'custom_wpkses_post_tags', 10, 2 );
  • Please contact the developers here https://www.advancedcustomfields.com/contact/

    I don’t know how to turn this off but I’m sure you are not the only one having this issue so please let us know what you find out.

    Meanwhile I will continue to look to see if this can be selectively disabled.

  • Your additions don’t easily solve my problem. I have dozens of sites I maintain. I use CPTs to allow users to create content shown using shortcodes. I use message fields to output input tags containing the shortcode so they can easily copy it.

  • Oh bummer.

    Yeah, that would be hard to replicate across all of the websites.

    I will open a ticket to see if they can revert this or give us a way to get around this more easily on a next update.

  • @hube2 Do you know if there’s been any progress on this? I use Message fields as a type of container for my own custom output, but it’s stripping out the HTML tags. Or is there a filter besides prepare_field I should be using? I’d rather not have to modify wp_kses_allowed_html.

  • You have to add a filter to allow the fields as shown above.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.