Support

Account

Home Forums ACF PRO Message field stripping out input tags

Solved

Message field stripping out input tags

  • I have enabled the message field to display shortcodes with the following code:

    add_filter('acf/load_field/type=message', 'acf_load_field_message', 10, 3);
    // Allow shortcodes in messages
    	function acf_load_field_message($field)
    	{
    		$screen = get_current_screen();
    		if ($screen->post_type !== "acf-field-group") {
                $field['message'] = do_shortcode($field['message']);
    		}
    		return $field;
    	}

    However in my shortcode, I need to render some <input> tags, but they are being removed from the code displayed in the message field.

    I was using an older version of ACF and this wasn’t happening. It started only after I updated to the most recent version.

    I believe ACF may be doing this for safety reasons, but can I disabled it somehow?

    Thanks!

  • Hi John!

    Thanks for the response!

    I’m still facing the same issue even after replacing it with the prepare_field filter.

    It’s just the <input> that’s being removed from the code. The other tags are working fine.

    I have tried debugging the value of $field[‘message’] after “do_shortcode” with multiple different priorities and it always has the <input>, so it must be being filtered out after these actions are called.

    Another relevant information is that if I enable the “Escape HTML” option, the code is printed correctly, including the <input>.

  • I think it is related to this update from Aug 25th:

    * Enhancement – Improved security by running all user-generated content through wp_kses() by default

    It started working after I replaced the line 75 of class-acf-field-message.php from:

    echo acf_esc_html( $m );

    to

    echo $m;

    Is there a way to avoid this function from running on the message field?
    Thanks!

  • Ok, problem solved!

    Here is the code I had to add to make it work:

    function custom_wpkses_post_tags( $tags, $context ) {
    	
        if ( 'acf' === $context ) {
    		$tags['input'] = array(
    			'type' => true,
    			'disabled' => true,
    			'checked' => true,
    			'style' => true,
    			'name' => true,
    			'value' => true,
    		);
    	}
    
    	return $tags;
    }
    
    add_filter( 'wp_kses_allowed_html', 'custom_wpkses_post_tags', 10, 2 );
  • Please contact the developers here https://www.advancedcustomfields.com/contact/

    I don’t know how to turn this off but I’m sure you are not the only one having this issue so please let us know what you find out.

    Meanwhile I will continue to look to see if this can be selectively disabled.

  • Your additions don’t easily solve my problem. I have dozens of sites I maintain. I use CPTs to allow users to create content shown using shortcodes. I use message fields to output input tags containing the shortcode so they can easily copy it.

  • Oh bummer.

    Yeah, that would be hard to replicate across all of the websites.

    I will open a ticket to see if they can revert this or give us a way to get around this more easily on a next update.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.

We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Cookie Policy. If you continue to use this site, you consent to our use of cookies.