Field description is being HTML escaped on save

This topic contains 7 replies, has 4 voices, and was last updated by  Andy 2 years ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • #517313

    Andy
    Full Member
    Post count: 46

    c.f. https://wpgeodirectory.com/support/topic/include-a-link-in-the-field-description/

    An update made it possible to add HTML to the field description.

    However it looks like something has changed so that HTML entered in the field description is escaped when saved to the database. So when the description is shown on the edit page, the HTML markup is all visible rather than being actual HTML.

    Screenshots attached showing the difference between a field where the front end description was set a while back and a field where it was set today.

    #517316

    Kor
    Moderator
    Post count: 16516

    Hi Andy,

    Thanks for your post. We would need to inspect this further on your end. Kindly share your Website WP admin access here in private reply and we’ll check this out for you asap!

    #517319

    Andy
    Full Member
    Post count: 46

    Hi Kor,

    So are you saying you can’t reproduce this? It doesn’t get HTML escaped for you?

    Steps to reproduce:

    1. In the Custom Fields for a GD post type, enter a Field Description containing HTML e.g.

    See our <a href="/vendor-faq/" target="_blank">Vendor FAQ</a> for more information.

    2. View the add listing form on the front end.

    Expected outcome:

    The field description contains an HTML link

    Actual outcome:

    The field description contains escaped HTML on the page.

    Also shown in the screenshots above.

    #517329

    Kor
    Moderator
    Post count: 16516

    Hi Andy,

    Thanks for your reply. I’m asking your credentials so that I could forward this to a developer to check this out for you. Could you provide this in a private reply?

    #517330

    Andy
    Full Member
    Post count: 46

    I think that asking for credentials should be a last resort if you are unable to reproduce a problem in a test environment of your own, not a first resort.

    #517346

    Alex Rollin
    Moderator
    Post count: 27815

    Thanks Andy, we are looking into it.

    #517910

    Naveen Giri
    Moderator
    Post count: 1559

    Hi Andy,

    you can replace the line code
    https://github.com/AyeCode/geodirectory/blob/master/includes/admin/settings/class-geodir-settings-cpt-cf.php#L1552

    with following

    
    
    
    $field->frontend_desc = isset( $input['frontend_desc'] ) ? stripslashes( wp_kses_post( $input['frontend_desc'] ) ) : '';
    

    we have to do an adjustment for other related issue and this patch will be up in upcoming versions.

    Thanks

    #518109

    Andy
    Full Member
    Post count: 46

    Thank you Naveen.

Viewing 8 posts - 1 through 8 (of 8 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket