40% OFF EVERYTHING
Our 10th BIRTHDAY SALE
Buy Now

Field description is being HTML escaped on save

This topic contains 7 replies, has 4 voices, and was last updated by  Andy 4 years, 5 months ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • November 15, 2019 at 4:05 pm #517313

    Andy
    Expired Member
    Post count: 46

    c.f. https://wpgeodirectory.com/support/topic/include-a-link-in-the-field-description/

    An update made it possible to add HTML to the field description.

    However it looks like something has changed so that HTML entered in the field description is escaped when saved to the database. So when the description is shown on the edit page, the HTML markup is all visible rather than being actual HTML.

    Screenshots attached showing the difference between a field where the front end description was set a while back and a field where it was set today.

    November 15, 2019 at 4:14 pm #517316

    Kor
    Moderator
    Post count: 16516

    Hi Andy,

    Thanks for your post. We would need to inspect this further on your end. Kindly share your Website WP admin access here in private reply and we’ll check this out for you asap!

    November 15, 2019 at 4:27 pm #517319

    Andy
    Expired Member
    Post count: 46

    Hi Kor,

    So are you saying you can’t reproduce this? It doesn’t get HTML escaped for you?

    Steps to reproduce:

    1. In the Custom Fields for a GD post type, enter a Field Description containing HTML e.g. 

    See our <a href="/vendor-faq/" target="_blank">Vendor FAQ</a> for more information.

    2. View the add listing form on the front end.

    Expected outcome:

    The field description contains an HTML link

    Actual outcome:

    The field description contains escaped HTML on the page.

    Also shown in the screenshots above.

    November 15, 2019 at 6:15 pm #517329

    Kor
    Moderator
    Post count: 16516

    Hi Andy,

    Thanks for your reply. I’m asking your credentials so that I could forward this to a developer to check this out for you. Could you provide this in a private reply?

    November 15, 2019 at 6:20 pm #517330

    Andy
    Expired Member
    Post count: 46

    I think that asking for credentials should be a last resort if you are unable to reproduce a problem in a test environment of your own, not a first resort.

    November 15, 2019 at 9:58 pm #517346

    Alex Rollin
    Moderator
    Post count: 27815

    Thanks Andy, we are looking into it.

    November 20, 2019 at 10:17 am #517910

    Naveen Giri
    Moderator
    Post count: 1559

    Hi Andy,

    you can replace the line code
    https://github.com/AyeCode/geodirectory/blob/master/includes/admin/settings/class-geodir-settings-cpt-cf.php#L1552

    with following

    

    
$field->frontend_desc = isset( $input['frontend_desc'] ) ? stripslashes( wp_kses_post( $input['frontend_desc'] ) ) : '';

    

    we have to do an adjustment for other related issue and this patch will be up in upcoming versions.
    

    Thanks
    

		
	
    


    

			
				

    

	
    

		November 21, 2019 at 12:27 pm

		
		#518109

		
		
		
	
    


    


    

	
    

		
		
    Andy
    Expired Member
    
		
		
     Post count: 46
    
	
    

	
    

		
		
    Thank you Naveen.
    

		
	
    


    

			
		
	
    • 

	
  • 

		
    Author
    

		
    

			
				Posts
			
		
    

	
    • 





			



	


		Viewing 8 posts - 1 through 8 (of 8 total)
	


	


		
	





		
				

			

				

					
We have moved to a support ticketing system and our forums are now closed.

					Open Support Ticket