On January 16, 2024, the ACF 6.2.5 security release fixed a security issue whereby the output of the [acf field="[...]"/]
shortcode has its content run through wp_kses()
. This removes all <script>
and <iframe>
tags. However, there are still situations where you may need to echo these tags when you have a site where you're confident you can trust every user on your site with contributor or higher access. Hence, this shortcode allows you to do this.
Retrieves the value of a specified Advanced Custom Field (ACF) based on given attributes.
This function is designed to be used as a shortcode handler for retrieving ACF field values.
It allows specifying a field name and optionally a post ID. If no post ID is provided,
the function uses the ID of the global `$post` object. The function returns false if the
field name is not specified or if the field value is empty.
@global WP_Post $post The global post object.
@param array $atts {
Attributes for the shortcode. Optional.
@type string $field The ACF field name to retrieve the value for. Default null.
@type int $post_id The ID of the post to retrieve the value from. Default null.
}
@return mixed|false The value of the ACF field if found and not empty, false otherwise.
1.0.0
- Initial release.