mwender/README.md

## README.md

      
    Raw
  

              README.md
            
          
    The [acf_field_unsafe/] Shortcode

On January 16, 2024, the ACF 6.2.5 security release fixed a security issue whereby the output of the [acf field="[...]"/] shortcode has its content run through wp_kses(). This removes all <script> and <iframe> tags. However, there are still situations where you may need to echo these tags when you have a site where you're confident you can trust every user on your site with contributor or higher access. Hence, this shortcode allows you to do this.
Shortcode Documentation

Retrieves the value of a specified Advanced Custom Field (ACF) based on given attributes.

This function is designed to be used as a shortcode handler for retrieving ACF field values. 
It allows specifying a field name and optionally a post ID. If no post ID is provided, 
the function uses the ID of the global `$post` object. The function returns false if the 
field name is not specified or if the field value is empty.

@global WP_Post $post The global post object.

@param array $atts {
    Attributes for the shortcode. Optional.

    @type string $field   The ACF field name to retrieve the value for. Default null.
    @type int    $post_id The ID of the post to retrieve the value from. Default null.
}

@return mixed|false The value of the ACF field if found and not empty, false otherwise.

Changelog

1.0.0

Initial release.


## acf_unsafe_field.php
<?php
/**
 * Retrieves the value of a specified Advanced Custom Field (ACF) based on given attributes.
 *
 * This function is designed to be used as a shortcode handler for retrieving ACF field values.
 * It allows specifying a field name and optionally a post ID. If no post ID is provided,
 * the function uses the ID of the global `$post` object. The function returns false if the
 * field name is not specified or if the field value is empty.
 *
 * @global WP_Post $post The global post object.
 *
 * @param array $atts {
 *     Attributes for the shortcode. Optional.
 *
 *     @type string $field   The ACF field name to retrieve the value for. Default null.
 *     @type int    $post_id The ID of the post to retrieve the value from. Default null.
 * }
 *
 * @return mixed|false The value of the ACF field if found and not empty, false otherwise.
 */
function acf_field_unsafe( $atts ){
	global $post;

	$args = shortcode_atts([
		'field' 	=> null,
		'post_id'	=> null,
	],$atts);

	$post_id = ( is_null( $args['post_id'] ) )? $post->ID : $args['post_id'] ;

	$value = get_field( $args['field'] );
	if( is_null( $args['field'] ) || empty( $value ) )
		return false;

	return $value;
}
add_shortcode( 'acf_field_unsafe', 'acf_field_unsafe' );
	<?php
	/**
	* Retrieves the value of a specified Advanced Custom Field (ACF) based on given attributes.
	*
	* This function is designed to be used as a shortcode handler for retrieving ACF field values.
	* It allows specifying a field name and optionally a post ID. If no post ID is provided,
	* the function uses the ID of the global `$post` object. The function returns false if the
	* field name is not specified or if the field value is empty.
	*
	* @global WP_Post $post The global post object.
	*
	* @param array $atts {
	* Attributes for the shortcode. Optional.
	*
	* @type string $field The ACF field name to retrieve the value for. Default null.
	* @type int $post_id The ID of the post to retrieve the value from. Default null.
	* }
	*
	* @return mixed\|false The value of the ACF field if found and not empty, false otherwise.
	*/
	function acf_field_unsafe( $atts ){
	global $post;

	$args = shortcode_atts([
	'field' => null,
	'post_id' => null,
	],$atts);

	$post_id = ( is_null( $args['post_id'] ) )? $post->ID : $args['post_id'] ;

	$value = get_field( $args['field'] );
	if( is_null( $args['field'] ) \|\| empty( $value ) )
	return false;

	return $value;
	}
	add_shortcode( 'acf_field_unsafe', 'acf_field_unsafe' );