Make WordPress Core

Opened 14 years ago

Closed 9 years ago

Last modified 9 years ago

#12760 closed defect (bug) (duplicate)

Escaping shortcode conditionally

Reported by: pavelevap's profile pavelevap Owned by: markjaquith's profile markjaquith
Milestone: Priority: low
Severity: normal Version: 3.0
Component: Shortcodes Keywords: roadmap
Focuses: Cc:

Description (last modified by markjaquith)

Using additional brackets is the official way to "escape" a shortcode. e.g. [[escaped]]

Using additional brackets [[shortcode]] in a post works only when the plugin (function) for this shortcode is active. When deactivated, additional brackets are shown in the post. It is annoying for many users, because editors sometimes test a plugin, write about it in a post with shortcode example and after some months this plugin is deactivated. Now there will be additional brackets, breaking their example code.

Input:

[[shortcode_that_does_not_exist]]

Expected output, regardless of whether that plugin is active:

[shortcode_that_does_not_exist]

Actual output, if plugin is not active:

[[shortcode_that_does_not_exist]

[edited by Mark Jaquith]

Attachments (2)

shortcodes.diff (834 bytes) - added by kunalb 14 years ago.
shortcodes.2.diff (2.5 KB) - added by azram19 13 years ago.

Download all attachments as: .zip

Change History (18)

#1 @markjaquith
14 years ago

  • Description modified (diff)
  • Owner set to markjaquith
  • Status changed from new to assigned
  • Version changed from 2.9.2 to 3.0

@kunalb
14 years ago

#2 @kunalb
14 years ago

  • Cc kunalb added
  • Keywords has-patch added

I've attached a patch that takes care of any shortcodes of the form [[foobar]] left over after running all registered shortcode functions: I avoided changing the get_shortcode_regex function to allow for general tags because of the way the embed shortcode is handled (calling do_shortcode twice, once with only the embed as the shortcode to handle, and once after that).

Getting [shortcode]Text[/shortcode] to display required an escape of the form [[shortcode]Text[/shortcode]] ; so non-shortcodes of this form are reduced accordingly.

#3 @nacin
14 years ago

  • Milestone changed from 3.0 to 3.1

#4 @hakre
13 years ago

It makes sense to have something to escape shortcodes.

#5 @nacin
13 years ago

  • Milestone changed from Awaiting Triage to Future Release
  • Priority changed from normal to low

#6 @markjaquith
13 years ago

  • Cc markjaquith added
  • Keywords dev-feedback added

Good idea. Let's get some eyes on the patch.

#7 @azram19
13 years ago

  • Cc azram19 added

I've attached a patch that adds escape_shortcode() and uses it to escape shortcodes of the form [[foobar]] and [[foo]bar[/foo]].

It also escapes [[embed]foobar[/embed]], which hasn't been escaped by the previous patch.

#8 @iseulde
11 years ago

  • Component changed from General to Shortcodes

#9 @jdgrimes
10 years ago

+1 - This can be very annoying. My temporary solution was to add the shortcode with, e.g., __return_false as the callback and use the built-in escaping.

#11 @jdgrimes
10 years ago

Related: #28720.

#12 @miqrogroove
10 years ago

  • Keywords has-patch removed

In shortcodes.diff I don't see how arbitrary corruption of HTML would be avoided. Just because someone uses square braces in their CDATA, URI, or other element, doesn't mean it's an unregistered shortcode.

In shortcodes.2.diff I don't see how shortcodes would even work anymore.

I agree the escaping system is somewhat nonsensical, but we need a more foolproof solution.

#13 @aaroncampbell
9 years ago

  • Keywords close added

Honestly, I think that at this point we have to consider unregistered shortcodes to not be shortcodes at all. If you really need to use double brackets to escape unregistered shortcodes, just register them with add_shortcode( 'shortcode', '__return_empty_string' )

I'm not saying this is "best case scenario", but I do think it's where we are right now for backwards compat, keeping the regexes as sane as possible, etc.

#14 @miqrogroove
9 years ago

  • Keywords roadmap added; dev-feedback close removed

I am working on a roadmap proposal to fix this with better shortcode syntax.

#15 @miqrogroove
9 years ago

  • Milestone Future Release deleted
  • Resolution set to duplicate
  • Status changed from assigned to closed

Duplicate of #18558.

Just noticed we have two tickets for this.

#16 @pavelevap
9 years ago

Yes, probably same ticket. I only emphasized displaying active and inactive shortcodes in posts (for example for tutorials)...

Note: See TracTickets for help on using tickets.