Make WordPress Core

Opened 6 years ago

Last modified 7 months ago

#9405 reopened defect (bug)

Shortcode parameter names can't have dashes in them

Reported by: Viper007Bond Owned by:
Milestone: Future Release Priority: lowest
Severity: minor Version: 2.8
Component: Shortcodes Keywords: has-patch needs-testing
Focuses: Cc:


I expected this to work, but it doesn't:

[tag my-param="value" foo="bar"]Hello world![/tag]

The passed array looks like this:

	0 => 'my-param="value"',
	'foo' => 'bar'

Attachments (3)

9405.diff (748 bytes) - added by izem 11 months ago.
Updated regex of shortcode_parse_atts function at src/wp-includes/shortcodes.php
9405.2.diff (768 bytes) - added by izem 11 months ago.
Updated regex for 3 types values (double quotes, single quotes, no quotes)
9405.3.diff (1.6 KB) - added by aaroncampbell 7 months ago.

Download all attachments as: .zip

Change History (11)

comment:1 @hakre6 years ago

function is shortcode_parse_atts() in wp-includes/shortcodes.php

the parsing is done by regular expressions.

word limiters are used, I guess dashes are not supported by them.

I wonder if it makes sense. This problem can for easier besolved by clarifying the documentation, the regular expression pattern is already quite complex.

comment:2 @Denis-de-Bernardy6 years ago

it's supposed to "look" like html attributes. curious to know if dash is a valid character for html attributes before closing as invalid...

comment:3 @hakre6 years ago

Some HTML Trivia:

  • attribute names are not case sensitive. (HTML 2.0)
  • The `NAMELEN' parameter in the SGML declaration (section SGML Declaration for HTML) limits the length of an attribute value to 1024 characters.
  • HTML allows CDATA attributes to be unquoted provided the attribute value contains only letters (a to z and A to Z), digits (0 to 9), hyphens (ASCII decimal 45) or, periods (ASCII decimal 46)
  • An attribute specification consists of a name, an "=" and a value specification. The name refers to an item in an ATTLIST declaration.

I see no attribute name in HTML (2.0, 3.2, 4.1 & xhtml 1.0) that conatins a dash or dot.

comment:4 @Denis-de-Bernardy6 years ago

  • Milestone Future Release deleted
  • Resolution set to invalid
  • Status changed from new to closed

comment:5 @sswells11 months ago

  • Component changed from General to Shortcodes
  • Resolution invalid deleted
  • Status changed from closed to reopened

Since the reasoning behind closing this ticket was the html attribute mirroring, can it be reconsidered now that data-uid and other data-? parameters are widely used?

Line 308 of shortcodes.php could be changed from:

$pattern = '/(\w+)\s*=\s*"([^"]*)"(?:\s|$)|(\w+)\s*=\s*\'([^\']*)\'(?:\s|$)|(\w+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|(\S+)(?:\s|$)/';


$pattern = '/([\w\-]+)\s*=\s*"([^"]*)"(?:\s|$)|([\w\-]+)\s*=\s*\'([^\']*)\'(?:\s|$)|([\w\-]+)\s*=\s*([^\s\'"]+)(?:\s|$)|"([^"]*)"(?:\s|$)|(\S+)(?:\s|$)/';
Last edited 10 months ago by SergeyBiryukov (previous) (diff)

@izem11 months ago

Updated regex of shortcode_parse_atts function at src/wp-includes/shortcodes.php

comment:6 @izem11 months ago

  • Keywords has-patch added; needs-patch removed

Added a patch that update the regex pattern of shortcode_parse_atts function at src/wp-includes/shortcodes.php
The name part of the regex was: (\w+)
I've changed it to: (\w+(?:\-\w+)*)
Now it support names with hyphens (but not names that end with a hyphen).

// [sc_test name="val01" name-with-hyphens="val02" name-end-with-hyphen-="val03"]
atts Array:
    [name] => val01
    [name-with-hyphens] => val02
    [0] => name-end-with-hyphen-="val03"

@izem11 months ago

Updated regex for 3 types values (double quotes, single quotes, no quotes)

comment:7 @SergeyBiryukov10 months ago

  • Milestone set to Awaiting Review

@aaroncampbell7 months ago

comment:8 @aaroncampbell7 months ago

  • Keywords needs-testing added
  • Milestone changed from Awaiting Review to Future Release

In #17657 we moved to allowing hyphens in shortcode names. I don't actually see a reason to limit hyphens from being at the beginning of a parameter name, so in 9405.3.diff I went with a simpler regex change that allows [\w-] for all parameter name characters. I also added a unit test.

Note: See TracTickets for help on using tickets.