[qsm_link] destroys formatting of the button text

Hi @forcesail ,

I hope this email finds you well. We sincerely appreciate your positive feedback and value your engagement with us.

Regarding the query you raised about coding, I’ll consult with my team to gather more detailed information and ensure we provide the best possible solution.

In the meantime, could you kindly share the HTML code you’re currently using within the [qsm_link] shortcode? Additionally, please include an example of its implementation. This will help us focus on the exact section you mentioned and work on removing the esc_html function from qsm_quiz_link_shortcodes as per your specifications.

Thank you for your time, cooperation, and patience. Please let me know if you have any further details or questions to share.

Best regards,
Dhanush

Dear Dhanush,

This is the code that dynamically, using 2 other plugins creates the text for the button.
So, yes, I have to not only to remove esc_html?but add $content = do_shortcode( $content ); before the final if of the function of your great plugin.

[qsm_link id='%%id%%' class='btn-retake-quiz center']<span style="font-size: 28px;"><b>[switch cond='%%num%%' 1='➀' 2='➁' 3='➂' 4='➃']%%num:?%%[/switch]</b>&nbsp;</span>[switch switch='%%textype%%' calm='Пройдите тест еще раз' angry='Пройдите тест еще раз, только очень серьезно, пожалуйста!']%%text:Еще раз%%[/switch]<span style="font-size: 28px;">&nbsp;<b>?</b></span>[/qsm_link]

Dear @forcesail ,

I hope this message finds you well. I sincerely appreciate the effort you put into sharing the codes and providing the relevant structural details.

I have escalated the issue, along with the information you provided, to our development team for their review. Once they have analyzed it, I will share suggestions and outline the necessary steps to resolve the issue moving forward.

Thank you for your time, effort, and cooperation in this matter.

Best regards,
Dhanush

Dear Dhanush,

I mean, that I’d be happy if the end of function qsm_quiz_link_shortcode (file shortcodes.php) was:

// Craft the target attribute if one is passed to shortcode
$content = do_shortcode( $content );
if ( ! empty( $target ) ) {

return "<a href='" . esc_url( $permalink ) . "' target='" . esc_attr( $target ) . "' class='" . esc_attr( $class ) . "'>" . $content . '</a>';
} else {

return "<a href='" . esc_url( $permalink ) . "' class='" . esc_attr( $class ) . "'>" . $content . '</a>';

}
}

Hi @forcesail ,

I hope this message finds you well, and I apologize for the delay in getting back to you.

Thank you for your valuable input and suggestions. After a detailed review, we have implemented a solution that adheres to WordPress standards.

While we cannot remove the esc_html function from the qsm_link shortcodes due to WordPress requirements, we have decided to replace it with the wp_kses_post function. This change ensures compliance with WordPress guidelines while addressing the intended functionality.

For your reference, here are the updates:

if ( ! empty( $target ) ) { return “<a href='” . esc_url( $permalink ) . “‘ target='” . esc_attr( $target ) . “‘ class='” . esc_attr( $class ) . “‘>” . wp_kses_post( $content ) . ‘</a>’; } else { return “<a href='” . esc_url( $permalink ) . “‘ class='” . esc_attr( $class ) . “‘>” . wp_kses_post( $content ) . ‘</a>’; }

File Path: \quiz-master-next\php\shortcodes.php

The updated code can be added to the specified file path. This modification will be included in the upcoming plugin update

We sincerely appreciate your cooperation and support throughout this process. If you have any further questions or feedback, please feel free to let us know.

Best regards,
Dhanush

Dear Dhanush,

thank you very much for your helpful, co-operation and understanding that my advice makes your plugin even better!
I appreciate your team’s wish to find a solution but I’m afraid, that wp_kses is not a one because it calls wp_kses_normalize_entities that convert & to &amp; destroying html special symbols codes (like &larr; or ← and so on).

On other hand your focus on security is great and fully appreciable but I suppose you don’t need to case about escaping the $context because it DOSN’T come from user input !!!
$context comes from Quiz settings that admin do and there is no way for $context to be injected by unwanted data.

Another point, please don’t forget to add $content = do_shortcode( $content );

Dear @forcesail ,

I hope this email finds you well. My apologies for the delay in getting back to you, and thank you for your patience and understanding.

Regarding the details you shared about the wp_kses section, I have forwarded the matter to our development team. They are actively reviewing this issue. I will provide you with an update as soon as we receive any insights or solutions from them.

Thank you for your time and cooperation. Please let me know if you have any further questions or require additional assistance.

Best regards,

Dear @forcesail ,

I hope this email finds you well. Apologies for the delay in getting back to you.

Our development team has provided an update, and we’ve identified a solution involving updated code. Kindly replace the existing code with the snippet below in the file located at:

File Path: \quiz-master-next\php\shortcodes.php
if ( ! empty( $target ) ) {
return “<a href='” . esc_url( $permalink ) . “‘ target='” . esc_attr( $target ) . “‘ class='” . esc_attr( $class ) . “‘>” . do_shortcode( $content ) . ‘</a>’;
} else {
return “<a href='” . esc_url( $permalink ) . “‘ class='” . esc_attr( $class ) . “‘>” . do_shortcode( $content ) . ‘</a>’;
}

Please replace the existing code in the specified file with the codes shared above. If you encounter any issues, feel free to reach out, and we will be happy to assist further.

Thank you for your time and cooperation.

Best regards,
Dhanush