Security updates

  • Resolved shereew

    (@shereewalker)


    9 months, 2 weeks ago

    Hi there,

    In light of Advanced Custom Fields new security updates, when will we see this reflected in the ACF theme code.

    Amazing plug-in by the way!

    Thanks
    Sheree

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author philkurth

    (@philkurth)

    Hi Sheree,

    Thanks for reaching out – glad you like the plugin.

    The security updates in ACF don’t affect ACF Theme Code or ACF Theme Code Pro so there’s no need for us to update the plugin to support the changes.

    ACF Theme Code implements ACF’s template API and the changes to ACF are under the hood and don’t impact the way the API is used. Additionally, ACF Theme Code already escapes values when using the get_field() function so this change to ACF core just means additional security without you needing to do anything else.

    Cheers,
    Phil

    Thread Starter shereew

    (@shereewalker)

    Hi there,

    Thanks for this – apologies if I am not understanding but as an example, for a text field, the output is:

    <?php the_field( 'text_heading' ); ?>

    But the ACF recommendation is:

    <?php echo esc_html( get_field('text_heading') ); ?>

    I don’t know much about escaping, so perhaps I am missing something, but I have warnings generated by ACF if I don’t use the latter.

    Thanks again
    Sheree

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security updates’ is closed to new replies.

Tags