10 Jun

ACF 5.8.12 Release

By Elliot Condon

Advanced Custom Fields version 5.8.12 is now available. This release contains a number of improvements for both the ACF and ACF PRO plugins, which we hope you enjoy.

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.

Improved string escaping

A vulnerability was discovered allowing unescaped <script> tags to be rendered within Select2 drop-downs and Relationship fields. This issue has been fixed, ensuring better security against malicious HTML found in post titles.

Fixed WYSIWYG remount bug

A bug was discovered causing WYSIWYG fields shown in the block editor sidebar to disappear when being “remounted” to the DOM. There are various scenarios when this is possible, the most common is when editing a block and toggling between Document and Block tabs. With this bug fixed, WYSIWYG fields will now always reappear as expected after being unmounted from the DOM.

Fixed max length validation bug

A bug causing incorrect max length validation for the Text and Textarea fields has been fixed. This issue is specific to the acf_form() function which runs all submitted content through the wp_kses() function for sanitization. As part of the sanitization process, some characters are converted into HTML entities (“&” => “&amp;”) which caused our validation to treat ampersands as 5 characters in length.

Minor enhancements

  • Fixed bug causing PHP error when updating the settings of a Checkbox field.
  • Added new JS functions acf.escHTML() and acf.escAttr().
  • Added new PHP function acf_strlen().

🙌 Thanks to everyone who helped make this release possible.

About the Author