Advanced Custom Fields version 5.8.12 is now available. This release contains a number of improvements for both the ACF and ACF PRO plugins, which we hope you enjoy.
👨💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.
Improved string escaping
A vulnerability was discovered allowing unescaped <script> tags to be rendered within Select2 drop-downs and Relationship fields. This issue has been fixed, ensuring better security against malicious HTML found in post titles.
Fixed WYSIWYG remount bug
A bug was discovered causing WYSIWYG fields shown in the block editor sidebar to disappear when being “remounted” to the DOM. There are various scenarios when this is possible, the most common is when editing a block and toggling between Document and Block tabs. With this bug fixed, WYSIWYG fields will now always reappear as expected after being unmounted from the DOM.
Fixed max length validation bug
A bug causing incorrect max length validation for the Text and Textarea fields has been fixed. This issue is specific to the acf_form() function which runs all submitted content through the wp_kses() function for sanitization. As part of the sanitization process, some characters are converted into HTML entities (“&” => “&”) which caused our validation to treat ampersands as 5 characters in length.
Minor enhancements
- Fixed bug causing PHP error when updating the settings of a Checkbox field.
- Added new JS functions
acf.escHTML()andacf.escAttr(). - Added new PHP function
acf_strlen().
🙌 Thanks to everyone who helped make this release possible.
About the Author
Elliot is a web developer working "down under" on the Advanced Custom Fields WordPress plugin in Australia. Having a previous life in design, Elliot is passionate about all things interactive. Enjoys skateboarding, coffee and building things.