You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently, I've had an error that the Shortcode plugin somehow tried to process a .gitkeep file in the custom shortcodes folder specified with custom_shortcodes.
How I noticed the problem
I don't know why and how, but my .gitkeep file had two empty lines instead of just one by accident, and that caused a single empty line at the top of every page. After I removed the new line or disabled the plugin, the problem was gone.
Security
This issue could be a bigger security risk, since the plugin parses files which are not meant to be a shortcode.
Possible solution
Since all shortcodes are built like this:,
class CustomShortcode extends Shortcode {
publicfunctioninit() {
$this->shortcode->getHandlers()->add('custom', function (ShortcodeInterface$sc) {
return'some custom content';
});
}
}
I think it must be possible to only "parse" shortcode files. Or even only executing PHP code which is a class and extends Shortcode.
I'm not very familiar with PHP yet, so this could be a wrong assumption, but why was the plugin built this way? Isn't it easier to just run child classes of Shortcode
The text was updated successfully, but these errors were encountered:
Problem
Recently, I've had an error that the Shortcode plugin somehow tried to process a
.gitkeepfile in the custom shortcodes folder specified withcustom_shortcodes.How I noticed the problem
I don't know why and how, but my
.gitkeepfile had two empty lines instead of just one by accident, and that caused a single empty line at the top of every page. After I removed the new line or disabled the plugin, the problem was gone.Security
This issue could be a bigger security risk, since the plugin parses files which are not meant to be a shortcode.
Possible solution
Since all shortcodes are built like this:,
I think it must be possible to only "parse" shortcode files. Or even only executing PHP code which is a class and extends
Shortcode.I'm not very familiar with PHP yet, so this could be a wrong assumption, but why was the plugin built this way? Isn't it easier to just run child classes of
ShortcodeThe text was updated successfully, but these errors were encountered: