- This topic has 4 replies, 3 voices, and was last updated 10 years, 6 months ago by
.
-
Posts
-
Hi!
I recently bought Events Calendar PRO. In the backend I have added some custom fields with Field Name & Field Type URL.
Currently the URL is displayed as pure HTML and not as a link. Regarding this I have the following questions;
1. Why are the URL displayed as HTML?
2. Is there a way to have the Field Name to be the link?
3. I would also like to add an iframe to the Custom Fields. Can this be fixed? Ref.
<iframe src=https://bit.ly/1LIEeW7 width=285 height=500 frameborder=0 webkitAllowFullScreen mozallowfullscreen allowFullScreen></iframe>Hey @Deniz,
I’m sorry about this issue, it is happening because we are using the esc_html() function escape HTML on the page for added security.
To override this, at this time you will unfortunately have to create a customized version of the Additional Fields template in your theme.
This process is described in detail here → https://theeventscalendar.com/knowledgebase/themers-guide/
The quick version, however, is basically to just add the following directories and custom file in your theme:
{your parenttheme folder}/tribe-events/pro/modules/meta/additional-fields.phpAgain, see the full themer’s guide linked above for more information on that if necessary. But once you have this file made, make the file look like this: https://gist.github.com/ggwicz/12eb0eef4e145261e213
This change uses wp_kses_post() instead of esc_html(), which is still secure but will allow the link to render.
This change alone may also allow your iframe to work.
I’m sorry that all of this is required at this time to fix this – let me know if the information here helps though!
Thanks,
GeorgeHi,
1. I have now solved the issue with links displayed as HTML.
2. Could you advise me how I fix this?
3. I have not gotten the iFrame to be displayed properly. As of now it is not showing at all. In the field name it does not allow the code to be input. When I try to save the event the field with the iframe is displayed as incorrect and I have to remove it for the event to be saved. Could you look into this?Hey Deniz,
Unfortunately, the iframe element might be getting stripped of some of its code because of filters in WordPress that are there for security reasons. I suspect this because of what you said as follows: “As of now it is not showing at all. In the field name it does not allow the code to be input.”
This is unfortunately a bit harder to work around than the other problem that we solved in step 1.
You can start by going back to that same file I mentioned in my first thread; the one where I recommend using wp_kses_post() instead of esc_html()…
Well, for starters, you can try fixing this other issue related to iframes by simply removing wp_kses_post() altogether, so that the variable is just output without filters. This is not recommended, but neither is using iframes at all (or, trying to store them in the database through these field inputs, at least), so the decision is yours if this additional security risk is “worth it”.
If this doesn’t help, then I’d recommend adding wp_kses_post() back to the file. However, at this point the next best step would be to do some deeper digging into WordPress and into the Events Calendar Pro plugin files directly, and search for where these input processes are sanitized. Though annoying in this one case of using iFrames, this code-stripping is otherwise a very important security measure, and I personally do not recommend sacrificing this filtering for the use of iframes in additional fields. That is just my personal disclaimer here – I hope the rest of this reply helps and that you are able to get things working to some degree on your site.
Sincerely,
George
- The topic ‘CUSTOM FIELDS – LINK DISPLAYED AS HTML’ is closed to new replies.