[wp-trac] [WordPress Trac] #56780: shortcode block in block-based template part in a classic theme does not get expanded

WordPress Trac noreply at wordpress.org
Thu Oct 31 22:48:45 UTC 2024 

#56780: shortcode block in block-based template part in a classic theme does not
get expanded
-------------------------------------------------+-------------------------
 Reporter:  pbiron                               |       Owner:  costdev
     Type:  defect (bug)                         |      Status:  assigned
 Priority:  high                                 |   Milestone:  Future
                                                 |  Release
Component:  Editor                               |     Version:  6.1
 Severity:  normal                               |  Resolution:
 Keywords:  has-testing-info has-screenshots     |     Focuses:
  has-patch has-unit-tests changes-requested     |
  needs-testing early                            |
-------------------------------------------------+-------------------------

Comment (by sppramodh):

 == Test Report
 === Description
 This report validates whether the indicated patch works as expected.

 Patch tested: https://github.com/WordPress/wordpress-develop/pull/3851

 === Environment
 - WordPress: 6.7-RC2
 - PHP: 8.2.18
 - Server: Apache/2.4.59 (Win64) PHP/8.2.18 mod_fcgid/2.3.10-dev
 - Database: mysqli (Server: 8.3.0 / Client: mysqlnd 8.2.18)
 - Browser: Firefox 132.0
 - OS: Windows 10/11
 - Theme: Test 56780 0.1.0
 - MU Plugins: None activated
 - Plugins:
   * Secure Custom Fields 6.3.10.2
   * Test Reports 1.1.0
   * WooCommerce 9.3.3
   * WordPress Beta Tester 3.6.1

 === Actual Results
 1.  ❌ The patch dose not solve the issue completely.

 === Additional Notes
 - As noted in comment #50, there was concern that the patch might
 introduce subtle security issues by allowing a shortcode to be used within
 comments.
 - As instructed in comment #54, I used the test theme and modified it to
 use block_template_part() to render a template part containing comments
 block.
 - After applying the patch, the shortcode is now processed in the comments
 weather short code is added in the comment or using <!-- wp:shortcode -->
 in the comment template part, which, as anticipated in comment #50, could
 introduce security issues. **Therefore, the patch needs further
 improvement.**

 === Supplemental Artifacts
 Screenshot: [[Image(https://imgur.com/HCe0B7D)]]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/56780#comment:79>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list