Backport: Update SCF to include all 6.4.3 fixes. #207
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cbravobernal
added a commit
that referenced
this pull request
Aug 26, 2025
* Land the PHP stuff * Backport field-group and input * Added dompurify * Update acf.min.js * Update pro js * Fix more PHP backports * Fix indent * Use a better composer approach * Remove not needed utf function
cbravobernal
added a commit
that referenced
this pull request
Sep 23, 2025
* Add zip creation script (#202) * Update trunk with 6.5.5 releae. (#203) * update readme * Build assets, documentation, and translations * Update version to 6.5.5 * Revert "Build assets, documentation, and translations" This reverts commit 8f79f54. * Fix folder moved (#204) * Update trunk branch with 6.5 (#205) * update readme * Build assets, documentation, and translations * Update version to 6.5.5 * Revert "Build assets, documentation, and translations" This reverts commit 8f79f54. * Update stable tag to 6.5.5 * REST API: Add `source` parameter for types endpoint (#128) Co-authored-by: Carlos Bravo <[email protected]> * Backport: Update SCF to include all 6.4.3 fixes. (#207) * Land the PHP stuff * Backport field-group and input * Added dompurify * Update acf.min.js * Update pro js * Fix more PHP backports * Fix indent * Use a better composer approach * Remove not needed utf function * First batch of changes * Backport acf-input.min.js * Finish main min file * Update 90% of flexible content * Finish all JS * Update all PHP files and acf min * Update latest version * Rename issue --------- Co-authored-by: Héctor <[email protected]>
cbravobernal
added a commit
that referenced
this pull request
Sep 23, 2025
* update readme * Build assets, documentation, and translations * Update version to 6.5.5 * Revert "Build assets, documentation, and translations" This reverts commit 8f79f54. * Update stable tag to 6.5.5 * REST API: Add `source` parameter for types endpoint (#128) Co-authored-by: Carlos Bravo <[email protected]> * Backport: Update SCF to include all 6.4.3 fixes. (#207) * Land the PHP stuff * Backport field-group and input * Added dompurify * Update acf.min.js * Update pro js * Fix more PHP backports * Fix indent * Use a better composer approach * Remove not needed utf function * Backport: Update 6.5.0 (#208) * First batch of changes * Backport acf-input.min.js * Finish main min file * Update 90% of flexible content * Finish all JS * Update all PHP files and acf min * Update latest version * Rename issue * Update readme with changelog * Build assets, documentation, and translations * Update version to 6.5.6 * Add zip creation script (#202) * Fix folder moved (#204) * Update readme * Update version to 6.5.7 * Update readme stable tag to last version * Maintenance: Update branch 6.5 with backports. (#215) * Add zip creation script (#202) * Update trunk with 6.5.5 releae. (#203) * update readme * Build assets, documentation, and translations * Update version to 6.5.5 * Revert "Build assets, documentation, and translations" This reverts commit 8f79f54. * Fix folder moved (#204) * Update trunk branch with 6.5 (#205) * update readme * Build assets, documentation, and translations * Update version to 6.5.5 * Revert "Build assets, documentation, and translations" This reverts commit 8f79f54. * Update stable tag to 6.5.5 * REST API: Add `source` parameter for types endpoint (#128) Co-authored-by: Carlos Bravo <[email protected]> * Backport: Update SCF to include all 6.4.3 fixes. (#207) * Land the PHP stuff * Backport field-group and input * Added dompurify * Update acf.min.js * Update pro js * Fix more PHP backports * Fix indent * Use a better composer approach * Remove not needed utf function * First batch of changes * Backport acf-input.min.js * Finish main min file * Update 90% of flexible content * Finish all JS * Update all PHP files and acf min * Update latest version * Rename issue --------- Co-authored-by: Héctor <[email protected]> --------- Co-authored-by: Héctor <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Apply all changes done in 6.4.3, including:
– Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor
– HTML is now escaped from field group labels when output in the ACF admin
– Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles
– The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour
– Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure
– An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4