Jetpack: Can't use ] character in contact form attributes.
Steps to reproduce the issue
- In the New Post screen, click "Add Contact Form".
- Set the
subjectattribute of the[contact-form]shortcode tag to"[Contact Form Submission]".
What I expected
The form would display correctly on the website.
What happened instead
Everything after the ] in the subject attribute is output on the webpage.
For example, this contact form shortcode:
[contact-form subject="[Contact Form Submission]" to="[email protected]"][contact-field label="Name" type="name" required="true" /][contact-field label="Email" type="email" required="true" /][contact-field label="Website" type="url" /][contact-field label="Message" type="textarea" /][/contact-form]
inadvertently leaks my email address:
cfinke
All 10 comments
Related: #7632
kraftbj
on 29 Aug 2017
per WP Core Shortcode API docs:
The shortcode parser does not accept square brackets within attributes.
Using the visual editor, you cannot save a subject containing brackets, such as [Contact Form Submission]. Once you click "Update Form", the subject field containing brackets will be blank.
This means that the only way to run into this error is to use the text view in the editor to add brackets into the shortcode text.
I think the best solution here would be better handling in the core add_shortcode() for dealing with cases like this. In this example, these are the parameters passed through the hook to the shortcode function:
$attributes:
array(3) {
["subject"]=>
string(15) "”[Contact"
[0]=>
string(4) "Form"
[1]=>
string(10) "Submission"
}
$content:
string(255) "” to=”[email protected]”][contact-field label="Name" type="name" required="true" /][contact-field label="Email" type="email" required="true" /][contact-field label="Website" type="url" /][contact-field label="Message" type="textarea" /]"
Without improvements to the core add_shortcode() parsing, it would be difficult to mitigate this issue.
One improvement that could be added is a validation notice when updating the form from the visual editor. This could also be added in other areas where it doesn't currently exist, such as email validation on the submissions email field. That may be out of scope for this ticket though.
rclations
on 18 Sep 2017
Another issue with this. If you start your subject line with "[", the form submission goes to the WPCOM email address of the site owner/admin (likely who created the form), instead of going to the "TO" address specified in the form.
785092-zen
ehti
on 10 Nov 2017
This issue has been marked as stale. This happened because:
- It has been inactive in the past 6 months.
- It hasn’t been labeled `[Pri] Blocker`, `[Pri] High`.
No further action is needed. But it's worth checking if this ticket has clear reproduction steps and it is still reproducible. Feel free to close this issue if you think it's not valid anymore — if you do, please add a brief explanation.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 30 Jun 2018
Also reported in #14223 for the block.
jeherve
on 13 Dec 2019
This issue has been marked as stale. This happened because:
- It has been inactive in the past 6 months.
- It hasn’t been labeled `[Pri] Blocker`, `[Pri] High`.
No further action is needed. But it's worth checking if this ticket has clear reproduction steps and it is still reproducible. Feel free to close this issue if you think it's not valid anymore — if you do, please add a brief explanation.
stale[bot]
on 10 Jun 2020
22094305-hc: they wanted square brackets in their select option text.
tbradsha
on 26 Jun 2020
I'm working on a core patch for this. I'll link the Trac ticket once I create one.
cfinke
on 30 Jun 2020
Core patch is here: https://core.trac.wordpress.org/ticket/50683
cfinke
on 16 Jul 2020
Noting it is currently slated for WP 5.7.
kraftbj
on 21 Oct 2020
Related issues
kraftbj
·
3Comments
kevinlisota
·
3Comments
jeherve
·
3Comments
ockham
·
3Comments
jeherve
·
3Comments
Most helpful comment
I'm working on a core patch for this. I'll link the Trac ticket once I create one.