Support » Fixing WordPress » HTML check option in WordPress 4.9

  • Resolved eklisiarh1

    (@eklisiarh1)



    I find the new code-check function in WordPress to be helpful but I think you went one step too far, when you decided not to allow us to save our code if it has errors. One can do this only if one is sure that their code-check is able to recognise all cases of custom code from errors and we will all agree that this will not be possible any soon (maybe when AI comes?).

    Here is one such case:

    In the custom HTML widget I use PHP to fill the info from the forms. Here is what I do:

    I add following code to the functions.php:

    add_filter('widget_text','execute_php',100);
    function execute_php($html){
    if(strpos($html,"<"."?php")!==false){
    ob_start();
    eval("?".">".$html);
    $html=ob_get_contents();
    ob_end_clean();
    }
    return $html;
    }

    Than I use Advanced Custom Fields plugin to gather data in forms and I add these to HTML widget with this code:

    <?php global $wp_query;
    if(is_object($wp_query->queried_object) && $wp_query->queried_object->ID)
    {
    echo get_post_meta($wp_query->queried_object->ID, 'gtelefonnummer', true);
    }
    ?>

    Since the last theme update I cannot save this widget because your code-check engine finds errors in my HTML which are actually no errors but PHP!

    All the old widgets containing that code work perfectly but I cannot add any new code to the widgets for new fields!

    How can I disable this?

Viewing 13 replies - 1 through 13 (of 13 total)
  • mechanicman

    (@mechanicman)

    I totally agree I like that it makes you aware of errors but I want the ability to save whatever I want. One of my uses for custom HTML is to post affiliate banners and links. The code is generated by the affiliate and I don’t want to change any of it. Some affiliates specifically warn you not to alter the code. The errors the widget is pointing out are usually minor and do not affect the usability or page load times, scores, etc

    wendywestbrook

    (@wendywestbrook)

    I also have an issue with this!

    I set up the basic code for client sites to insert their details later (images, social media links, etc.) on the development site and now I can’t save unless I enter a valid url. Why do I have to do twice the work because the widget thinks my code isn’t correct. I don’t care what it thinks. I just want to enter my code and hit save, and come back later and fill it in when the info is available.

    I am very very frustrated by this…and now I’m behind schedule. Grrr….

    eklisiarh1

    (@eklisiarh1)

    Yes this is very strange that WordPress-Team would do something irrational like this! I mean: I never had any problem with decisions you guys make but this is just crazy. I mean to think that code-checker can be so perfect that it can foresee every code-variation we might use is just… well… sorry to say that but it’s just stupid!

    surfintica

    (@surfintica)

    Ditto, this is absolutely stupid.

    This is like the new Skype updates where changes how we work.

    There simply is not way for code-checker to validate all possible variations. If you add this, at least make a way for those who are not scared about adding code to turn this off.

    Ditto. Still waiting to hear about a fix or work-around. Some of the messages I’m getting are hard to dechiper (and I’m a code-tweaker html-coding-since html 1.0) either way why am I being prevented from developing and posting code on my own website.

    In my case, we wanted to insert DFP tags for banners, a common use of widgets in a sidebar. When adding in the code, it sees a var in the javascript code that is defined elsewhere and wont let me save. It really defeats the purpose of adding in a HTML widget, there are too many possibilities to attempt to validate the contents. The functionality is pretty good itself and they probabally spent a lot of time on it, but it doesn’t have a place here. Either that or add an option to turn it off.

    Glad I found this thread. I ran into the same issue when I went back to update some custom code. It asked for double quotes instead of quotes and it “broke” the form when I did that.

    This is highly discouraging for those of us who use custom code in WP (which I am going to assume is a lot of people).

    I am going to look on some other forums to see if anyone else has come across a fix.

    I’ve also run into another strange situation. I noticed on one of my pages that 4 widgets in the primary sidebar that two of them were missing. After trying everything I could think of, including trying to add new widgets nothing would show. Come to find out I had one custom HTML widget in the sidebar and any widgets below it would not show up. Moved the custom HTML widget to the bottom and everything would reappear. The code in the widget was just a simple banner ad. No <div> or anything else that I could see affecting the widgets below it. I have also noticed that if I change the text size in the custom HTML widget it changes the text size in all the widgets below it no matter what they are.

    I’ve submitted a ticket on this issue and hope (need) to hear back soon and will keep you all posted. I even referenced this thread in my ticket so they should see it and may address it directly.

    As a comment to OP (and lots of commentors), be mindful that it is unwise to put sensitive stuff like PHP and Javascript into your database. As WordPress continues to harden its security, certain edge cases will be disallowed… and injecting PHP via a plugin should be one of them (if, as it appears to be, it isn’t already).

    Further, dropping sensitive scripts is equally dangerous for security purposes, including scripts for ads. Most of the ad servers have plugins that make inserting them safer for your site. https://wordpress.org/plugins/doubleclick-for-wp/ for one.

    Having the same problem with the draconian syntax police. It’s just plain old HTML NOT php- all I want to do is add social media buttons to a footer- I went in to edit the code and it wouldn’t let me save it as it was. Essentially the latest update broke my site. Please fix this as it’s a major oversight.

    This broke my site, at least my ability to make changes. I too use PHP inside of widgets. Nothing sensitive, just an include of some text or data from advanced custom fields. Worked great up until now.

    I can understand having the error checker issue warnings, but it should not take over my ability to make my own decision on how to handle those warnings.

    Please follow https://core.trac.wordpress.org/ticket/42988

    The double-quote lint rule can be removed via a plugin that does:

    <?php
    add_filter( 'wp_code_editor_settings', function( $settings ) {
        $settings['htmlhint']['attr-value-double-quotes'] = false;
        return $settings;
    } );
Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘HTML check option in WordPress 4.9’ is closed to new replies.