From 342228256f5f344afad805e3909d0f0e1a4f3c52 Mon Sep 17 00:00:00 2001
From: Kevin Cristiano <kcristiano@kcristiano.com>
Date: Fri, 16 Feb 2024 10:06:40 -0500
Subject: [PATCH] add more comments and a readme file

---
 README.md                | 13 +++++++++++++
 tc-allow-acf-content.php |  4 +++-
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..6a5516d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,13 @@
+# Allow Unfiltered ACF Content
+
+See https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/
+
+- Starting in 6.2.7 ACF will strip unsafe content from `the_field`, `the_subfield`, and shortcodes
+- We can test early by applying a filter
+- We can disable the filtering for trusted fields via a filter
+
+This plugin will enable the chanmges before they are released via `add_filter( 'acf/the_field/escape_html_optin', '__return_true' );`  
+
+This is done to see what will occur on sites.
+
+If we have trusted content that we don not want ACF to filter, we can exclude by filtering one field or shortcode at a time.
\ No newline at end of file
diff --git a/tc-allow-acf-content.php b/tc-allow-acf-content.php
index 8c8413c..7add958 100644
--- a/tc-allow-acf-content.php
+++ b/tc-allow-acf-content.php
@@ -19,7 +19,8 @@ add_filter( 'acf/the_field/escape_html_optin', '__return_true' );
 
 /**
 * Add filter to allow unfiltered HTML for the_field based on https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/#conditionally-disabling-the-new-behavior
-* Chnage selector to ACF field slug
+* Change selector to ACF field slug
+* Add one filter for each field
 */
 add_filter( 'acf/the_field/allow_unsafe_html', function( $allowed, $selector ) {
   if ( $selector === "intro" ) {
@@ -31,6 +32,7 @@ add_filter( 'acf/the_field/allow_unsafe_html', function( $allowed, $selector ) {
 /**
 * Add filter to allow unfiltered HTML for ACF Shortcodes based on https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/#conditionally-disabling-the-new-behavior
 * Change $atts['field'] to ACF Field Slug
+* * Add one filter for each shortcode
 */
 add_filter( 'acf/shortcode/allow_unsafe_html', function ( $allowed, $atts ) {
     if ( $atts['field'] === 'podcast_iframe' ) {
-- 
GitLab