开发者 | Feel Creative |
---|---|
更新时间 | 2019年9月18日 12:21 |
PHP版本: | 4.0 及以上 |
WordPress版本: | 5.2.3 |
版权: | GPLv2 |
版权网址: | 版权信息 |
[URLParam param='paramname']
Shows the value of GET named paramname ('Hannes' in the example URL), or "blank value" if none given.
Hello Hannes!
Shows the value of GET named paramname, or empty space if none
/wp-content/plugins/
directory, or upload the ZIP file directly in
the Plugins section of your Wordpress adminThere is a known problem where the plugin shortcodes are used within URLs or other HTML attributes which are themselves inside quotes. Starting in the WordPress 4.2.3 security auto-update, you can no longer include shortcodes in HTML attributes. Previous to this WordPress update, you could set a field value like this: . Now you have to set it like this: or [urlparam htmltag="input" type="text" name="firstname" attr="value" param="FirstName" /]. If you are still using this shortcode the old way, unfortunately, WordPress simply won’t process the shortcode and will return back the full shortcode text unprocessed.
In short, no. To help protect your site against Reflected Cross Site Scripting, we sanitize output with esc_html() which prevents any HTML tags from being passed in and displayed. This would prevent someone from passing in javascript, for example, and having it execute on your site.
Please help each other on the public support forums.