Support

Home Forums Event Espresso Premium Events Grid Template – short code argument boolean values

Events Grid Template – short code argument boolean values

Posted: November 18, 2024 at 4:14 pm

Viewing 2 reply threads


Digital Services Lab

November 18, 2024 at 4:14 pm

I have been using the [ESPRESSO_GRID_TEMPLATE show_expired=false]
 shortcode for at least a year on one of my sites, but recently found that it was showing expired events.

It took me a while to work this out but “0” & “1” as the argument values work, true/false do not…. The docs never use 0/1, they use true false.
Since all shortcode values are passed as strings, this means you need to do some boolean conversion if you want to use them as bools but it doesn’t look like EE does this.
From what i can see it skips any sanitisation and uses the value directly.. which means “false” as a string is TRUE as a boolean value, as expected from PHP..

If you leave it out it works because the default value is a boolean, not a string, but this is fairly poor design if you are assuming that it will only be used if someone wants to set it to “true” and then relying on that fact that “true” as a string is truthy. You could literally put any string at all in there except “0” and it will show expired value because all strings except “0” are truthy.


Digital Services Lab

November 18, 2024 at 7:03 pm

I think you should be doing this:

In core. EES_Shortcode->sanitize_attributes() on line 160 you are doing basic sanitization of boolean values but not actually converting them.

change this

case in_array($value, [true, 'true', '1', 'on', 'yes', false, 'false', '0', 'off', 'no'], true):
$attributes[ $key ] = $value;
break;

to this (why are you checking if it’s meant to be bool but not converting it?
EEH_Event_Query::set_query_params() type hints this value as bool, so without converting it, php coerces them incorrectly. i.e. “false”, “off”, “no” etc are all coerced to TRUE.

case in_array($value, [true, 'true', '1', 'on', 'yes', false, 'false', '0', 'off', 'no'], true):
$attributes[ $key ] = filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
break;

Subseqently then remove ‘skip_sanitization’ from show_expired and it should work as users would expect


// the following get sanitized/whitelisted in EEH_Event_Query
$custom_sanitization = array(
'category_slug' => 'skip_sanitization',
'show_expired' => 'skip_sanitization',
'order_by' => 'skip_sanitization',
'month' => 'skip_sanitization',
'sort' => 'skip_sanitization',
);


Digital Services Lab

November 18, 2024 at 7:08 pm

The last snippet is from EES_Espresso_Grid_Template->process_shortcode()
Viewing 2 reply threads

You must be logged in to reply to this support post. Sign In or Register for an Account

Support forum for Event Espresso 3 and Event Espresso 4.
Documentation for EE3 and EE4
Documentation for Event Espresso 3 Documentation for Event Espresso 4

Status: publish

Updated by Digital Services Lab 2 days, 7 hours ago ago

Topic Tags

Notifications

This topic is: not resolved
Event Espresso