Plugin tries to process non Shortcode files (custom shortcodes) #127
Description
Problem
Recently, I've had an error that the Shortcode plugin somehow tried to process a .gitkeep file in the custom shortcodes folder specified with custom_shortcodes.
How I noticed the problem
I don't know why and how, but my .gitkeep file had two empty lines instead of just one by accident, and that caused a single empty line at the top of every page. After I removed the new line or disabled the plugin, the problem was gone.
Security
This issue could be a bigger security risk, since the plugin parses files which are not meant to be a shortcode.
Possible solution
Since all shortcodes are built like this:,
class CustomShortcode extends Shortcode {
public function init() {
$this->shortcode->getHandlers()->add('custom', function (ShortcodeInterface $sc) {
return 'some custom content';
});
}
}I think it must be possible to only "parse" shortcode files. Or even only executing PHP code which is a class and extends Shortcode.
I'm not very familiar with PHP yet, so this could be a wrong assumption, but why was the plugin built this way? Isn't it easier to just run child classes of Shortcode