Bug: & character is encoded as & also in admin inputs

[saulirajala]

After 5.9.8. ACF introduced the following change: https://github.com/AdvancedCustomFields/acf/commit/0c8704f5378df4b320bf03b4011c7a047f6e08f6#diff-08f62fedcdebd3d9a0a3142b5d5aeee9e82c0e5421ff39306ced09cde1316053R206-R208

This causes all ampersands in value of text and textarea fields to be encoded as & in admin for not super-admin users in multisite:

Tested this with WordPress Core 5.8.2, other plugins and mu-plugins disabled and with twentytwentyone theme. Issue also occurs in single sites for all user roles, if define( 'DISALLOW_UNFILTERED_HTML', true ); is set (which is the case in our situation). We use ACF Pro, but the issue seems to occur both in acf and acf-pro with latest versions.

I believe this happens because render_field() calls acf_get_text_input() here.

I fixed the situation for now with following code:

add_filter( 'acf/load_value/type=text', function ( $value ) {
    $value = htmlspecialchars_decode( $value );

    return $value;
} );

but it would be nice to have the fix in ACF.

[shanemac10]

Thank you! For anyone else running into this issue, you can specify ACF fields in a few different ways

acf/load_value Applies to all fields. acf/load_value/type={$type} Applies to all fields of a specific type. acf/load_value/name={$name} Applies to all fields of a specific name. acf/load_value/key={$key} Applies to all fields of a specific key.

Here's what I did personally...

function decode_saved_htmlspecialchars( $value ) {
    $value = htmlspecialchars_decode( $value );
    return $value;
}
add_filter( 'acf/load_value/type=text', 'decode_saved_htmlspecialchars');
add_filter( 'acf/load_value/type=textarea', 'decode_saved_htmlspecialchars');
add_filter( 'acf/load_value/type=wysiwyg', 'decode_saved_htmlspecialchars');

[attila-albert]

I've got the same issue, the solution above helped to solve it. Quite annoying bug, if it weren't for this post, would take hours to find a fix.