←back to thread

ACF Plugin no longer available on WordPress.org

(www.advancedcustomfields.com)
221 points michaelcampbell | 2 comments | 13 Oct 24 15:44 UTC | HN request time: 0s | source
Show context
didgeoridoo ◴[13 Oct 24 19:51 UTC] No.41830981[source]
This is particularly bananas as ACF is basically table stakes for doing anything beyond blogging. I’d assume most websites that make actual money are thoroughly dependent on it.

To twist the knife on a personal spat, Mullenweg just blew up uncountable businesses on a double-holiday weekend. At this point, seriously, fuck that guy.

replies(2): >>41831282 #>>41831633 #
wmf ◴[13 Oct 24 20:26 UTC] No.41831282[source]
They replaced ACF with a forked version so the functionality is still there. That doesn't excuse it but the situation is not so dire for users.
replies(2): >>41831335 #>>41831614 #
1. noapologies ◴[13 Oct 24 21:09 UTC] No.41831614[source]
There are examples of things breaking in this very comment section [1].

Given how widely used ACF is, it wouldn't be surprising to learn that a lot of weekends were ruined by the "fork".

[1] https://news.ycombinator.com/item?id=41830709

replies(1): >>41831814 #
2. sgdfhijfgsdfgds ◴[13 Oct 24 21:32 UTC] No.41831814[source]
Looking at the code, it's not clear to me how much has broken because of the fork, and how much has broken because of the "secure context" security patch that ACF have apparently also applied in their own version.

That is, I think some of these things might have broken even with the real ACF.

The main change appears to be that if a developer has used a built-in wordpress function as a filter hook (rather than a user-defined one), that has been blocked. (This has never been a good idea, anyway; developers should not do it.) Also a filtered version of the POST variables has been passed to the callback. These are both seemingly to stop CSRF attacks.

This patch was necessary; it prevents CSRF and potentially other nasties.

I don't mean to excuse any of the other bullshit; I'm just saying that if there are "breakages" here, they are likely to do with the necessary patch that is hidden inside the gaslighting.