Total 5.4.1 was updated to include an extra security check when using callback functions within shortcodes to prevent potential exploits from the core wp_ajax_parse_media_shortcode WordPress function. Previously you could enter the name of any function within a shortcode “Callback Function” field and it would run, but now that function name must also be defined as a whitelisted function.
In order to white list functions you need to define the “VCEX_CALLBACK_FUNCTION_WHITELIST” constant via your child theme or using the Code Snippets plugin and it should return an array of functions that can be used on the site. Example:
/* * White list functions for use in Total Theme Core shortcodes. */ define( 'VCEX_CALLBACK_FUNCTION_WHITELIST', array( 'my_custom_function_name_1', 'my_custom_function_name_2', 'my_custom_function_name_3', ) );
We realize this is a pain in the butt, but your site safety is important!
Example of a Callback function in use:
Below is a screenshot from the Post Cards element showing an example of a field that supports a callback function.
So with this example in mind, you would need to make sure that the "your_custom_callback_function_name" function is part of your whitelist array. Example:
/* * White list functions for use in Total Theme Core shortcodes. */ define( 'VCEX_CALLBACK_FUNCTION_WHITELIST', array( 'your_custom_callback_function_name', ) );