ISSUE DESCRIPTION
In version 1.9.7, Bricks delivered valuable security improvements. As a consequence, developers need to specifically approve functions for execution in the functions.php file of the Bricks child theme. While this is a valuable feature in production, it is less valuable in development, adding inconvenience and interrupting developer workflows. Ex.:
add_filter( 'bricks/code/echo_function_names', function() {
return [
'NumFormat',
];
} );
IMPACT
As a developer, when defining custom functions, a user needs two windows open: Bricks and the functions.php file of the child theme. Even when defining functions infrequently, it’s laborious to navigate to and open the functions.php to add a given function before knowing if it works.
The security benefits of explicitly approving functions in production makes sense. In development, the URL is no-indexed or local, and the website itself serves no business benefit. The convenience-security tradeoff makes less sense in development.
REQUESTED ACTION
Add a toggle that allows developers to disable the function.php whitelist requirement while the site is in development. While disabled, there can be a big red message or something that’s highly visible in Bricks settings an/or other locations.
USER EXPERIENCE RESULT
Developers will be able to create their Bricks sites with functions and without inconvenience. When they’re done, they will go to Bricks Settings, copy the code snipped for all of the functions they created, and add them to the functions.php file in the Bricks child theme all at once. This will have an added benefit of reducing the opportunity for error, instead of adding functions one by one.