[wp-hackers] about a possible bug related to attribute_escape
Ryan Boren
ryan at boren.nu
Thu Feb 22 20:04:03 GMT 2007
On 2/20/07, Andrea Ercolino <aercolino at yahoo.com> wrote:
> The problem is that I really want the chars exactly as I put them into a
> custom field, i.e. if I put &# 8212; then I want &# 8212; recorded and
> displayed (in the editing panel): I don't mean at all — nor â€" !!
>
> This is true not only for meta_value, but also for meta_key, and not only
> for &# 8212; but also for any other entities / chars.
>
> WordPress should not change the values of the custom fields because they are
> the last resort for keeping data as is, untexturized.
>
> I've tried the following and it works as expected (by me)
>
>
> $entry['meta_value'] = htmlspecialchars($entry['meta_value']);
meta_value is not used in an attribute, so htmlspecialchars is
sufficient. I'll fix that. meta_key is used in the value attribute
of an input tag, so we might need a different fix there.
Ryan
More information about the wp-hackers
mailing list