[wp-trac] [WordPress Trac] #15454: esc_textarea() for obvious textarea escaping function.
WordPress Trac
wp-trac at lists.automattic.com
Sat Dec 25 19:04:44 UTC 2010
#15454: esc_textarea() for obvious textarea escaping function.
------------------------------+-----------------------
Reporter: markjaquith | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.1
Component: General | Version: 3.1
Severity: major | Resolution:
Keywords: has-patch commit |
------------------------------+-----------------------
Changes (by nacin):
* keywords: has-patch needs-testing => has-patch commit
Comment:
I'm satisfied that there are no more regressions caused by [16431].
Everything in garyc40-15454-rev3.patch is handled by a commit,
[attachment:15454.diff], or is in press-this.php, which there's no need to
touch. (We've broken press-this enough this cycle.)
Leaving open for final review by ryan. Suggesting commit
[attachment:15454.diff] and close as fixed for 3.1, and we can revisit
textarea_escaped instances in a new ticket. Alternatively, punt to
3.2-early, but a note on the attachment, esc_html() handles everything
that esc_textarea() does except that it does not re-escape, and it does
not handle `&`. So it should be considered safe. (And is far less
destructive.)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15454#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list