[wp-trac] [WordPress Trac] #24248: 'guid' not properly escaped
WordPress Trac
noreply at wordpress.org
Thu May 2 14:03:35 UTC 2013
#24248: 'guid' not properly escaped
--------------------------+-------------------------------------
Reporter: meloniq | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Post Types | Version: trunk
Severity: normal | Keywords: has-patch needs-testing
--------------------------+-------------------------------------
Probably related issues: [#18274] [#19248]
'guid' being saved in database not properly escaped, example:
{{{http://www.wordpress.dev/?post_type=changeset&p=57}}} , see the
ampersand encode {{{&}}}
It supposed to be {{{&}}} or at least {{{&}}}
Once 'auto-draft' saved, 'guid' is correct:
{{{http://www.wordpress.dev/?post_type=changeset&p=57}}}
Once post is saved as 'draft' or published (triggered 'update post' on
auto-draft), 'guid' gets malformed.
Source of issue: inappropriate usage of {{{get_post_field()}}} function in
the {{{wp_insert_post()}}}
{{{get_post_field()}}} defaults to 'display' context, we not specify
context while obtaining field, and in the {{{wp_insert_post()}}} we are
not going to display it anywhere, just get, check, and save again,
correct?
Attached patch adds the 'raw' context to usage of {{{get_post_field()}}}
with 'guid'
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24248>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list