[wp-trac] [WordPress Trac] #24328: blogname and blogdescription are not escaped
WordPress Trac
noreply at wordpress.org
Mon May 13 18:49:09 UTC 2013
#24328: blogname and blogdescription are not escaped
----------------------------+------------------------------
Reporter: aniketpant | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------------------
Comment (by aniketpant):
Replying to [comment:3 nacin]:
> Check out sanitize_option(). The input is being sanitized, which is why
it is coming back empty. The issue is likely < and > causing strip_tags()
to be overzealous.
Yes. sanitize_option() is definitely making that happen. But what if I
really want my website name to have `<` and `>`. I do not wish to enter
them as `<` and `>`. If we think from an average user's point of
view, and that person might want to include a symbol or tag of this sort,
his value will not be accepted (which was the case for me). Further, after
sanitization it sets it to `null` and stores it. The original value is
lost without any error message or notification.
If WordPress will not allow for storing of these strings, then it should
be explicitly mentioned as help text and also, the old value should not be
lost.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24328#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list