[wp-trac] [WordPress Trac] #17780: Use PHP native double encoding prevention in htmlspecialchars()
WordPress Trac
noreply at wordpress.org
Wed Jun 3 16:04:56 UTC 2015
#17780: Use PHP native double encoding prevention in htmlspecialchars()
-------------------------+--------------------------
Reporter: nbachiyski | Owner: miqrogroove
Type: enhancement | Status: accepted
Priority: normal | Milestone: 4.3
Component: Formatting | Version: 3.2.1
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+--------------------------
Comment (by miqrogroove):
I see where the decoding bug was introduced now. Here is an explanation:
- In [10297] the strategy to prevent double encoding was to decode
specialchars before the call to encode specialchars. This was a harmless,
but ultimately futile algorithm because it wouldn't do anything.
- In [10298] a placeholder strategy was added to accomplish actual
avoidance of double encoding. It appears the author failed to remove the
decode command from the patch, resulting in unnecessary decoding prior to
the placeholder insertion.
- In #12284 although the bug was mentioned there, I didn't dig this far to
find out what was the original problem.
I'm open to other opinions, but it looks like the reference decoding by
this function is entirely unintentional.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/17780#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list