[wp-trac] [WordPress Trac] #3043: both WYSIWYG and plain editor are
stripping tags.
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 16 11:13:33 GMT 2006
#3043: both WYSIWYG and plain editor are stripping tags.
----------------------+-----------------------------------------------------
Reporter: morpheu5 | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Security | Version: 2.0.4
Severity: major | Keywords: editor strip stripping tag tags
----------------------+-----------------------------------------------------
Hi you all. I'm running WP 2.0.4 on a server with PHP Version 5.1.4-pl4-
gentoo with Hardening-Patch 0.4.11.
The problem is that the tags are being stripped by WP and gets replaced
with <p> and <br />. The problem may reside in the hardening patch - as
stated by the owner of the server - which cleans up potentially malicious
content for security issues. He said that this behaviour will be
integrated in PHP 5.2.x as the standard behaviour. He also said that this
is a per-server setting, not a per-directory one.
I'm pretty new the WP code for making a patch on it (and honestly I found
that code to be a real damn big mess) so I'm just suggesting you to encode
the html content got from the form with htmlentities() before working on
it and decode it with html_decode_entity() before sending it back to the
user. I actually don't know much about how the hardening patch works for
this issue but I guess that this would be enough.
--
Ticket URL: <http://trac.wordpress.org/ticket/3043>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list