[wp-trac] Re: [WordPress Trac] #3506: Characters in custom field
are not escaped
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 29 22:00:36 GMT 2006
#3506: Characters in custom field are not escaped
---------------------+------------------------------------------------------
Reporter: llynix | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.2
Component: General | Version:
Severity: minor | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by llynix):
Some additional information.
The line I'm trying to put in is:
<div class="video">
<object type="application/x-shockwave-flash" width="320"
height="260"
data="http://onedittyaday.com/flvplayer.swf?file=/movies/whitexmas.flv&autoStart=false;">
<param name="movie"
value="http://onedittyaday.com/flvplayer.swf?file=/movies/whitexmas.flv&autoStart=false;"
/>
</object>
</div>
This gets turned into :
<div class="video">
<object type="application/x-shockwave-flash"
width="320" height="260"
data="http://onedittyaday.com/flvplayer.swf?file=/movies/whitexmas.flv&autoStart=false;">
<param name="movie"
value="http://onedittyaday.com/flvplayer.swf?file=/movies/whitexmas.flv&autoStart=false;"
/>
</object>
But if I re-edit it turns into:
<div class="video">
<object type="application/x-shockwave-flash"
width="320" height="260"
data="http://onedittyaday.com/flvplayer.swf?file=/movies/whitexmas.flv&autoStart=false;">
<param name="movie"
value="http://onedittyaday.com/flvplayer.swf?file=/movies/whitexmas.flv&autoStart=false;"
/>
</object>
Please notice the & has transformed into &
This seems to stem from:
line 868 : admin-functions.php
<td><textarea name='meta[{$entry['meta_id']}][value]' tabindex='6'
rows='2' cols='30'>{$entry['meta_value']}</textarea></td>
{$entry['meta_value']}
--
Ticket URL: <http://trac.wordpress.org/ticket/3506#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list