[wp-trac] [WordPress Trac] #2892: JS confirmation dialog for deletion in 'manage posts'

WordPress Trac wp-trac at lists.automattic.com
Mon Jul 3 19:48:47 GMT 2006

#2892: JS confirmation dialog for deletion in 'manage posts'
 Reporter:  c0ldfusi0nz     |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  normal          |   Milestone:           
Component:  Administration  |     Version:           
 Severity:  normal          |    Keywords:           
 Line #213 in wp-admin/edit.php

 The javascript confirmation dialog fails to appear when trying to delete a
 post under 'manage posts' if the title of the post contains any single
 quotes. Thus the post is deleted without confirmation.

 I see that wp_specialchars is encoding single quotes in the title as
 ' but the JS is converting that back to a single quote which ends the
 message string early and results in the popup dialog's failure to appear.
 I would recommend adding some logic to js_escape to make sure any single
 quotes are getting escaped, such as a str_replace to add a backslash in
 front of the ' chars.

Ticket URL: <http://trac.wordpress.org/ticket/2892>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list