[wp-trac] Re: [WordPress Trac] #9935: Quick editor for comments
converts encoded HTML entities back into plain form
WordPress Trac
wp-trac at lists.automattic.com
Tue Jun 2 19:12:55 GMT 2009
#9935: Quick editor for comments converts encoded HTML entities back into plain
form
---------------------------+------------------------------------------------
Reporter: michaeltyson | Type: defect (bug)
Status: reopened | Priority: normal
Milestone: 2.8 | Component: Comments
Version: 2.7.1 | Severity: minor
Resolution: | Keywords: needs-patch comments quick edit html entities encode htmlspecialchars
---------------------------+------------------------------------------------
Changes (by hakre):
* component: Quick Edit => Comments
Comment:
I could take a deeper look into this Issue. It has been show that my last
assumption that it is QuickEdit based was wrong. QuickEdit used markup
that is provided ''/wp-admin/edit-comment.php''. The markup is the output
result of a function called ''_wp_comment_row()'' that is located in
''/wp-admin/includes/template.php''. That function then re-uses a frontend
(!) output function, namely ''comment_text'' from ''/wp-
includes/comments.'' This function does not properly output the data from
database for HTML output.
A quick cross-check with the frontend output does reveal that the comment
itself isn't properly display on the blog as well (same kind of problem as
in the backend).
Therefore the first thing to do is to fix the root. This is:
function ''comment_text'' from file ''/wp-includes/comments.''
The funny thing is: This is a kind of multi filter. You have got multiple
filters that all do the same now. Here is a little structure displayed:
{{{
comment_text()
}}}
>
{{{
echo apply_filters('comment_text', get_comment_text() );
}}}
>
{{{
get_comment_text()
}}}
>
{{{
return apply_filters('get_comment_text', $comment->comment_content);
}}}
>
{{{
$comment
}}}
>
{{{
global $comment
}}}
so therefore there can be an invalid filter applied per default to either
''comment_text''-filter or ''get_comment_text''-filter or the default
value of the global variable ''$comment->comment_content'' is just plain
wrong which would show that there is a problem with fetching the database
data.
or instead of the template function to use ''comment_text'' it must use
''get_comment_text'' and HTML-Encode the return value prior to displaying.
The scenario with ''$comment->comment_content'' should not be considere
much because the database contains the unencoded text and the html-output
needs it properly encoded. That is not located in the global variable.
Trying to find out more now. I'm currently on the Issue.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9935#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list