[wp-trac] Re: [WordPress Trac] #9935: Quick editor for comments converts encoded HTML entities back into plain form

WordPress Trac wp-trac at lists.automattic.com
Tue Jun 2 19:12:55 GMT 2009 

#9935: Quick editor for comments converts encoded HTML entities back into plain
form
---------------------------+------------------------------------------------
  Reporter:  michaeltyson  |        Type:  defect (bug)                                                         
    Status:  reopened      |    Priority:  normal                                                               
 Milestone:  2.8           |   Component:  Comments                                                             
   Version:  2.7.1         |    Severity:  minor                                                                
Resolution:                |    Keywords:  needs-patch comments quick edit html entities encode htmlspecialchars
---------------------------+------------------------------------------------
Changes (by hakre):

  * component:  Quick Edit => Comments


Comment:

 I could take a deeper look into this Issue. It has been show that my last
 assumption that it is QuickEdit based was wrong. QuickEdit used markup
 that is provided ''/wp-admin/edit-comment.php''. The markup is the output
 result of a function called ''_wp_comment_row()'' that is located in
 ''/wp-admin/includes/template.php''. That function then re-uses a frontend
 (!) output function, namely ''comment_text'' from ''/wp-
 includes/comments.''  This function does not properly output the data from
 database for HTML output.

 A quick cross-check with the frontend output does reveal that the comment
 itself isn't properly display on the blog as well (same kind of problem as
 in the backend).

 Therefore the first thing to do is to fix the root. This is:

 function ''comment_text'' from file ''/wp-includes/comments.''

 The funny thing is: This is a kind of multi filter. You have got multiple
 filters that all do the same now. Here is a little structure displayed:

 {{{
 comment_text()
 }}}
 >
 {{{
 echo apply_filters('comment_text', get_comment_text() );
 }}}
 >
 {{{
 get_comment_text()
 }}}
 >
 {{{
 return apply_filters('get_comment_text', $comment->comment_content);
 }}}
 >
 {{{
 $comment
 }}}
 >
 {{{
 global $comment
 }}}

 so therefore there can be an invalid filter applied per default to either
 ''comment_text''-filter  or ''get_comment_text''-filter or the default
 value of the global variable ''$comment->comment_content'' is just plain
 wrong which would show that there is a problem with fetching the database
 data.

 or instead of the template function to use ''comment_text'' it must use
 ''get_comment_text'' and HTML-Encode the return value prior to displaying.

 The scenario with ''$comment->comment_content'' should not be considere
 much because the database contains the unencoded text and the html-output
 needs it properly encoded. That is not located in the global variable.

 Trying to find out more now. I'm currently on the Issue.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9935#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list