[wp-trac] [WordPress Trac] #9322: Post/Page titles aren't fully
escaped
WordPress Trac
wp-trac at lists.automattic.com
Thu Mar 12 11:06:22 GMT 2009
#9322: Post/Page titles aren't fully escaped
----------------------------+-----------------------------------------------
Reporter: Viper007Bond | Owner: anonymous
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Administration | Version: 2.8
Severity: normal | Keywords: has-patch needs-testing
----------------------------+-----------------------------------------------
To reproduce:
1. Write a post called "`I <3 WordPress`". Note you cannot use "`<`" as
HTML is currently allowed in post titles (`<del>` for example is a valid
usage).[[BR]]
[[BR]]
2. Save or Publish the post. You'll notice the title of the post is now
"`I <3 WordPress`". This is incorrect and will break things if you save
again.
Attached patch fully escapes all post titles.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9322>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list