[wp-trac] Re: [WordPress Trac] #9934: Apostrophe in comment author
causes comment to be spammed - esc_html
WordPress Trac
wp-trac at lists.automattic.com
Fri May 29 16:43:35 GMT 2009
#9934: Apostrophe in comment author causes comment to be spammed - esc_html
--------------------------+-------------------------------------------------
Reporter: tellyworth | Owner: markjaquith
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 2.8
Component: Comments | Version:
Severity: blocker | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment(by ryan):
wp_specialchars(), when passed only one argument, calls esc_html().
esc_html() defaults to ENT_QUOTES. wp_specialchars() used to default to
ENT_NOQUOTES.
Do we need esc_html_db() for these instances. (Yes, I know we should
escape as little as possible when sending to the db, but I'm going for the
minimal fix for 2.8.)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/9934#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list