[wp-trac] [WordPress Trac] #10801: Revision posts are saved with double-filtered content
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 17 01:08:37 UTC 2009
#10801: Revision posts are saved with double-filtered content
--------------------------+-------------------------------------------------
Reporter: redsweater | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version: 2.8.4
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
When a post is saved using wp_insert_post, the post is first sanitized
with sanitize_post, which applies the content_save_pre filter to the
description of the post.
Later in wp_insert_post, the pre_post_update filter is called, which
causes the wp_save_post_revision method to be called, with the ALREADY-
sanitized content of the post. The wp_save_post_revision ends up calling
wp_insert_post for the revision entry, which this time sanitizes the post
content again before saving it in the revision.
The problem here is if any content_save_pre filter (or any of the other
sanitizing content filters, for that matter) produce "nonterminal"
results, then the content that is saved to the revision copy ends up being
an inaccurate representation of the post.
For example, the popular SyntaxHighlighter Evolved plugin:
http://www.viper007bond.com/wordpress-plugins/syntaxhighlighter/
Uses a technique that escapes entities on the way into the database, and
unescapes them on the way out. So for instance, an ampersand in the post
content is escaped to "&". But by the time the post revision is saved,
it is asked again to sanitize, this time converting "&" into
"&".
I'm not sure what the right fix is.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10801>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list