[wp-trac] [WordPress Trac] #15454: esc_textarea() for obvious textarea escaping function.

WordPress Trac wp-trac at lists.automattic.com
Sat Dec 25 19:04:44 UTC 2010

#15454: esc_textarea() for obvious textarea escaping function.
 Reporter:  markjaquith       |       Owner:
     Type:  defect (bug)      |      Status:  reopened
 Priority:  high              |   Milestone:  3.1
Component:  General           |     Version:  3.1
 Severity:  major             |  Resolution:
 Keywords:  has-patch commit  |
Changes (by nacin):

 * keywords:  has-patch needs-testing => has-patch commit


 I'm satisfied that there are no more regressions caused by [16431].

 Everything in garyc40-15454-rev3.patch is handled by a commit,
 [attachment:15454.diff], or is in press-this.php, which there's no need to
 touch. (We've broken press-this enough this cycle.)

 Leaving open for final review by ryan. Suggesting commit
 [attachment:15454.diff] and close as fixed for 3.1, and we can revisit
 textarea_escaped instances in a new ticket. Alternatively, punt to
 3.2-early, but a note on the attachment, esc_html() handles everything
 that esc_textarea() does except that it does not re-escape, and it does
 not handle `&`. So it should be considered safe. (And is far less

Ticket URL: <http://core.trac.wordpress.org/ticket/15454#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list