[wp-trac] [WordPress Trac] #16788: Ampersands in e-mail address become invalid

WordPress Trac wp-trac at lists.automattic.com
Tue Mar 8 06:59:31 UTC 2011


#16788: Ampersands in e-mail address become invalid
--------------------------+------------------------------
 Reporter:  jfarthing84   |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Users         |     Version:  3.0.5
 Severity:  major         |  Resolution:
 Keywords:  dev-feedback  |
--------------------------+------------------------------

Comment (by garyc40):

 Network Users table don't have this issue. This is because in `class-wp-
 users-list-table.php`, we `sanitize_user_object()` before outputting user
 details, while in `class-wp-ms-users-list-table.php`, we don't. That being
 said, I still think it's appropriate to sanitize user object in Network
 Users table as well before printing out.

 When user object is sanitized, `user_email` filter is applied on the
 user's email. As a result, the email address is passed through
 `sanitize_email()`, resulting in `t&est at eamann.com`. Now if you're in
 the admin panel, `wp_filter_kses()` will further mutilate the email
 address, resulting in `t&ampest at eamann.com`. See
 [http://core.trac.wordpress.org/browser/trunk/wp-includes/default-
 filters.php#L53 this code].

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16788#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list