[wp-trac] [WordPress Trac] #16788: Ampersands in e-mail address become invalid
WordPress Trac
wp-trac at lists.automattic.com
Tue Mar 8 07:24:24 UTC 2011
#16788: Ampersands in e-mail address become invalid
--------------------------+------------------------------
Reporter: jfarthing84 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 3.0.5
Severity: major | Resolution:
Keywords: dev-feedback |
--------------------------+------------------------------
Comment (by garyc40):
Actually, upon further investigation, `sanitize_email()` seems to be
innocent.
Here's a more accurate recap of the process:
* User data is sanitized before being saved to the database.
`pre_user_email` filter is applied to `user_email`, which passes the email
to `wp_filter_kses()`. Here, the email address is mutilated the first
time. (`t&est at test.com` becomes `t&est at test.com`)
* When the user info is displayed in `wp-admin/users.php`,
`sanitize_user_object()` is called, which in turn applies `user_email`
filter to `user_email`. This results in `wp_kses` being called when
`is_admin()`, thus, double-escape the email address (`t&est at test.com`
becomes `t&ampest at test.com`).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16788#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list