[wp-trac] [WordPress Trac] #11311: kses converts ampersands to & in post titles, post content, and more
WordPress Trac
wp-trac at lists.automattic.com
Wed May 30 13:42:13 UTC 2012
#11311: kses converts ampersands to & in post titles, post content, and more
----------------------------+-----------------------------
Reporter: Viper007Bond | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Administration | Version: 2.9
Severity: normal | Resolution:
Keywords: needs-patch |
----------------------------+-----------------------------
Changes (by johnbillion):
* keywords: needs-patch gsoc => needs-patch
Comment:
There are actually quite a few places where WordPress is storing data with
entities encoded. For example, a term named "This & That" will have
entities in its name encoded, resulting in a term name of "This &
That". Not good for when you're trying to do things with data and you
don't want it encoded (for example, putting the term name in a 'title'
attribute).
The following fields are stored with encoded entities regardless of your
user role as they all go through `wp_kses()`:
* Term name and description
* User first name, last name, display name, nickname and description
* Comment author name
* Link name, description, image, rel and notes
Link target, comment author email, comment author URL, user email, user
URL and link URL are also stored with encoded entities, although these
fields typically don't contain entities.
The best solution would be to switch to storing this data in unencoded
form and run an upgrade routine to decode existing data when the change
happens, but I realise that this is potentially an expensive upgrade. I'm
not sure how to address that problem.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11311#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list