[wp-trac] [WordPress Trac] #24121: Blank title caused by PHP 5.4 htmlspecialchars() changes

WordPress Trac noreply at wordpress.org
Thu Apr 18 11:57:02 UTC 2013 

#24121: Blank title caused by PHP 5.4 htmlspecialchars() changes
-----------------------------+--------------------------
 Reporter:  trevHCS          |       Type:  defect (bug)
   Status:  new              |   Priority:  normal
Milestone:  Awaiting Review  |  Component:  Formatting
  Version:  3.5.1            |   Severity:  normal
 Keywords:  needs-patch      |
-----------------------------+--------------------------
 Due to changes in PHP 5.4 within the htmlspecialchars() function, non
 UTF-8 characters in a post title will cause said title to go blank.

 This is similar behaviour to ticket ID #23688 except:

 - That ticket affected the body of the post not the title.
 - This may require a slightly diff solution.
 - The affected code is in two separate scripts.


 '''Scenario:'''

 - You add / edit a post and give it a title containing "You’re"
 - You save the post and it appears on the site correctly.
 - However, the admin -> post screen looses the title due to the ’
 - Any further updates will lose the title from the public blog.

 Offending character in this case is , fancy quote mark, but any non
 UTF-8 character will do the same, eg: the Euro symbol.


 '''Problem:''' This occurs in edit-form-advanced.php around line 331 where
 it says:

 {{{
 <?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>
 }}}


 '''Suggested solutions:''' My reading of the code is that esc_attr() does
 basically the same thing in this case as htmlspecialchars() so perhaps
 removing htmlspecialchars would work?

 If not, a similar solution to that other ticket could be used, but it
 would likely need to be something like below, although see the notes in
 the other ticket about normalising blog_charset.

 {{{
 <?php echo esc_attr( htmlspecialchars( $post->post_title, ENT_SUBSTITUTE,
 get_option( 'blog_charset' ) ) ); ?>
 }}}

 I have tested with the alternative ENT_DISALLOWED but that seems to cause
 blank titles too.

 Finally - I wasn't 100% sure if this should be a new bug or related to the
 previous ticket, but as that one is old I didn't want this important
 problem to be missed as it affects the very nature of blog publishing.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/24121>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list