[wp-trac] [WordPress Trac] #24418: $meta['quote_source_name'] in get_the_post_format_quote() needs to be escaped
WordPress Trac
noreply at wordpress.org
Sat May 25 04:34:36 UTC 2013
#24418: $meta['quote_source_name'] in get_the_post_format_quote() needs to be
escaped
--------------------------+-----------------------------
Reporter: tollmanz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Post Formats | Version: trunk
Severity: normal | Keywords:
--------------------------+-----------------------------
HTML in `$meta['quote_source_name']` should be escaped when accessed via
`get_the_post_format_quote()`. Adding certain HTML to the source name can
break the layout.
For instance:
[[Image(http://f.cl.ly/items/401H1G3m1a0T2h3t1S0g/Screen%20Shot%202013-05-24%20at%209.31.23%20PM.png)]]
This can be recreated by doing the following:
1. Add a new quote post
1. Give it a title and some text
1. In the "Quote Source" field, add </div>
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24418>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list