[wp-trac] [WordPress Trac] #17780: Use PHP native double encoding prevention in htmlspecialchars()
WordPress Trac
noreply at wordpress.org
Thu Jul 9 10:07:09 UTC 2015
#17780: Use PHP native double encoding prevention in htmlspecialchars()
------------------------------------------+--------------------------
Reporter: nbachiyski | Owner: miqrogroove
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 4.3
Component: Formatting | Version:
Severity: major | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+--------------------------
Comment (by miqrogroove):
Guys, '''please''' post your test results. I am on the road so getting
vague messages about ampersands is frustrating.
I did a quick test of my own using an admin account and found at least two
bugs:
1. Post permalinks are not HTML escaped outside of the tag, at least in my
theme. Attributes and link elements do not seem affected.
1. The post editor title box is displaying a double-encoded post title.
So after typing a test post title, I found places where my input was
returned not encoded, once encoded, and also twice encoded. Further
testing is needed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/17780#comment:32>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list