[wp-trac] [WordPress Trac] #42988: HTML Code Checking Feature (V4.9) Has Bugs
WordPress Trac
noreply at wordpress.org
Wed Dec 27 21:43:17 UTC 2017
#42988: HTML Code Checking Feature (V4.9) Has Bugs
-------------------------------+------------------------------
Reporter: akaim | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.1
Severity: normal | Resolution:
Keywords: needs-screenshots | Focuses:
-------------------------------+------------------------------
Changes (by jeremyescott):
* keywords: => needs-screenshots
Comment:
So, I'm not a "team" member, unless you count all of us as being on the
team, but I follow tickets to both look for opportunities to submit
patches and also keep a pulse on the community.
This ticket--and the linked forum post--are both sorely lacking in
information.
For example, the initial post (and most follow-up comments) in the linked
forum thread complain about things that the HTML widget isn't designed
for, including PHP in the widget. It makes sense that the ''HTML Widget''
doesn't accept PHP. Keep in mind that WP Core is built to protect its
users, a huge chunk of which aren't as savy as us skilled devs, and giving
anyone with widget access the ability to inject potentially bad PHP code
into widgets is a very bad idea. A plugin author and/or a theme developer
could easily register a custom widget that allows PHP entry via a widget
(if that is even safe to put PHP in the db, another discussion), but any
security holes would be a consequence of that plugin/theme and not core.
Further, can you provide an example of your code that you say should work
but doesn't? WordPress carefully sanitizes what it allows to put into the
database in raw HTML and some things aren't allowed. Again, this may be
for your safety, but you need to show an example of the code so that
others can help you understand if what you're seeing is a bug that
can/should be fixed or just a case of a user trying to use something that
the widget isn't designed for.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42988#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list