[wp-trac] [WordPress Trac] #43946: Inconsistent encoding of comment_content
WordPress Trac
noreply at wordpress.org
Thu May 3 10:50:13 UTC 2018
#43946: Inconsistent encoding of comment_content
--------------------------+-----------------------------
Reporter: leewillis77 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 4.9.5
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
The contents of the comments.comment_content field in the WordPress
database are stored inconsistently depending on whether the user creating
the comment was logged in or not.
{{{
> select comment_ID, comment_content, comment_type from wp_comments where
comment_ID > 7;
+------------+-----------------------------------------------------+--------------+
| comment_ID | comment_content |
comment_type |
+------------+-----------------------------------------------------+--------------+
| 8 | This is a good & strong comment (comment, anon) |
|
| 9 | This is a good & strong comment (comment, auth) |
|
+------------+-----------------------------------------------------+--------------+
}}}
In the example above, comment 8 was left by an anonymous user, and comment
9 was left by an authenticated user. Notice how the comment_content field
has been HTML-escaped for ID 8, but not for ID 9.
=== Steps to reproduce:
* Install a fresh copy of WordPress
* As the site administrator, navigate to the default "hello-world" post
* Leave a comment including characters that should be escaped when output
to HTML, e.g. &
* Log out
* Navigate to the default "hello-world" post
* Leave a comment including characters that should be escaped when output
to HTML, e.g. &
Compare the contents of the two comments in the wp_comments table.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43946>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list