[wp-trac] [WordPress Trac] #44183: BUG in get_the_archive_title() when get author
WordPress Trac
noreply at wordpress.org
Tue May 22 14:32:35 UTC 2018
#44183: BUG in get_the_archive_title() when get author
--------------------------+------------------------------
Reporter: Tkama | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.9.6
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+------------------------------
Changes (by Tkama):
* version: => 4.9.6
Comment:
> I don't think we have the ability to use HTML formatting for
`display_name` field. Please correct me if I am wrong.
It's a good practice to esc any vulnerable string on output. For example,
some theme allows to change 'display_name' but don't sanitize the value on
save, and in this case, WP will output the string as it is...
I'm not sure that's really necessary. Because `get_the_archive_title()`
only return the string, but not echo it. But on the other hand, we have
there `'<span class="vcard">'` html tag and we can't esc the value in
future.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44183#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list