[wp-trac] [WordPress Trac] #17636: Search subtitles are handled inconsistently across admin
WordPress Trac
noreply at wordpress.org
Tue Nov 2 15:20:34 UTC 2021
#17636: Search subtitles are handled inconsistently across admin
----------------------------------------------+------------------------
Reporter: kawauso | Owner: chriscct7
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 5.9
Component: Administration | Version: 3.2
Severity: normal | Resolution:
Keywords: has-patch commit has-screenshots | Focuses:
----------------------------------------------+------------------------
Comment (by johnjamesjacoby):
Looking at
[https://core.trac.wordpress.org/attachment/ticket/17636/17636.3.diff
17636.3.diff], this nested combination of functions will not produce the
desired results.
* `esc_html()` is going to convert all HTML into entities
* `wp_strip_all_tags()` won't have any tags to strip, as they've just been
converted
* Bonus: `stripslashes( $_REQUEST['s'] )` is `wp_unslash( $_REQUEST['s']
)` elsewhere
To make this even more fun:
* Some screens do `esc_html( wp_unslash( $_REQUEST['s'] ) )`
* Some screens use `$s` as a global, encoding/decoding it
* Some methods use `wp_unslash( trim( $_REQUEST['s'] ) )` when later
passing into query arguments
* `get_search_query()` and `_admin_search_query()` exist as `esc_attr()`
alternatives
----
Let's do `esc_html( wp_unslash( $_REQUEST['s'] ) )` here like is done on
every other screen. This way it's consistent, and if future clean-up
happens or the approach changes it can more easily happen everywhere.
Updated patch and commit imminent.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/17636#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list