[wp-trac] [WordPress Trac] #55456: Double escaping wp_user-settings
WordPress Trac
noreply at wordpress.org
Mon Feb 2 11:29:18 UTC 2026
#55456: Double escaping wp_user-settings
-------------------------------------------------+-------------------------
Reporter: phatkoala | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future
| Release
Component: Users | Version: 2.7
Severity: normal | Resolution:
Keywords: has-patch dev-feedback has-test- | Focuses:
info reporter-feedback |
-------------------------------------------------+-------------------------
Changes (by ozgursar):
* keywords: has-patch dev-feedback has-test-info needs-testing => has-
patch dev-feedback has-test-info reporter-feedback
Comment:
== Reproduction Report
=== Environment
- WordPress: 7.0-alpha-61577
- PHP: 8.3.30
- Server: PHP.wasm
- Database: WP_SQLite_Driver (Server: 8.0.38 / Client: 3.51.0)
- Browser: Opera
- OS: macOS
- Theme: Twenty Twenty-Five 1.4
- MU Plugins: None activated
- Plugins:
* Ampersand Test
* Test Reports 1.2.1
=== Steps taken
1. Save the plugin as `ampersand_test.php` from the ticket's description
2. Activate the plugin
3. Go to `Users > Profile`
4. Click `Update Profile`
5. Open database and check the `wp_usermeta` table
6. Look for meta value of the meta_key `wp_user-settings` and confirm it
has `foo=1&bar=1`
7. Repeat Step 4 a few times and recheck the value at the database
8. ❌ Bug is not occurring
=== Expected behavior
- I was expecting the meta value to change as follows:
* foo=1&bar=1
* foo=1&bar=1
* foo=1&ampbar=1
* foo=1&ampampbar=1
* and so forth
But this didn't happen even though I refreshed more than 10 times, the
value stayed the same as `foo=1&bar=1`.
=== Screenshots/Screencast with results
[[Image(https://files.catbox.moe/wk3e4n.png)]]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55456#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list