Sanitizing text input fields before rendering but not before storing their content
|Reported by:||hargatheterrible||Owned by:|
In WPMU 126.96.36.199 and WP 2.9.1 filters are used to sanitize the content of text input fields in the admin area.
However, the filters are applied only before rendering the content, but not before transmitting and storing this content in the database.
For example, I can type in something like:
key1="value string with multiple words" AND key2="another value string"
and store it correctly in the database. When I "echo" this string into its text input field again to show that it has been correctly stored, it is rendered as
The problem is that if a user does not pay attention and clicks on "update settings" again, the wrong string is stored in the database because the wrongly rendered string is transmitted.
I checked the multitude of filters that WP applies but could not find out how to adjust the filtering/sanitizing of input for this specific text input field. Even calling "remove_all_filters()" shows no effect.
I think that sanitizing is a good idea but it needs to become more consistent and adjustable in WP. I would like to sanitize everything that's between the quotes, not eliminate everything following the first quote.
Thanks a lot in advance for all hints and pointers!