Appearance->Menu panel's module's search function doesn't see posts/pages with newlines in content
|Reported by:||alxndr||Owned by:|
|Severity:||normal||Keywords:||menus newline, sanitizing, htmlattributes|
In the Menus feature introduced in WP3, the Search function in the Posts and Pages modules apparently cannot handle posts which have multiple lines of content.
The search feature sends out a string to search for to /wp-admin/admin-ajax.php, which sends back a bunch of <li> elements (one per post/page found), each containing a bunch of <input> elements (for post/page ID, title, etc). One of the hidden <input>s is the full content of the post/page, and it does not sanitize newlines in any way. This apparently breaks whatever takes the <li>s from admin-ajax.php and sticks them into the results <ul> in those modules. I think I've confirmed this by modifying line 252 in /wp-admin/includes/nav-menu.php (the hidden <input> with the full content, class="menu-item-description"); changing this:
$output .= '<input type="hidden" class="menu-item-description" name="menu-item[' . $possible_object_id . '][menu-item-description]" value="'. esc_attr( $item->description ) .'" />';
$output .= '<input type="hidden" class="menu-item-description" name="menu-item[' . $possible_object_id . '][menu-item-description]" value="'. str_replace(array("\n","\r"),'',esc_attr( $item->description )) .'" />';
...thus removing any CRs and LFs from the attribute. After that, search feature shows posts with multiple lines of content and allows them to be added to a menu.