pecl-filter, both RTE and plain editor stripping tags
|Reported by:||morpheu5||Owned by:||anonymous|
|Severity:||normal||Keywords:||editor strip stripping tag tags|
Hi you all. I'm running WP 2.0.4 on a server with PHP Version 5.1.4-pl4-gentoo with Hardening-Patch 0.4.11.
The problem is that the tags are being stripped by WP and gets replaced with <p> and <br />. The problem may reside in the hardening patch - as stated by the owner of the server - which cleans up potentially malicious content for security issues. He said that this behaviour will be integrated in PHP 5.2.x as the standard behaviour. He also said that this is a per-server setting, not a per-directory one.
I'm pretty new the WP code for making a patch on it (and honestly I found that code to be a real damn big mess) so I'm just suggesting you to encode the html content got from the form with htmlentities() before working on it and decode it with html_decode_entity() before sending it back to the user. I actually don't know much about how the hardening patch works for this issue but I guess that this would be enough.
Change History (11)
comment:7 foolswisdom — 7 years ago
- Component changed from Security to General
- Keywords reporter-feedback added; bg|reporter-feedback removed
- Severity changed from major to normal
comment:9 foolswisdom — 7 years ago
- Keywords reporter-feedback removed
- Milestone set to 2.1
- Priority changed from high to normal
- Summary changed from both WYSIWYG and plain editor are stripping tags. to pecl-filter, both RTE and plain editor stripping tags