A bit more filtering needed on admin screens
|Reported by:||jhodgdon||Owned by:||ryan|
|Severity:||normal||Keywords:||admin filter has-patch|
Using 2.3 bleeding , I tested today to find all the parts of the admin menu system where users of multilingual plugins (which require filtering to choose text in one language over another for post text, titles, blog title, blog description, categories, etc.) would still be seeing unfiltered text in the admin screens. Note that bugs #3595 and #4477 are also still open, and they pertain to this issue of filtering text. So, before testing, I applied the following patches for these bugs: http://trac.wordpress.org/attachment/ticket/4477/get-the-title.diff
Here are the remaining items I found that were still not being filtered. Note that all of the information described is filtered elsewhere in the blog and admin screens -- these are just a couple of spots where a given bit of information is not run through the standard filters.
a) When you create a new category from the Manage / Categories page, the AJAX update that adds it to the category list above doesn't filter the category name. (When you refresh the page it gets filtered. Also note that on the Blogroll / Categories page, the AJAX add does filter the category name before adding it to the list. So it is only the AJAX for adding a category on Manage / Categories that has the problem.)
b) On the comments list page (Comments / Comments), the post names are not filtered when they are shown at the bottom right corner of the box for each comment.
c) On the blogroll categories page (Blogroll / Categories), the note about what happens when you delete a category displays an unfiltered category name for the default category. (This is not a problem on the Manage / Categories page, where the default category name is filtered.)
d) On the Options / Writing screen, the category drop-down lists have unfiltered category names (both post and link categories)
e) On the Options / Reading screen, the page drop-down lists for the static home page option are displaying unfiltered page names.
f) On the Login screen, the "Back to (blogname)" link at the bottom uses an unfiltered blog name
I'll create patches for these issues.