Ticket #6374 (closed defect (bug): fixed)

Opened 4 years ago

Last modified 4 years ago

Editing a Post With an Existing Custom Field Value Containing an HTML Encoded Entity Produces an Unescaped Character Upon Save.

Reported by: qweenie Owned by: markjaquith
Priority: normal Milestone: 2.5
Component: Administration Version: 2.5
Severity: normal Keywords:
Cc:

Description (last modified by lloydbudd) (diff)

Editing a Post With an Existing Custom Field Value Containing an HTML Encoded Entity Produces an Unescaped Character Upon Save.

ENV: WP trunk 2.5 revision 7502
Repro: Always
Steps:

  1. update a custom field with value of 'lopez & gwatney'
  2. view post and the source of page shows a valid html escaped entity 'lopez & gwatney'
  3. edit same post changing category and save
  4. view post and the source of page shows invalid unescaped character. 'lopez & gwatney'

Expected Result:
Source of page to show 'lopez & gwatney' when displaying custom field value

Change History

comment:1   lloydbudd4 years ago

  • Version set to 2.5
  • Description modified (diff)
  • Milestone set to 2.6

comment:2   markjaquith4 years ago

  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned
  • Milestone changed from 2.6 to 2.5

Looks like we moved to using a <textarea /> but are still using attribute_escape() instead of htmlspecialchars()

comment:3   markjaquith4 years ago

  • Status changed from assigned to closed
  • Resolution set to fixed

(In [7506]) Preserve HTML entities in Custom Fields. fixes #6374

Note: See TracTickets for help on using tickets.