WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#9168 closed defect (bug) (fixed)

Double attribute escaping for post attachments

Reported by: dwc Owned by:
Priority: normal Milestone: 2.7.2
Component: Media Version: 2.7
Severity: normal Keywords: has-patch
Cc:

Description

When the rich editor is off, editing attachments causes the description field to be double encoded. This is due to the use of htmlspecialchars, when the value is already encoded in sanitize_post_field.

Switching to attribute_escape fixes this; I'll attach patches for 2.7 and trunk.

Attachments (2)

attribute-escape-media-description-2.7.patch (776 bytes) - added by dwc 4 years ago.
Use wp_specialchars instead of attribute_escape
attribute-escape-media-description-trunk.patch (776 bytes) - added by dwc 4 years ago.
Use wp_specialchars instead of attribute_escape

Download all attachments as: .zip

Change History (6)

comment:1 FFEMTcJ4 years ago

  • Keywords has-patch added

comment:2 sambauers4 years ago

This should use wp_specialchars, not attribute_escape. The new wp_specialchars does not double encode entities by default.

dwc4 years ago

Use wp_specialchars instead of attribute_escape

dwc4 years ago

Use wp_specialchars instead of attribute_escape

comment:3 ryan4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10700]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for trunk

comment:4 ryan4 years ago

(In [10701]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for 2.7

Note: See TracTickets for help on using tickets.