#36775
|
Shortcode stripping on frontend
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#52517
|
Shortcodes inside AMP tags do not work
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/02/2023
|
#51353
|
Smart Quote Bug
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
09/18/2020
|
#53019
|
The _sanitize_text_fields function removing the octets that incorrectly work with Arabic RTL languages.
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
11/19/2024
|
#55563
|
The function get_allowed_mime_types should check wp_get_current_user
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/12/2022
|
#26674
|
The get_tag_regex() function is a too greedy when searching for a closing tag.
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#46846
|
Tight comparisons and use of Yoda conditions are not consistent
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/09/2019
|
#6297
|
Unbalanced tags across more and nextpage tags
|
|
|
normal
|
normal
|
Future Release
|
defect (bug)
|
03/15/2019
|
#25785
|
Unexpected Paragraph Formatting Within a Div Container
|
|
needs-unit-tests
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#31992
|
Unicode Email Addresses
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
09/23/2024
|
#30495
|
Unicode character U+000B is not removed by sanitize_file_name
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/27/2018
|
#42058
|
Unit test for _autop_newline_preservation_helper()
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
12/11/2017
|
#46673
|
Update esc_url function (default https).
|
|
|
normal
|
normal
|
|
defect (bug)
|
12/06/2021
|
#24846
|
Usage of a shortcode disables wpautop filter
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#27270
|
Validation for leading/trailing periods, or consecutive periods in email addresses is only done on the domain section
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#32729
|
WP sanitize + (plus) and other mathematic symbols as nothing instead of dash separator
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#59691
|
WordPress doesn't sanitize character ʼ (unicode U+02BC) when converting post title to slug
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/20/2023
|
#32867
|
Wordpress replaces HTML entities for angle brackets in titles, breaking HTML validation
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#39188
|
Wrapping paragraph tags around 'Read More' link stripped out of custom post type
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/15/2019
|
#50863
|
[playlist] + text = </p> error
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/06/2020
|
#53023
|
_wp_json_convert_string type mismatch: returns string on success; false on failure
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/15/2024
|
#55821
|
`is_email()` does not follow PHP FILTER_VALIDATE_EMAIL rules, when an email has double period (..)
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/17/2023
|
#55452
|
`safecss_filter_attr` removes background-images with URL parameters
|
|
|
normal
|
normal
|
Future Release
|
defect (bug)
|
04/20/2022
|
#56119
|
`wp_unslash()` and `wp_slash()` do not (un)slash the same data.
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/11/2022
|
#29807
|
add support for picture element and srcset attribute on img in wp_kses
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
03/11/2024
|
#36397
|
add_query_arg doesn't work with numbered html entities
|
|
dev-feedback
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#17923
|
add_query_arg() should encode values
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
08/20/2019
|
#58902
|
add_query_arg() should esc_url_raw() REQUEST_URI
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
10/27/2024
|
#58666
|
added HTML tags in HTML block
|
|
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
06/29/2023
|
#53041
|
colors.css is using the old blue.
|
|
dev-feedback
|
normal
|
minor
|
Awaiting Review
|
defect (bug)
|
04/15/2021
|
#51019
|
convert_smilies() fails on large tags
|
|
has-patch
|
normal
|
normal
|
6.8
|
defect (bug)
|
11/11/2024
|
#42182
|
esc_js must escape U+2028 and U+2029
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/11/2017
|
#46791
|
esc_url() adding http:// to a relative URL to parent directory '../pathname/'
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
05/23/2019
|
#34407
|
esc_url() cannot handle a relative URL containing a : character (IPv6)
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#23975
|
force_balance_tags in get_the_content breaks non-HTML formats
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#39847
|
force_balance_tags not properly balancing < with <strong> and </strong>
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
09/22/2024
|
#20368
|
htmlspecialchars() returns empty string for non-UTF-8 input in PHP 5.4
|
|
needs-unit-tests
|
normal
|
major
|
|
defect (bug)
|
06/04/2019
|
#56433
|
invalid regex used in preg_replace
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/24/2022
|
#24487
|
is_email() does not recognize IDN domains
|
|
has-patch
|
normal
|
minor
|
Future Release
|
defect (bug)
|
04/28/2021
|
#25108
|
is_email() function validates email with domain that just has 1 character after dot
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#60391
|
links_add_base_url will encode all attribut in null passed in
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
01/30/2024
|
#17433
|
localhost is not accepted as email domain
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
03/20/2018
|
#40324
|
make_clickable doesn't work if url stands after an even number off spaces
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/31/2017
|
#23050
|
make_clickable incorrectly formats anchors with URL's and spaces in them in comments
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#50514
|
make_clickable nested links bug
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/12/2020
|
#23308
|
make_clickable problem with multiple "Punctuation URL character"
|
|
dev-feedback
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#23922
|
make_clickable() breaks when colon in hash
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#45702
|
make_clickable() doesn't handle linked text being a URL with spaces within it
|
|
needs-unit-tests
|
low
|
trivial
|
Future Release
|
defect (bug)
|
04/03/2019
|
#60138
|
make_clickable() processing emails start with www. incorrectly.
|
|
has-patch
|
normal
|
trivial
|
Awaiting Review
|
defect (bug)
|
02/15/2024
|
#47164
|
map_deep in formatting.php do not handle null-byte
|
|
dev-feedback
|
normal
|
critical
|
Future Release
|
defect (bug)
|
02/23/2023
|
#55257
|
map_deep() function incompatibility with incomplete objects in PHP 8.0+
|
|
dev-feedback
|
normal
|
major
|
Future Release
|
defect (bug)
|
08/08/2023
|
#25851
|
post_content lost when inserting Posts with large base64-encoded images
|
|
|
low
|
critical
|
|
defect (bug)
|
06/04/2019
|
#24157
|
safecss_filter_attr doesn't allow rgb() in inline styles
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
06/09/2024
|
#53815
|
safecss_filter_attr removes styles with min() max() and minmax()
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/28/2021
|
#60979
|
safecss_filter_attr() should support query strings with "&" as used by Gutenberg
|
|
has-patch
|
normal
|
normal
|
6.8
|
defect (bug)
|
10/14/2024
|
#33924
|
sanitize_html_class valid characters
|
|
dev-feedback
|
normal
|
normal
|
Future Release
|
defect (bug)
|
09/20/2022
|
#34039
|
shortcode_parse_atts() no longer parses embedded html fragments
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#55996
|
the get_the_block_template_html call all the same functions as the the_conent filter so they are run twice
|
|
dev-feedback
|
normal
|
normal
|
Future Release
|
defect (bug)
|
08/28/2024
|
#17039
|
the_excerpt() - <!--more--> handling
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#46966
|
urlencode query string parameters
|
|
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
08/20/2019
|
#30597
|
wp_filter_post_kses mangles URLs with colons in them
|
|
needs-unit-tests
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#60347
|
wp_kses breaking text fragments links
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
11/25/2024
|
#58377
|
wp_kses filters custom block name with consecutive hyphens
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
05/23/2023
|
#61246
|
wp_kses makes HTML comment HTML uncommented
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
09/03/2024
|
#58921
|
wp_kses_allowed_html doesn't allow to add esi:include
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/22/2024
|
#62024
|
wp_kses_post incorrectly escapes "<" attributes values
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/22/2024
|
#37698
|
wp_kses_split global variable pollution
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
02/09/2021
|
#54138
|
wp_strip_all_tags should remove scripts/styles content recursively
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
09/16/2021
|
#46886
|
wp_targeted_link_rel adds the rel attribute when the link has data-target=""
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/13/2019
|
#60793
|
wp_trigger error has a wrong wp_kses $allowed_html arguement.
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/18/2024
|
#37672
|
wpautop adds a closing p-tag without an opening p-tag
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/18/2019
|
#40676
|
wpautop adds opening & closing p tags around the opening a tag and around the closing a tag when the link contains certain flow content elements like div, h1, h2...
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/21/2017
|
#40202
|
wpautop bad code
|
|
|
normal
|
normal
|
Future Release
|
defect (bug)
|
05/21/2020
|
#2833
|
wpautop breaks style and script tags
|
|
dev-feedback
|
low
|
normal
|
Future Release
|
defect (bug)
|
03/21/2024
|
#33840
|
wpautop damages inline script
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#38656
|
wpautop incorrectly handling paragraphs within block elements
|
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
defect (bug)
|
03/26/2019
|
#49492
|
wpautop inserted p tags inconsistently alter visual space
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
02/22/2020
|
#43394
|
wpautop inserts extraneous line breaks if hard return around commented content
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/15/2020
|
#58872
|
wpautop not disabled when blocks are inserted dynamically
|
|
|
normal
|
minor
|
Awaiting Review
|
defect (bug)
|
07/21/2023
|
#10033
|
wpautop problems with html comments and object tags
|
|
needs-unit-tests
|
normal
|
minor
|
|
defect (bug)
|
06/04/2019
|
#11678
|
wpautop() fails on uppercase closing tags
|
|
dev-feedback
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#27733
|
wpautop(): \s in regex destroys some UTF-8 characters
|
|
needs-unit-tests
|
normal
|
major
|
|
defect (bug)
|
01/18/2022
|
#43313
|
wptexturise uses the wrong curly quote after a closing link tag
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/15/2018
|
#54721
|
wptexturize caches the result of run_wptexturize preventing themes from using this if a plugin has already called get_plugin_data
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/20/2024
|
#43785
|
wptexturize fails to skip JavaScript if code contains <
|
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
defect (bug)
|
07/10/2024
|
#34592
|
wptexturize interprets apostrophe at end of word as closing single quote
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#49965
|
wptexturize should also work when using before hook after_theme_setup
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/21/2020
|
#29913
|
wptexturize should handle broken HTML consistently
|
|
needs-unit-tests
|
normal
|
minor
|
|
defect (bug)
|
06/04/2019
|
#61817
|
wptexturize(): Hyphen may be replaced with ndash
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/04/2024
|
#29882
|
wptexturize: quotes inside quotes curling incorrectly
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#30644
|
"wpautop" Enhancements
|
|
dev-feedback
|
normal
|
normal
|
|
enhancement
|
08/11/2020
|
#54322
|
Add Logical Properties to safecss_filter_attr
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
11/19/2021
|
#18330
|
Add a Class functionality to wpautop()
|
|
has-patch
|
normal
|
normal
|
|
enhancement
|
07/25/2023
|
#52444
|
Add support for Telegram Messenger Protocol
|
|
close
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
02/05/2021
|
#51707
|
Add white-space as an allowed kses CSS attribute.
|
|
has-patch
|
normal
|
normal
|
Future Release
|
enhancement
|
11/15/2020
|
#60544
|
Allow individual blocks to be excluded from `excerpt_remove_blocks()`
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
10/09/2024
|
#43010
|
Attribute Name Escape
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
01/18/2022
|
#41458
|
Class gets stripped out when inserting a link in author biography box
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
07/30/2017
|
#39724
|
Defining custom validation callbacks for tag/attribute values in wp_kses()
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
06/17/2017
|
#57517
|
Expose MutationObserver instance in wpEmoji
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
01/20/2023
|