#27270
|
Validation for leading/trailing periods, or consecutive periods in email addresses is only done on the domain section
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#32729
|
WP sanitize + (plus) and other mathematic symbols as nothing instead of dash separator
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#59691
|
WordPress doesn't sanitize character ʼ (unicode U+02BC) when converting post title to slug
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/20/2023
|
#56120
|
WordPress should add a space character on every possible "wrap point" in a post title when building "html title", "og:title" and so on
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
07/05/2022
|
#32867
|
Wordpress replaces HTML entities for angle brackets in titles, breaking HTML validation
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#39188
|
Wrapping paragraph tags around 'Read More' link stripped out of custom post type
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/15/2019
|
#50863
|
[playlist] + text = </p> error
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/06/2020
|
#43156
|
_walk_bookmarks(): please add the link id as HTML id attribute.
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
01/24/2018
|
#53023
|
_wp_json_convert_string type mismatch: returns string on success; false on failure
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/12/2021
|
#55821
|
`is_email()` does not follow PHP FILTER_VALIDATE_EMAIL rules, when an email has double period (..)
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/17/2023
|
#55452
|
`safecss_filter_attr` removes background-images with URL parameters
|
|
|
normal
|
normal
|
Future Release
|
defect (bug)
|
04/20/2022
|
#56663
|
`tag_escape()` does not follow naming convention.
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
09/27/2022
|
#56119
|
`wp_unslash()` and `wp_slash()` do not (un)slash the same data.
|
|
dev-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/11/2022
|
#29807
|
add support for picture element and srcset attribute on img in wp_kses
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
07/28/2022
|
#36397
|
add_query_arg doesn't work with numbered html entities
|
|
dev-feedback
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#17923
|
add_query_arg() should encode values
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
08/20/2019
|
#58902
|
add_query_arg() should esc_url_raw() REQUEST_URI
|
|
has-patch
|
normal
|
normal
|
6.5
|
defect (bug)
|
10/16/2023
|
#58666
|
added HTML tags in HTML block
|
|
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
06/29/2023
|
#12084
|
allow preserving HTML in the_excerpt (specify allowed tags for strip_tags in wp_trim_excerpt)
|
|
has-patch
|
normal
|
normal
|
|
enhancement
|
06/04/2019
|
#53041
|
colors.css is using the old blue.
|
|
dev-feedback
|
normal
|
minor
|
Awaiting Review
|
defect (bug)
|
04/15/2021
|
#51019
|
convert_smilies() fails on large tags
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/28/2022
|
#25856
|
debug of wpautop function with Unit Tests
|
|
|
normal
|
normal
|
|
enhancement
|
06/04/2019
|
#29910
|
esc_attr does not properly deal with json_encode
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
05/07/2017
|
#46188
|
esc_html does not have support for multiline output. esc_br_html or line-breaking parameter for esc_html is missing
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
03/02/2019
|
#42182
|
esc_js must escape U+2028 and U+2029
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/11/2017
|
#46791
|
esc_url() adding http:// to a relative URL to parent directory '../pathname/'
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
05/23/2019
|
#34407
|
esc_url() cannot handle a relative URL containing a : character (IPv6)
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#23975
|
force_balance_tags in get_the_content breaks non-HTML formats
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#39847
|
force_balance_tags not properly balancing < with <strong> and </strong>
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
02/11/2017
|
#20368
|
htmlspecialchars() returns empty string for non-UTF-8 input in PHP 5.4
|
|
needs-unit-tests
|
normal
|
major
|
|
defect (bug)
|
06/04/2019
|
#56433
|
invalid regex used in preg_replace
|
|
reporter-feedback
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
08/24/2022
|
#24487
|
is_email() does not recognize IDN domains
|
|
has-patch
|
normal
|
minor
|
Future Release
|
defect (bug)
|
04/28/2021
|
#25108
|
is_email() function validates email with domain that just has 1 character after dot
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#33204
|
kses $allowedposttags should support microdata
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
11/15/2018
|
#17433
|
localhost is not accepted as email domain
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
03/20/2018
|
#40324
|
make_clickable doesn't work if url stands after an even number off spaces
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
03/31/2017
|
#32787
|
make_clickable filter
|
johnjamesjacoby
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
enhancement
|
08/02/2022
|
#23050
|
make_clickable incorrectly formats anchors with URL's and spaces in them in comments
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#50514
|
make_clickable nested links bug
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/12/2020
|
#23308
|
make_clickable problem with multiple "Punctuation URL character"
|
|
dev-feedback
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#23922
|
make_clickable() breaks when colon in hash
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#45702
|
make_clickable() doesn't handle linked text being a URL with spaces within it
|
|
needs-unit-tests
|
low
|
trivial
|
Future Release
|
defect (bug)
|
04/03/2019
|
#47164
|
map_deep in formatting.php do not handle null-byte
|
|
dev-feedback
|
normal
|
critical
|
Future Release
|
defect (bug)
|
02/23/2023
|
#55257
|
map_deep() function incompatibility with incomplete objects in PHP 8.0+
|
|
dev-feedback
|
normal
|
major
|
Future Release
|
defect (bug)
|
08/08/2023
|
#40569
|
next_post_link parameters $format and $link, have default values that produce awkward to use output
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
04/26/2017
|
#25851
|
post_content lost when inserting Posts with large base64-encoded images
|
|
|
low
|
critical
|
|
defect (bug)
|
06/04/2019
|
#44793
|
remove_accents() doesnt escape all versions of "i"
|
SergeyBiryukov
|
dev-feedback
|
normal
|
normal
|
Future Release
|
defect (bug)
|
09/22/2019
|
#24157
|
safecss_filter_attr doesn't allow rgb() in inline styles
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
09/11/2022
|
#53815
|
safecss_filter_attr removes styles with min() max() and minmax()
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/28/2021
|
#50855
|
sanitize_file_name function not working as expected if there is '%20' in filename
|
audrasjb*
|
dev-feedback
|
normal
|
normal
|
Future Release
|
defect (bug)
|
10/07/2022
|
#33924
|
sanitize_html_class valid characters
|
|
dev-feedback
|
normal
|
normal
|
Future Release
|
defect (bug)
|
09/20/2022
|
#46329
|
sanitize_text_field after 5.1 update should account for __toString() methods
|
|
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
02/24/2019
|
#34039
|
shortcode_parse_atts() no longer parses embedded html fragments
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#14050
|
shortcode_unautop() should also remove the <br /> added after shortcodes
|
aaroncampbell
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#12056
|
target="_blank" being stripped from Profile Bio and Category Description
|
|
dev-feedback
|
normal
|
normal
|
Future Release
|
enhancement
|
10/29/2019
|
#55996
|
the get_the_block_template_html call all the same functions as the the_conent filter so they are run twice
|
flixos90
|
has-patch
|
normal
|
normal
|
6.5
|
defect (bug)
|
11/08/2023
|
#17039
|
the_excerpt() - <!--more--> handling
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#46966
|
urlencode query string parameters
|
|
|
normal
|
major
|
Awaiting Review
|
defect (bug)
|
08/20/2019
|
#29717
|
wp_check_invalid_utf8 - pcre tricks and failsafes, +mb_convert_encoding, iconv fix, performance
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
enhancement
|
05/18/2019
|
#54488
|
wp_filter_nohtml_kses does not remove HTML comments
|
audrasjb
|
dev-feedback
|
normal
|
normal
|
Future Release
|
defect (bug)
|
10/12/2023
|
#30597
|
wp_filter_post_kses mangles URLs with colons in them
|
|
needs-unit-tests
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#58377
|
wp_kses filters custom block name with consecutive hyphens
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
05/23/2023
|
#58921
|
wp_kses_allowed_html doesn't allow to add esi:include
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
10/12/2023
|
#51482
|
wp_kses_post should filter javascript content as well as the <script> tags
|
|
|
normal
|
minor
|
Awaiting Review
|
enhancement
|
10/08/2020
|
#37698
|
wp_kses_split global variable pollution
|
|
has-patch
|
normal
|
normal
|
Future Release
|
defect (bug)
|
02/09/2021
|
#54138
|
wp_strip_all_tags should remove scripts/styles content recursively
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
09/16/2021
|
#46886
|
wp_targeted_link_rel adds the rel attribute when the link has data-target=""
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/13/2019
|
#18549
|
wp_texturize incorrectly curls closing quotes after inline HTML end tags
|
miqrogroove
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
08/18/2023
|
#37672
|
wpautop adds a closing p-tag without an opening p-tag
|
|
has-patch
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/18/2019
|
#40676
|
wpautop adds opening & closing p tags around the opening a tag and around the closing a tag when the link contains certain flow content elements like div, h1, h2...
|
|
needs-unit-tests
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
07/21/2017
|
#40202
|
wpautop bad code
|
|
|
normal
|
normal
|
Future Release
|
defect (bug)
|
05/21/2020
|
#33466
|
wpautop breaks multi-line textarea content
|
miqrogroove
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#2833
|
wpautop breaks style and script tags
|
|
dev-feedback
|
low
|
normal
|
Future Release
|
defect (bug)
|
03/29/2022
|
#33840
|
wpautop damages inline script
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#38656
|
wpautop incorrectly handling paragraphs within block elements
|
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
defect (bug)
|
03/26/2019
|
#49492
|
wpautop inserted p tags inconsistently alter visual space
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
02/22/2020
|
#43394
|
wpautop inserts extraneous line breaks if hard return around commented content
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
06/15/2020
|
#58872
|
wpautop not disabled when blocks are inserted dynamically
|
|
|
normal
|
minor
|
Awaiting Review
|
defect (bug)
|
07/21/2023
|
#10033
|
wpautop problems with html comments and object tags
|
|
needs-unit-tests
|
normal
|
minor
|
|
defect (bug)
|
06/04/2019
|
#15918
|
wpautop() breaks inline tags on the same line as block tags
|
dunno
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#11678
|
wpautop() fails on uppercase closing tags
|
|
dev-feedback
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#5250
|
wpautop() issue with lists
|
|
needs-unit-tests
|
normal
|
normal
|
Future Release
|
defect (bug)
|
02/02/2023
|
#27733
|
wpautop(): \s in regex destroys some UTF-8 characters
|
|
needs-unit-tests
|
normal
|
major
|
|
defect (bug)
|
01/18/2022
|
#43313
|
wptexturise uses the wrong curly quote after a closing link tag
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/15/2018
|
#54721
|
wptexturize caches the result of run_wptexturize preventing themes from using this if a plugin has already called get_plugin_data
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
01/03/2022
|
#43785
|
wptexturize fails to skip JavaScript if code contains <
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/17/2018
|
#34592
|
wptexturize interprets apostrophe at end of word as closing single quote
|
|
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#49965
|
wptexturize should also work when using before hook after_theme_setup
|
|
|
normal
|
normal
|
Awaiting Review
|
defect (bug)
|
04/21/2020
|
#29913
|
wptexturize should handle broken HTML consistently
|
|
needs-unit-tests
|
normal
|
minor
|
|
defect (bug)
|
06/04/2019
|
#29882
|
wptexturize: quotes inside quotes curling incorrectly
|
|
has-patch
|
normal
|
normal
|
|
defect (bug)
|
06/04/2019
|
#10269
|
wysiwyg bug with shortcodes
|
miqrogroove
|
|
low
|
normal
|
|
defect (bug)
|
06/04/2019
|