Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#10243 closed defect (bug) (invalid)

2.8 won't read courier font in Theme

Reported by: kingtone Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.8
Component: General Keywords: font
Focuses: Cc:


upgraded to 2.8 and it nuked the courier font in Theme blog.txt 4.6.1 and defaults it to Times font. all other font options seem to work.

OSX 10.5.7, latest Camonio/Firefox/Safari.

Attachments (1)

blogtxt-wp28-wp29.html (2.9 KB) - added by demetris 5 years ago.
blog.txt theme, WP 2.8, HTML head. Note the numerically encoded quotes in the inline CSS

Download all attachments as: .zip

Change History (6)

comment:1 Denis-de-Bernardy5 years ago

  • Milestone Unassigned deleted
  • Resolution set to invalid
  • Status changed from new to closed

please contact the theme author

comment:2 demetris5 years ago

  • Cc dkikizas@… added
  • Milestone set to 2.8.1
  • Resolution invalid deleted
  • Status changed from closed to reopened

Maybe this has something to do with WP2.8. Looking at the XHTML source, I see things like this in the inline CSS blog.txt is inserting:

{font-family:'trebuchet ms'}

I’m attaching the whole HTML head.

demetris5 years ago

blog.txt theme, WP 2.8, HTML head. Note the numerically encoded quotes in the inline CSS

comment:3 Denis-de-Bernardy5 years ago

  • Milestone 2.8.1 deleted
  • Resolution set to invalid
  • Status changed from reopened to closed

nope, that's totally theme related. the author is probably using something like esc_js() for css.

comment:4 demetris5 years ago

Denis, the theme adds its CSS like this:

$basefontfamily = wp_specialchars(stripslashes(get_option('blogtxt_basefontfamily')));

Removing wp_specialchars fixes the issue.

Is it expected for wp_specialchars to break things like this in v2.8?

comment:5 Denis-de-Bernardy5 years ago

My understanding is it was changed along with esc_html(), yeah. Because some theme and plugin authors were using it to escape things that really needed esc_html().

The wp_specialchars() should not be used on that call anyway: it's completely bogus. That function is meant to turn things into HTML entities. I mean, either the theme author ensures whoever edits the css is allowed to post unfiltered html, either he uses proper escaping functionalities, such as HTML Purifier. But definitely not something that is an enhanced htmlspecialchars().

Note: See TracTickets for help on using tickets.