WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 23 hours ago

#12584 assigned defect (bug)

Emails from WordPress Admin are html encoded — at Version 2

Reported by: hexley Owned by:
Milestone: 4.4 Priority: normal
Severity: normal Version: 2.9
Component: Mail Keywords: needs-refresh
Focuses: Cc:

Description (last modified by nacin)

When a comment form is filled out that contains characters that are candidate for html encoding in the display of the comment on the web site, those comments are also html encoded in the display of the notification email send to the author.

Example comment left on my WordPress install:
Ampersand: &
Quote: "
Registered: ®

Resulting email notification:

New comment on your post #168 "Prevent iTunes from creating unnecessary clutter and cruft"
Author : --
E-mail : --
URL    : 
Whois  : --
Comment: 
Ampersand: &
Quote: "
Registered: ®

You can see all comments on this post here:
http://example.com/prevent-itunes-from-unnecessary-clutter-and-cruft/#comments

Delete it: http://example.com/wp-admin/comment.php?action=cdc&c=xxxx
Spam it: http://example.com/wp-admin/comment.php?action=cdc&dt=spam&c=xxxx

It appears that only the ampersand has this issue. I am not sure if it also applies to the subject of the email, but can confirm it applies to the body of the email.

The email headers show it was sent as plain text:
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Change History (3)

comment:1 @nacin5 years ago

Related #9913.

comment:2 @nacin5 years ago

  • Component changed from General to Mail
  • Description modified (diff)
  • Keywords needs-patch added; email html encode html encoding ampersand removed
  • Milestone changed from Unassigned to Future Release

Confirmed for ampersands.

@solarissmoke5 years ago

Decode HTML entities before putting them in plain text notification emails

Note: See TracTickets for help on using tickets.