Comments editor HTML tag

[pkirk]

With a vanilla (2.8.4 -> 3.0) installation, if you go and edit the comment from Mr Wordpress, you will see that in the editor you can find the HTML code of the apostrophe for "post's".

Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.

The problem comes with a production env with European languages where comments are full of accented letters that make the reading almost impossible.

[scribu]

This would be a case for using esc_html() instead of esc_textarea(). See #15454

[scribu]

... because esc_html() doesn't escape special characters.

[scribu]

Force esc_html() escaping

[scribu]

Turns out the content is escaped twice: first in get_comment_to_edit() and then again in wp_htmledit_pre().

In ​esc_html_comment_form.php I had to use $wpdb directly because the cached version returned from get_comment() is the escaped one. This should definitely be fixed.

[scribu]

Actually, the problem is that get_comment() checks $GLOBALScomment?.

[scribu]

No easy fix for this, unfortunately. Punting.

[nacin]

What we should actually do is remove the entity from upgrade.php, and let texturize do the work. Otherwise, what's happening when editing the comment appears to be proper, as this *is* what's in the DB.

[ocean90]

In 37888:

Comments: Improve author and content of the default comment.

The new comment:

A WordPress Commenter <wapuu@wordpress.example>:

Hi, this is a comment.
To moderate comments, just log in. There you will have the option to edit or delete them.
Commenter avatars come from <a href="https://gravatar.com">Gravatar</a>.

Also introduces a network setting to set the email address of the first comment author on a new site.

Props Ipstenu, rachelbaker, jorbin, jeremyfelt.
Fixes #36702, #14268.