WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#15092 closed defect (bug) (fixed)

Salts containt HTML Special Characters

Reported by: hakre Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0
Component: General Keywords: has-patch
Focuses: Cc:

Description

I ran over some unescaped output in network.php while doing some refactoring retlated to #15083. Salts related: #15088

Attachments (5)

15092.patch (766 bytes) - added by hakre 4 years ago.
< and > can be part of salts
clipboard.txt (1.1 KB) - added by hakre 4 years ago.
once
clipboard.patch (1.1 KB) - added by hakre 4 years ago.
once (pretty print enabled)
clipboard.2.patch (1.2 KB) - added by hakre 4 years ago.
once and match with textarea's rows
clipboard.3.patch (1.2 KB) - added by hakre 4 years ago.
probably better substr than trim

Download all attachments as: .zip

Change History (13)

hakre4 years ago

< and > can be part of salts

comment:1 hakre4 years ago

  • Keywords has-patch added
  • Version set to 3.0

comment:2 Denis-de-Bernardy4 years ago

Can esc_html() be used here?

comment:3 nacin4 years ago

  • Milestone changed from Awaiting Review to 3.1

Or wp_htmledit_pre since this is in a textarea, I believe.

comment:4 hakre4 years ago

This whole display stuff can be improved, please see #15083 for patches that modularize functionlity. There is much room to optimize and to put everything into wp_htmledit_pre() which got used in that file already multiple time.

comment:5 nacin4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [15965]) wp_htmledit_pre for salts in wp-admin/network. fixes #15092.

hakre4 years ago

once

hakre4 years ago

once (pretty print enabled)

comment:6 hakre4 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

I can not see any use of using filters here, but if that's a need, let's do it only once and not eight times.

I gently reopen therefore. Let me know if you prefer a new ticket instead.

hakre4 years ago

once and match with textarea's rows

comment:7 hakre4 years ago

The textarea always had one row less then needed. Fixed that with the last patch. Let me know if I should separate this into it's own ticket instead.

hakre4 years ago

probably better substr than trim

comment:8 nacin4 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [16746]) Optimize the keys/salts textarea. fixes #15092.

Note: See TracTickets for help on using tickets.