Make WordPress Core

Opened 5 years ago

Closed 5 weeks ago

#15659 closed defect (bug) (fixed)

Entity escaping needed for comments list table

Reported by: brettz95 Owned by: SergeyBiryukov
Milestone: 4.4 Priority: normal
Severity: normal Version:
Component: Comments Keywords: has-patch commit
Focuses: administration Cc:


Perhaps only as a result of the fact that the URL will be truncated for display, it is possible that URLs will have entities in URLs such as & truncated, thereby creating a non-well-formed entity for application/xhtml+xml . The following patch fixes it (quotation escaping is not needed since this is element content).

This is an easy fix which I hope can be applied given that its lack breaks reviewing the important comments editing page. Thanks.

Attachments (5)

class-wp-comments-list-table.php.patch (661 bytes) - added by brettz95 5 years ago.
Simple patch to avoid non-well-formed XHTML
15659.preg.diff (717 bytes) - added by markjaquith 5 years ago.
15659.diff (691 bytes) - added by solarissmoke 5 years ago.
15659.png (12.4 KB) - added by SergeyBiryukov 5 weeks ago.
15659.2.diff (1.1 KB) - added by SergeyBiryukov 5 weeks ago.

Download all attachments as: .zip

Change History (12)

@brettz955 years ago

Simple patch to avoid non-well-formed XHTML

comment:1 @scribu5 years ago

  • Component changed from General to Administration
  • Milestone changed from Awaiting Review to 3.1

We prefer using the esc_*() functions instead of htmlentities().

@markjaquith5 years ago

comment:2 @markjaquith5 years ago

  • Milestone changed from 3.1 to Future Release

If you have something like ← you could end up with &la which looks strange. Alternate approach to trim unterminated entities from the end.

Punting to future.

@solarissmoke5 years ago

comment:3 @solarissmoke5 years ago

  • Keywords has-patch added

Why not use wp_html_excerpt()?

comment:4 @jeremyfelt20 months ago

  • Component changed from Administration to Comments
  • Focuses administration added

comment:5 follow-up: @wonderboymusic5 weeks ago

  • Milestone Future Release deleted
  • Resolution set to worksforme
  • Status changed from new to closed

This seems to currently work just fine.

@SergeyBiryukov5 weeks ago

@SergeyBiryukov5 weeks ago

comment:6 in reply to: ↑ 5 @SergeyBiryukov5 weeks ago

  • Keywords commit added
  • Milestone set to 4.4
  • Resolution worksforme deleted
  • Status changed from closed to reopened

If you enter https://core.trac.wordpress.org/query?id=15659& as a comment author URL, a broken entity is displayed: 15659.png.

wp_html_excerpt() handles this correctly.

comment:7 @SergeyBiryukov5 weeks ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from reopened to closed

In 33825:

Use wp_html_excerpt() to properly cut comment author URL for display on Comments screen.

props brettz95, solarissmoke.
fixes #15659.

Note: See TracTickets for help on using tickets.