Make WordPress Core

Opened 5 years ago

Closed 3 months ago

#15659 closed defect (bug) (fixed)

Entity escaping needed for comments list table

Reported by: brettz95 Owned by: SergeyBiryukov
Milestone: 4.4 Priority: normal
Severity: normal Version:
Component: Comments Keywords: has-patch commit
Focuses: administration Cc:


Perhaps only as a result of the fact that the URL will be truncated for display, it is possible that URLs will have entities in URLs such as & truncated, thereby creating a non-well-formed entity for application/xhtml+xml . The following patch fixes it (quotation escaping is not needed since this is element content).

This is an easy fix which I hope can be applied given that its lack breaks reviewing the important comments editing page. Thanks.

Attachments (5)

class-wp-comments-list-table.php.patch (661 bytes) - added by brettz95 5 years ago.
Simple patch to avoid non-well-formed XHTML
15659.preg.diff (717 bytes) - added by markjaquith 5 years ago.
15659.diff (691 bytes) - added by solarissmoke 5 years ago.
15659.png (12.4 KB) - added by SergeyBiryukov 3 months ago.
15659.2.diff (1.1 KB) - added by SergeyBiryukov 3 months ago.

Download all attachments as: .zip

Change History (12)

5 years ago

Simple patch to avoid non-well-formed XHTML

#1 @scribu
5 years ago

  • Component changed from General to Administration
  • Milestone changed from Awaiting Review to 3.1

We prefer using the esc_*() functions instead of htmlentities().

#2 @markjaquith
5 years ago

  • Milestone changed from 3.1 to Future Release

If you have something like ← you could end up with &la which looks strange. Alternate approach to trim unterminated entities from the end.

Punting to future.

5 years ago

#3 @solarissmoke
5 years ago

  • Keywords has-patch added

Why not use wp_html_excerpt()?

#4 @jeremyfelt
22 months ago

  • Component changed from Administration to Comments
  • Focuses administration added

#5 follow-up: @wonderboymusic
3 months ago

  • Milestone Future Release deleted
  • Resolution set to worksforme
  • Status changed from new to closed

This seems to currently work just fine.

3 months ago

#6 in reply to: ↑ 5 @SergeyBiryukov
3 months ago

  • Keywords commit added
  • Milestone set to 4.4
  • Resolution worksforme deleted
  • Status changed from closed to reopened

If you enter https://core.trac.wordpress.org/query?id=15659& as a comment author URL, a broken entity is displayed: 15659.png.

wp_html_excerpt() handles this correctly.

#7 @SergeyBiryukov
3 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from reopened to closed

In 33825:

Use wp_html_excerpt() to properly cut comment author URL for display on Comments screen.

props brettz95, solarissmoke.
fixes #15659.

Note: See TracTickets for help on using tickets.