Search subtitles are handled inconsistently across admin

[kawauso]

Try the following strings in the Comments admin screen and any other:

\'"\fs"\\\"

imareallylongstringlookatmegoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgo

The Comments screen uses strip_slashes() and wp_html_excerpt() to limit search strings to 50 characters, while other screens do not.

[jakub.tyrcha]

All we need is wp_strip_all_tags (well I'm not sure if we need even this one, but the excerpt is certainly not needed). Besides, only the display is stripped - not the search string itself (tested).

[lukecavanagh]

Patch Refreshed

[sabernhardt]

refreshed patch

[sabernhardt]

I don't mind the truncation, but it makes little sense to have it only on the Comments screen. So the patch is refreshed, and I'm moving it to 5.9 consideration.

The search text wraps to the next line even when it is one long word, too.

[sabernhardt]

wp_html_excerpt was added in [10082]

[Hareesh Pillai]

Attached patch works fine.

[audrasjb]

Reviewed during today's bug scrub.

The patch still applies cleanly against trunk and works fine on my side.

Marking for commit action.

[johnjamesjacoby]

Looking at 17636.3.diff, this nested combination of functions will not produce the desired results.

• esc_html() is going to convert all HTML into entities
• wp_strip_all_tags() won't have any tags to strip, as they've just been converted
• Bonus: stripslashes( $_REQUEST['s'] ) is wp_unslash( $_REQUEST['s'] ) elsewhere

To make this even more fun:

• Some screens do esc_html( wp_unslash( $_REQUEST['s'] ) )
• Some screens use $s as a global, encoding/decoding it
• Some methods use wp_unslash( trim( $_REQUEST['s'] ) ) when later passing into query arguments
• get_search_query() and _admin_search_query() exist as esc_attr() alternatives

---

Let's do esc_html( wp_unslash( $_REQUEST['s'] ) ) here like is done on every other screen. This way it's consistent, and if future clean-up happens or the approach changes it can more easily happen everywhere.

Updated patch and commit imminent.

[johnjamesjacoby]

In 51975:

Admin/Comments: remove bespoke truncation from search string HTML.

This change removes a call to wp_html_excerpt() used on the HTML output of the search string, supplied by the current user in the previous page request via the named s input in the search-box UI.

If the search string is extremely long, it wraps around the available empty space in a way that is not visually displeasing, confirming that truncation is not a requirement here.

This also addresses a small accessibility concern as the non-truncated string was not alternatively presented, and helps normalize the output of $_REQUEST['s'] for more broad improvements in the future.

Props hareesh-pillai, jakubtyrcha, johnjamesjacoby, lukecavanagh, sabernhardt.

Fixes #17636.