Opened 14 years ago
Closed 3 years ago
#17636 closed defect (bug) (fixed)
Search subtitles are handled inconsistently across admin
Reported by: | kawauso | Owned by: | johnjamesjacoby |
---|---|---|---|
Milestone: | 5.9 | Priority: | normal |
Severity: | normal | Version: | 3.2 |
Component: | Comments | Keywords: | has-patch commit has-screenshots |
Focuses: | administration | Cc: |
Description
Try the following strings in the Comments admin screen and any other:
\'"\fs"\\\"
imareallylongstringlookatmegoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgoandgo
The Comments screen uses strip_slashes()
and wp_html_excerpt()
to limit search strings to 50 characters, while other screens do not.
Attachments (5)
Change History (17)
#5
@
3 years ago
- Milestone set to 5.9
I don't mind the truncation, but it makes little sense to have it only on the Comments screen. So the patch is refreshed, and I'm moving it to 5.9 consideration.
The search text wraps to the next line even when it is one long word, too.
This ticket was mentioned in Slack in #core by audrasjb. View the logs.
3 years ago
#9
@
3 years ago
- Keywords commit has-screenshots added
Reviewed during today's bug scrub.
The patch still applies cleanly against trunk and works fine on my side.
Marking for commit
action.
#10
@
3 years ago
Looking at 17636.3.diff, this nested combination of functions will not produce the desired results.
esc_html()
is going to convert all HTML into entitieswp_strip_all_tags()
won't have any tags to strip, as they've just been converted- Bonus:
stripslashes( $_REQUEST['s'] )
iswp_unslash( $_REQUEST['s'] )
elsewhere
To make this even more fun:
- Some screens do
esc_html( wp_unslash( $_REQUEST['s'] ) )
- Some screens use
$s
as a global, encoding/decoding it - Some methods use
wp_unslash( trim( $_REQUEST['s'] ) )
when later passing into query arguments get_search_query()
and_admin_search_query()
exist asesc_attr()
alternatives
Let's do esc_html( wp_unslash( $_REQUEST['s'] ) )
here like is done on every other screen. This way it's consistent, and if future clean-up happens or the approach changes it can more easily happen everywhere.
Updated patch and commit imminent.
All we need is wp_strip_all_tags (well I'm not sure if we need even this one, but the excerpt is certainly not needed). Besides, only the display is stripped - not the search string itself (tested).