Make WordPress Core

Opened 11 years ago

Closed 9 years ago

#17648 closed defect (bug) (wontfix)

post titles with < followed directly by words truncates title and permalink

Reported by: haveboard Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1.3
Component: Permalinks Keywords: has-patch 3.6-early
Focuses: Cc:


Adding a post title that contains a "less than" symbol (<) followed directly by a word with no space in between will be truncated at the "less than" symbol.

Add new post with the following information to replicate:

Sample title: "test <post goes here"

Permalink created: http://three.jonathanfinnegan.com/2011/06/01/test/

Title displayed: "test"

I just reinstalled a clean version of WordPress 3.1.3 to verify the bug.

Visiting http://three.jonathanfinnegan.com/2011/06/01/test/ will also show you a screenshot of that post's edit page which shows the bug.

It does not seem to be a problem with a "greater than" symbol with or without a space after the symbol.

It is specific to "<wordafterlessthan" with no space after the symbol. Other test posts show appropriate behavior for > with a space or < with a space or without.

Attachments (1)

no-strip-tags.diff (954 bytes) - added by wonderboymusic 9 years ago.

Download all attachments as: .zip

Change History (8)

#1 @solarissmoke
11 years ago

This is because wordpress allows HTML in post titles and <something is mistaken for a malformed tag.

See #4789 and #14361 which are related.

As a workaround, use the entity reference for left bracket (&lt;) instead.

#2 @wonderboymusic
9 years ago

  • Keywords has-patch added; needs-patch removed

sanitize_title_with_dashes() calls strip_tags() which is a dumb function. From php.net:

Because strip_tags() does not actually validate the HTML, partial, or broken tags can result in the removal of more text/data than expected.

wp_filter_nohtml_kses() does the trick. With my patch, "test <post goes <em>here</em><br /><this is some more" produces this as a post_name:


#3 @wonderboymusic
9 years ago

Patch refreshed - now produces:


#4 @nacin
9 years ago

  • Keywords 3.6-early added

#5 @wonderboymusic
9 years ago

  • Milestone changed from Awaiting Review to 3.6

#6 @markjaquith
9 years ago

no-strip-tags.diff has bad performance implications. Takes 3.4x longer. We can't be running KSES on something like this, which would reasonably be used on the front end.

#7 @markjaquith
9 years ago

  • Milestone 3.6 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Not worth the performance cost.

Note: See TracTickets for help on using tickets.