WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 6 months ago

Last modified 6 months ago

#18798 closed defect (bug) (invalid)

Sanitizing post in get_attachment_fields_to_edit() can cause double encoding under certain circumstances

Reported by: wpdavis Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.5
Component: Media Keywords: close
Focuses: Cc:

Description

In get_attachment_fields_to_edit, the $post object is sanitized using the 'edit' flag, which converts HTML entities. Under some circumstances this can cause entities to be double-encoded (as in, "), because the html entities are already

To fix this, sanitize the post using the 'raw' flag.

Attachments (1)

media.diff (369 bytes) - added by wpdavis 3 years ago.

Download all attachments as: .zip

Change History (5)

wpdavis3 years ago

comment:1 wpdavis3 years ago

FYI, checked history. The function was introduced in 2.5, it seems, and I couldn't find any discussion about why that particular flag was used. I patched it on our live site a few days ago and we haven't seen any issues.

comment:2 wpdavis2 years ago

To add some context to this ticket, we change the Post Caption field from a text field to a textarea, and when we do this everything gets double-encoded.

comment:3 wpdavis6 months ago

  • Keywords close added; has-patch removed
  • Resolution set to invalid
  • Status changed from new to closed

No longer a problem. Must have gotten fixed some other way.

comment:4 helen6 months ago

  • Milestone Awaiting Review deleted

Probably fixed with #24611 / [24446].

Note: See TracTickets for help on using tickets.