Make WordPress Core

Opened 13 years ago

Closed 11 years ago

Last modified 11 years ago

#18798 closed defect (bug) (invalid)

Sanitizing post in get_attachment_fields_to_edit() can cause double encoding under certain circumstances

Reported by: wpdavis's profile wpdavis Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.5
Component: Media Keywords: close
Focuses: Cc:

Description

In get_attachment_fields_to_edit, the $post object is sanitized using the 'edit' flag, which converts HTML entities. Under some circumstances this can cause entities to be double-encoded (as in, "), because the html entities are already

To fix this, sanitize the post using the 'raw' flag.

Attachments (1)

media.diff (369 bytes) - added by wpdavis 13 years ago.

Download all attachments as: .zip

Change History (5)

@wpdavis
13 years ago

#1 @wpdavis
13 years ago

FYI, checked history. The function was introduced in 2.5, it seems, and I couldn't find any discussion about why that particular flag was used. I patched it on our live site a few days ago and we haven't seen any issues.

#2 @wpdavis
13 years ago

To add some context to this ticket, we change the Post Caption field from a text field to a textarea, and when we do this everything gets double-encoded.

#3 @wpdavis
11 years ago

  • Keywords close added; has-patch removed
  • Resolution set to invalid
  • Status changed from new to closed

No longer a problem. Must have gotten fixed some other way.

#4 @helen
11 years ago

  • Milestone Awaiting Review deleted

Probably fixed with #24611 / [24446].

Note: See TracTickets for help on using tickets.