Make WordPress Core

Opened 18 years ago

Closed 18 years ago

#1978 closed defect (bug) (fixed)

Quotes in post title make it into the title for comments_popup_link()

Reported by: viper007bond's profile Viper007Bond Owned by: markjaquith's profile markjaquith
Milestone: 2.1 Priority: high
Severity: major Version: 2.0
Component: Administration Keywords: bg|has-patch bg|commit
Focuses: Cc:

Description

If you have a post with quotes in it, they make it into the title for the comments_popup_link() link. This makes invalid code.

Example:

Post title = Announcing "Alphabetical Plugins"

Then this code:

comments_popup_link('Comments Off', '1 Comment »', '% Comments »');

produces:

<a href="http://www.viper007bond.com/archives/2005/11/27/announcing-alphabetical-plugins/#respond" title="Comment on Announcing "Alphabetical Plugins"">Comments Off</a>

Solution: htmlspecialchars() or wp_texturize() needs to be run on the post title before it's used.

Attachments (2)

patch_texturizetitle.diff (542 bytes) - added by abhay 18 years ago.
wraps wptexturize() around $post_title
patch.diff (546 bytes) - added by markjaquith 18 years ago.

Download all attachments as: .zip

Change History (13)

@abhay
18 years ago

wraps wptexturize() around $post_title

#1 @abhay
18 years ago

Since you didn't attach the diff file yourself, I just did it for ya. Props to you for solution.

#2 @Viper007Bond
18 years ago

Much appreciated. :) I don't have any SVN software or anything to make a diff file with, so... :/

#3 @Viper007Bond
18 years ago

  • Priority changed from normal to high

#4 @Viper007Bond
18 years ago

  • Keywords bg|has-patch added

Not sure if wp_texturize() or htmlspecialchars() is the preferred thing for this BTW.

#5 @sjmurdoch
18 years ago

  • Cc sjmurdoch added

#6 @markjaquith
18 years ago

  • Keywords bg|commit added
  • Milestone set to 2.1
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

@markjaquith
18 years ago

#7 @markjaquith
18 years ago

My patch uses wp_specialchars()

#8 @Viper007Bond
18 years ago

Yeah, that's best.

When I wrote this over 3 months ago, I wasn't aware of how to create patches and the function wp_specialchars(). I was such a noob. :D

#9 @metallman
18 years ago

wp_specialchars needs to be called with a true second argument to actually replace quotes. Like this wp_specialchars($post->post_title, 1).

If this change is done to the patch, it works for me.

#10 @thetorpedodog
18 years ago

I've got a different patch on ticket #2625 that uses applying the filters for the_title. It does all the fancy quote and dash nonsense and other things applied to post_title().

#11 @Viper007Bond
18 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed via #2915 (about time!)

Note: See TracTickets for help on using tickets.