Blank title caused by PHP 5.4 htmlspecialchars() changes
|Reported by:||trevHCS||Owned by:|
Due to changes in PHP 5.4 within the htmlspecialchars() function, non UTF-8 characters in a post title will cause said title to go blank.
This is similar behaviour to ticket ID #23688 except:
- That ticket affected the body of the post not the title.
- This may require a slightly diff solution.
- The affected code is in two separate scripts.
- You add / edit a post and give it a title containing "You’re"
- You save the post and it appears on the site correctly.
- However, the admin -> post screen looses the title due to the ’
- Any further updates will lose the title from the public blog.
Offending character in this case is , fancy quote mark, but any non UTF-8 character will do the same, eg: the Euro symbol.
Problem: This occurs in edit-form-advanced.php around line 331 where it says:
<?php echo esc_attr( htmlspecialchars( $post->post_title ) ); ?>
Suggested solutions: My reading of the code is that esc_attr() does basically the same thing in this case as htmlspecialchars() so perhaps removing htmlspecialchars would work?
If not, a similar solution to that other ticket could be used, but it would likely need to be something like below, although see the notes in the other ticket about normalising blog_charset.
<?php echo esc_attr( htmlspecialchars( $post->post_title, ENT_SUBSTITUTE, get_option( 'blog_charset' ) ) ); ?>
I have tested with the alternative ENT_DISALLOWED but that seems to cause blank titles too.
Finally - I wasn't 100% sure if this should be a new bug or related to the previous ticket, but as that one is old I didn't want this important problem to be missed as it affects the very nature of blog publishing.
Change History (4)
- Cc trevattdp@… added
- Keywords needs-patch removed
- Milestone Awaiting Review deleted
- Status changed from new to closed