WordPress.org

Make WordPress Core

Opened 12 months ago

Last modified 2 weeks ago

#24248 new defect (bug)

'guid' not properly escaped — at Version 2

Reported by: meloniq Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 2.5
Component: Posts, Post Types Keywords: has-patch needs-unit-tests 3.7-early
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Probably related issues: #18274 #19248

'guid' being saved in database not properly escaped, example:
http://www.wordpress.dev/?post_type=changeset&p=57 , see the ampersand encode &
It supposed to be & or at least &

Once 'auto-draft' saved, 'guid' is correct: http://www.wordpress.dev/?post_type=changeset&p=57

Once post is saved as 'draft' or published (triggered 'update post' on auto-draft), 'guid' gets malformed.

Source of issue: inappropriate usage of get_post_field() function in the wp_insert_post()

get_post_field() defaults to 'display' context, we not specify context while obtaining field, and in the wp_insert_post() we are not going to display it anywhere, just get, check, and save again, correct?

Attached patch adds the 'raw' context to usage of get_post_field() with 'guid'

Change History (3)

meloniq12 months ago

adds 'raw' context to get_post_field() call for 'guid' field

comment:1 meloniq12 months ago

  • Cc meloniq@… added

comment:2 SergeyBiryukov11 months ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.