Make WordPress Core

Opened 5 years ago

Last modified 2 years ago

#24248 new defect (bug)

'guid' not properly escaped — at Version 2

Reported by: meloniq Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 2.5
Component: Posts, Post Types Keywords: has-patch has-unit-tests
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Probably related issues: #18274 #19248

'guid' being saved in database not properly escaped, example: http://www.wordpress.dev/?post_type=changeset&p=57 , see the ampersand encode & It supposed to be & or at least &

Once 'auto-draft' saved, 'guid' is correct: http://www.wordpress.dev/?post_type=changeset&p=57

Once post is saved as 'draft' or published (triggered 'update post' on auto-draft), 'guid' gets malformed.

Source of issue: inappropriate usage of get_post_field() function in the wp_insert_post()

get_post_field() defaults to 'display' context, we not specify context while obtaining field, and in the wp_insert_post() we are not going to display it anywhere, just get, check, and save again, correct?

Attached patch adds the 'raw' context to usage of get_post_field() with 'guid'

Change History (3)

5 years ago

adds 'raw' context to get_post_field() call for 'guid' field

#1 @meloniq
5 years ago

  • Cc meloniq@… added

#2 @SergeyBiryukov
5 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.