WordPress.org

Make WordPress Core

Opened 6 months ago

Closed 2 months ago

#25704 closed defect (bug) (fixed)

Quotes in link titles aren't being properly escaped in the non-"visual" text editor

Reported by: ToBeFree Owned by: azaozz
Milestone: 3.9 Priority: normal
Severity: normal Version: 3.7
Component: Editor Keywords:
Focuses: Cc:

Description

Steps to reproduce:

  • Create a new article using the "text" editor
  • Use the "insert link" button
  • Try using any URL and a title with "-quotes, like...
Here you can see the error message "404 Not Found", which is annoying.
  • Save/Publish the article, hover over the link and see what happened

In this case, it's only annoying, but there might be inputs where the result is worse.

Attachments (1)

25704-braces.patch (527 bytes) - added by TobiasBg 2 months ago.
Add braces

Download all attachments as: .zip

Change History (6)

comment:1 azaozz3 months ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 27071:

WP_Link: convert < > and " to HTML entities when setting link title for the Text editor. Fixes #25704.

comment:2 azaozz3 months ago

  • Milestone changed from Awaiting Review to 3.9

@ToBeFree thanks for the report. Yes, it is incorrect and annoying.

comment:3 TobiasBg2 months ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

This needs braces, see patch.

TobiasBg2 months ago

Add braces

comment:4 SergeyBiryukov2 months ago

#26307 was marked as a duplicate.

comment:5 SergeyBiryukov2 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 27082:

Add braces around conditionals. props TobiasBg. fixes #25704.

Note: See TracTickets for help on using tickets.