Make WordPress Core

Opened 11 years ago

Closed 10 years ago

#25704 closed defect (bug) (fixed)

Quotes in link titles aren't being properly escaped in the non-"visual" text editor

Reported by: tobefree's profile ToBeFree Owned by: azaozz's profile azaozz
Milestone: 3.9 Priority: normal
Severity: normal Version: 3.7
Component: Editor Keywords:
Focuses: Cc:


Steps to reproduce:

  • Create a new article using the "text" editor
  • Use the "insert link" button
  • Try using any URL and a title with "-quotes, like...
Here you can see the error message "404 Not Found", which is annoying.
  • Save/Publish the article, hover over the link and see what happened

In this case, it's only annoying, but there might be inputs where the result is worse.

Attachments (1)

25704-braces.patch (527 bytes) - added by TobiasBg 10 years ago.
Add braces

Download all attachments as: .zip

Change History (6)

#1 @azaozz
10 years ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 27071:

WP_Link: convert < > and " to HTML entities when setting link title for the Text editor. Fixes #25704.

#2 @azaozz
10 years ago

  • Milestone changed from Awaiting Review to 3.9

@ToBeFree thanks for the report. Yes, it is incorrect and annoying.

#3 @TobiasBg
10 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

This needs braces, see patch.

10 years ago

Add braces

#4 @SergeyBiryukov
10 years ago

#26307 was marked as a duplicate.

#5 @SergeyBiryukov
10 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 27082:

Add braces around conditionals. props TobiasBg. fixes #25704.

Note: See TracTickets for help on using tickets.