Opened 10 years ago
Closed 9 years ago
#27942 closed defect (bug) (fixed)
Site Title not escaped when using HTML entities
Reported by: | BandonRandon | Owned by: | kovshenin |
---|---|---|---|
Milestone: | 4.5 | Priority: | normal |
Severity: | normal | Version: | 2.9 |
Component: | Options, Meta APIs | Keywords: | has-patch has-unit-tests commit |
Focuses: | administration | Cc: |
Description
Today I tried to set my site title to <Brooke><Codes> and learned that the site title field escapes the < character. This is fine I thought, I'll use HTML entities. While this worked at first this also failed in the end. Is there a way to use the same escaping used on posts titles on site titles?
Here are a few screenshots to show the problem:
To me the real issue is that it fails silently. I know enough to know why it fails but to many of our users they may have a WTF reaction.
Attachments (6)
Change History (19)
#1
@
10 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to Future Release
#3
@
10 years ago
- Focuses administration added
- Keywords needs-unit-tests added
- Version changed from trunk to 2.9
Seems like a simple fix, should probably update the patch to space out the attribute to conform with the coding standards.
I did test a few versions back, and in 2.0 when sanitize_option
was introduced this was not a problem, but in 2.9 it does happen, so somewhere along that road a regression occurred that was missed.
We should probably also have unit tests for sanitize_option
when considering all the functions the various cases relies on.
#4
@
10 years ago
Should probably update the patch to space out the attribute to conform with the coding standards.
Added in 27942.2.patch
This ticket was mentioned in IRC in #wordpress-dev by Clorith. View the logs.
10 years ago
#10
@
9 years ago
- Keywords needs-testing has-unit-tests added
Updated patch against trunk and added unit test.
#11
@
9 years ago
- Keywords 2nd-opinion added
Seems to work. Unit tests pass. Much better user experience.
#12
@
9 years ago
- Keywords commit added; needs-testing 2nd-opinion removed
- Milestone changed from Future Release to 4.5
- Owner set to kovshenin
- Status changed from new to assigned
Added unit tests for blogdescription too. Also looked into some history, goes all the way back to r5541 and looks like it's good to go.
I dung into this some more and learned that you are able to use valid HTML in the site title. For example if you decided to use
<em>Site</em> <strong> Title</strong>
the title will save and output correctly.It looks like this problem is only occurring when using invalid HTML.
I have submitted a patch that switches from using
wp_kses_post
tohtmlentities2
in formatting.php resolving this issue.