Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#29759 closed defect (bug) (invalid)

Bug when using ampersand "&" in menutitle WP multisite

Reported by: lrgolf's profile lrgolf Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Menus Keywords:
Focuses: administration, multisite Cc:


I just discovered when using a ampersand symbol "&" in menutitles, it echos as html code on the livesite.
This only happens on a multisite network and on any roles that are not super admins. For super admins there is no problem in using the symbol.

Very strange.

Best regards
Lars Thyregod

Change History (1)

#1 @jeremyfelt
10 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version 4.0 deleted

Hi @lrgolf, thanks for the report.

In a single site configuration, administrators have the unfiltered_html capability, which means the default kses filters do not fire and & survives. In a multisite configuration, only super admins have this unfiltered_html capability. Standard site administrators will have their menu titles filtered through a chain that includes wp_kses_normalize_entities, which replaces & with &.

While this can be confusing, it is expected behavior for now. The roadmap for multisite includes a possible future where other users on a closed network are trusted with the unfiltered_html capability.

Note: See TracTickets for help on using tickets.