Make WordPress Core

Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#3069 closed defect (bug) (fixed)

User description (profile) is stored in database html entity encoded

Reported by: markjaquith's profile markjaquith Owned by: markjaquith's profile markjaquith
Milestone: Priority: normal
Severity: normal Version: 2.1
Component: General Keywords: has-patch 2nd-opinion
Focuses: Cc:

Description

The user description (profile) is stored in the database encoded into html entities. This necessitates extra work if you actually want to display the user description on the site somewhere, like on their author page, and have things like links work.

Attachments (1)

no_entity_encode_user_description.diff (612 bytes) - added by markjaquith 18 years ago.
Patch for /trunk/

Download all attachments as: .zip

Change History (8)

@markjaquith
18 years ago

Patch for /trunk/

#1 @markjaquith
18 years ago

  • Keywords has-patch 2nd-opinion added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Patch removes call to wp_specialchars();

This will need a security check to make sure that wp_specialchars() call wasn't protecting against script injection. It's already kses'd via filters, however.

#2 @westi
18 years ago

Do we need to do any database upgrade on this?

Where are we kses's the profile - a quick search lead me to nothing.

#3 @ryan
18 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [4118]) Don't specialchar user description on save. fixes #3069

#4 @ryan
18 years ago

Most of the wp_specialchars calls in that function can be removed since the filters for those elements take care of specialchars.

#5 @ryan
18 years ago

(In [4230]) Don't specialchar user description on save. fixes #3069

#6 @foolswisdom
18 years ago

  • Milestone changed from 2.1 to 2.0.5

#7 @(none)
18 years ago

  • Milestone 2.0.5 deleted

Milestone 2.0.5 deleted

Note: See TracTickets for help on using tickets.