WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#3069 closed defect (bug) (fixed)

User description (profile) is stored in database html entity encoded

Reported by: markjaquith Owned by: markjaquith
Milestone: Priority: normal
Severity: normal Version: 2.1
Component: General Keywords: has-patch 2nd-opinion
Focuses: Cc:

Description

The user description (profile) is stored in the database encoded into html entities. This necessitates extra work if you actually want to display the user description on the site somewhere, like on their author page, and have things like links work.

Attachments (1)

no_entity_encode_user_description.diff (612 bytes) - added by markjaquith 10 years ago.
Patch for /trunk/

Download all attachments as: .zip

Change History (8)

@markjaquith
10 years ago

Patch for /trunk/

#1 @markjaquith
10 years ago

  • Keywords has-patch 2nd-opinion added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Patch removes call to wp_specialchars();

This will need a security check to make sure that wp_specialchars() call wasn't protecting against script injection. It's already kses'd via filters, however.

#2 @westi
10 years ago

Do we need to do any database upgrade on this?

Where are we kses's the profile - a quick search lead me to nothing.

#3 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [4118]) Don't specialchar user description on save. fixes #3069

#4 @ryan
10 years ago

Most of the wp_specialchars calls in that function can be removed since the filters for those elements take care of specialchars.

#5 @ryan
10 years ago

(In [4230]) Don't specialchar user description on save. fixes #3069

#6 @foolswisdom
10 years ago

  • Milestone changed from 2.1 to 2.0.5

#7 @anonymous
9 years ago

  • Milestone 2.0.5 deleted

Milestone 2.0.5 deleted

Note: See TracTickets for help on using tickets.