Make WordPress Core

Opened 15 years ago

Closed 15 years ago

Last modified 15 years ago

#3069 closed defect (bug) (fixed)

User description (profile) is stored in database html entity encoded

Reported by: markjaquith Owned by: markjaquith
Milestone: Priority: normal
Severity: normal Version: 2.1
Component: General Keywords: has-patch 2nd-opinion
Focuses: Cc:


The user description (profile) is stored in the database encoded into html entities. This necessitates extra work if you actually want to display the user description on the site somewhere, like on their author page, and have things like links work.

Attachments (1)

no_entity_encode_user_description.diff (612 bytes) - added by markjaquith 15 years ago.
Patch for /trunk/

Download all attachments as: .zip

Change History (8)

15 years ago

Patch for /trunk/

#1 @markjaquith
15 years ago

  • Keywords has-patch 2nd-opinion added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Patch removes call to wp_specialchars();

This will need a security check to make sure that wp_specialchars() call wasn't protecting against script injection. It's already kses'd via filters, however.

#2 @westi
15 years ago

Do we need to do any database upgrade on this?

Where are we kses's the profile - a quick search lead me to nothing.

#3 @ryan
15 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [4118]) Don't specialchar user description on save. fixes #3069

#4 @ryan
15 years ago

Most of the wp_specialchars calls in that function can be removed since the filters for those elements take care of specialchars.

#5 @ryan
15 years ago

(In [4230]) Don't specialchar user description on save. fixes #3069

#6 @foolswisdom
15 years ago

  • Milestone changed from 2.1 to 2.0.5

#7 @(none)
15 years ago

  • Milestone 2.0.5 deleted

Milestone 2.0.5 deleted

Note: See TracTickets for help on using tickets.