WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#3069 closed defect (bug) (fixed)

User description (profile) is stored in database html entity encoded

Reported by: markjaquith Owned by: markjaquith
Milestone: Priority: normal
Severity: normal Version: 2.1
Component: General Keywords: has-patch 2nd-opinion
Focuses: Cc:

Description

The user description (profile) is stored in the database encoded into html entities. This necessitates extra work if you actually want to display the user description on the site somewhere, like on their author page, and have things like links work.

Attachments (1)

no_entity_encode_user_description.diff (612 bytes) - added by markjaquith 9 years ago.
Patch for /trunk/

Download all attachments as: .zip

Change History (8)

@markjaquith9 years ago

Patch for /trunk/

comment:1 @markjaquith9 years ago

  • Keywords has-patch 2nd-opinion added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Patch removes call to wp_specialchars();

This will need a security check to make sure that wp_specialchars() call wasn't protecting against script injection. It's already kses'd via filters, however.

comment:2 @westi9 years ago

Do we need to do any database upgrade on this?

Where are we kses's the profile - a quick search lead me to nothing.

comment:3 @ryan9 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [4118]) Don't specialchar user description on save. fixes #3069

comment:4 @ryan9 years ago

Most of the wp_specialchars calls in that function can be removed since the filters for those elements take care of specialchars.

comment:5 @ryan9 years ago

(In [4230]) Don't specialchar user description on save. fixes #3069

comment:6 @foolswisdom9 years ago

  • Milestone changed from 2.1 to 2.0.5

comment:7 @anonymous9 years ago

  • Milestone 2.0.5 deleted

Milestone 2.0.5 deleted

Note: See TracTickets for help on using tickets.