WordPress.org

Make WordPress Core

Opened 4 years ago

Last modified 7 weeks ago

#31777 new defect (bug)

sanitize_text_field() stripping instances "%ca"

Reported by: lieutenantdan Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.1.1
Component: General Keywords:
Focuses: Cc:

Description

Forgive me if this isn't a bug, however I believe it is. But when you try to sanitize the string "%category%" with the WordPress native function sanitize_text_field() it will strip the "%ca" leaving the string "tegory%". Maybe this is a security precaution but it seems like something that should be fixed.

I found this while trying to simulate the custom permalink options in my own custom option and noticed anything containing "%ca" is removed.

Thanks for your time.

Change History (1)

#1 @playen
4 years ago

This probably has to do with %CA being URL encoding for Ê
I came across the same issue in phpList

Note: See TracTickets for help on using tickets.