Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #43252, comment 2


Ignore:
Timestamp:
02/07/2018 09:53:16 PM (7 years ago)
Author:
jrf
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #43252, comment 2

    initial v1  
    11I agree this should be reverted and shouldn't have been changed in the first place, however, it was changed because of an underlying issue, i.e. HTML entities not being escaped in the text being passed to the editor.
    22
    3 IMO, the patch should be updated to properly escape the entities, like below:
     3~~IMO, the patch should be updated to properly escape the entities, like below:~~
     4
     5
     6----
     7
     8
     9Actually, I was too quick in my response and missed that the textarea wasn't intended to display the php code for editing. Sorry about that.
     10
     11So, reboot.
     12
     13Looking at the code properly, IMO, it should be changed as follows:
     14
    415
    516{{{
    6                 <textarea class="comment" rows="1" cols="1">&lt;?php
    7                         /** This filter is documented in wp-admin/includes/comment.php */
    8                         echo esc_textarea( apply_filters( 'comment_edit_pre', $comment->comment_content ) );
    9                 ?&gt;</textarea>
     17                <?php
     18                /** This filter is documented in wp-admin/includes/comment.php */
     19                $filtered_comment = apply_filters( 'comment_edit_pre', $comment->comment_content );
     20                ?>
     21
     22                <textarea class="comment" rows="1" cols="1"><?php echo esc_textarea( $filtered_comment ); ?></textarea>
    1023}}}
     24
     25
     26Or alternatively, don't bother with the inline HTML at all:
     27
     28{{{#!php
     29<?php
     30                <?php
     31                echo '<textarea class="comment" rows="1" cols="1">';
     32                /** This filter is documented in wp-admin/includes/comment.php */
     33                echo esc_textarea( apply_filters( 'comment_edit_pre', $comment->comment_content ) );
     34                echo '</textarea>';
     35
     36}}}