Changes between Initial Version and Version 1 of Ticket #43252, comment 2
- Timestamp:
- 02/07/2018 09:53:16 PM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #43252, comment 2
initial v1 1 1 I agree this should be reverted and shouldn't have been changed in the first place, however, it was changed because of an underlying issue, i.e. HTML entities not being escaped in the text being passed to the editor. 2 2 3 IMO, the patch should be updated to properly escape the entities, like below: 3 ~~IMO, the patch should be updated to properly escape the entities, like below:~~ 4 5 6 ---- 7 8 9 Actually, I was too quick in my response and missed that the textarea wasn't intended to display the php code for editing. Sorry about that. 10 11 So, reboot. 12 13 Looking at the code properly, IMO, it should be changed as follows: 14 4 15 5 16 {{{ 6 <textarea class="comment" rows="1" cols="1"><?php 7 /** This filter is documented in wp-admin/includes/comment.php */ 8 echo esc_textarea( apply_filters( 'comment_edit_pre', $comment->comment_content ) ); 9 ?></textarea> 17 <?php 18 /** This filter is documented in wp-admin/includes/comment.php */ 19 $filtered_comment = apply_filters( 'comment_edit_pre', $comment->comment_content ); 20 ?> 21 22 <textarea class="comment" rows="1" cols="1"><?php echo esc_textarea( $filtered_comment ); ?></textarea> 10 23 }}} 24 25 26 Or alternatively, don't bother with the inline HTML at all: 27 28 {{{#!php 29 <?php 30 <?php 31 echo '<textarea class="comment" rows="1" cols="1">'; 32 /** This filter is documented in wp-admin/includes/comment.php */ 33 echo esc_textarea( apply_filters( 'comment_edit_pre', $comment->comment_content ) ); 34 echo '</textarea>'; 35 36 }}}