WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 5 weeks ago

#44183 new defect (bug)

BUG in get_the_archive_title() when get author

Reported by: Tkama Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.6
Component: Users Keywords: has-patch
Focuses: Cc:

Description

On author archive page with no posts get_the_archive_title() don't display author name - it return empty string. Example: https://wp-kama.com/author/vladlu

It is because get_the_author() which need global var $authordata, but this var is empty if user dont have any posts...

	} elseif ( is_author() ) {
		/* translators: Author archive title. 1: Author name */
		$title = sprintf( __( 'Author: %s' ), '<span class="vcard">' . get_the_author() . '</span>' );
	} elseif ( is_year() ) {

We need to think about the way to fix this. Maybe good solution is to set global $authordata for request with no posts in WP::register_globals(). Something like this:

	if ( $wp_query->is_author() ){
		if( isset( $wp_query->post ) )
			$GLOBALS['authordata'] = get_userdata( $wp_query->post->post_author );
		else
			$GLOBALS['authordata'] = get_userdata( get_queried_object()->ID );
	}

-

One more notice: it's better to use esc_html() for get_the_author() in get_the_archive_title().

	} elseif ( is_author() ) {
		/* translators: Author archive title. 1: Author name */
		$title = sprintf( __( 'Author: %s' ), '<span class="vcard">' . esc_html( get_the_author() ) . '</span>' );
	} elseif ( is_year() ) {

Attachments (1)

44183.diff (551 bytes) - added by subrataemfluence 5 weeks ago.

Download all attachments as: .zip

Change History (3)

#1 @subrataemfluence
5 weeks ago

  • Component changed from General to Users
  • Keywords has-patch added

Good point! Based on your recommendation I am submitting a proposed patch for $authordata.

However, I don't see it is super necessary to include an esc_html() with get_the_author() since it returns a pure string value ($authordata->display_name) picked directly from the wp_users table.

I don't think we have the ability to use HTML formatting for display_name field. Please correct me if I am wrong.

Last edited 5 weeks ago by subrataemfluence (previous) (diff)

#2 @Tkama
5 weeks ago

  • Version set to 4.9.6

I don't think we have the ability to use HTML formatting for display_name field. Please correct me if I am wrong.

It's a good practice to esc any vulnerable string on output. For example, some theme allows to change 'display_name' but don't sanitize the value on save, and in this case, WP will output the string as it is...

I'm not sure that's really necessary. Because get_the_archive_title() only return the string, but not echo it. But on the other hand, we have there '<span class="vcard">' html tag and we can't esc the value in future.

Note: See TracTickets for help on using tickets.