Make WordPress Core

Opened 7 years ago

Closed 6 years ago

#44274 closed defect (bug) (fixed)

htmlspecialchars call in template.php needs to be update

Reported by: khaihong's profile khaihong Owned by: johnbillion's profile johnbillion
Milestone: 4.9.7 Priority: normal
Severity: normal Version:
Component: Options, Meta APIs Keywords: has-patch fixed-major
Focuses: Cc:

Description

Under wp-admin/includes/, the call needs to be changed from
htmlspecialchars($context))
to
htmlspecialchars($context, $flags=NULL, $encoding='UTF-8'))

Otherwise, there are constant debug warnings:
htmlspecialchars(): charset not supported, assuming utf-8

I've had those warnings for themes twenty-fourteen and twenty-seventeen, using only 2 active plugins Query Monitor and Really Simple SSL.

Attachments (6)

44274 (740 bytes) - added by abdullahramzan 7 years ago.
44274.1.diff (740 bytes) - added by abdullahramzan 7 years ago.
Please consider this one.
template.php.patch (631 bytes) - added by leanderiversen 7 years ago.
template.diff (758 bytes) - added by aryamaaru 7 years ago.
44274.2.diff (766 bytes) - added by lbenicio 6 years ago.
44274.3.diff (1.4 KB) - added by palmiak 6 years ago.

Download all attachments as: .zip

Change History (13)

#1 @johnbillion
7 years ago

  • Keywords needs-patch good-first-bug added
  • Milestone changed from Awaiting Review to Future Release

Thanks for the report, @khaihong! Welcome to WordPress Trac.

It looks like this warning is coming from the do_meta_boxes() function. The $context parameter should be escaped with esc_attr() instead of htmlspecialchars().

@abdullahramzan
7 years ago

@abdullahramzan
7 years ago

Please consider this one.

#2 @SergeyBiryukov
7 years ago

  • Component changed from General to Options, Meta APIs
  • Milestone changed from Future Release to 5.0

esc_attr() accepts 1 parameter, not 3.

@aryamaaru
7 years ago

@lbenicio
6 years ago

#3 @leanderiversen
6 years ago

Like @SergeyBiryukov mentioned, esc_attr() only accepts 1 parameter.

@palmiak
6 years ago

#4 @johnbillion
6 years ago

  • Keywords has-patch added; needs-patch good-first-bug removed
  • Milestone changed from 5.0 to 4.9.7
  • Owner set to johnbillion
  • Status changed from new to reviewing

#5 @johnbillion
6 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 43365:

Options, Meta APIs: Use the correct escaping function when outputting the meta box context.

Props khaihong, abdullahramzan, leanderiversen, aryamaaru, lbenicio, palmiak

Fixes #44274

#6 @johnbillion
6 years ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

#7 @johnbillion
6 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 43366:

Options, Meta APIs: Use the correct escaping function when outputting the meta box context.

Props khaihong, abdullahramzan, leanderiversen, aryamaaru, lbenicio, palmiak

Fixes #44274

Merges [43365] to the 4.9 branch.

Note: See TracTickets for help on using tickets.