Opened 17 years ago
Closed 17 years ago
#4516 closed defect (bug) (fixed)
A bit more filtering needed on admin screens
Reported by: | jhodgdon | Owned by: | ryan |
---|---|---|---|
Milestone: | 2.3 | Priority: | normal |
Severity: | normal | Version: | 2.3 |
Component: | Administration | Keywords: | admin filter has-patch |
Focuses: | Cc: |
Description
Using 2.3 bleeding [5744], I tested today to find all the parts of the admin menu system where users of multilingual plugins (which require filtering to choose text in one language over another for post text, titles, blog title, blog description, categories, etc.) would still be seeing unfiltered text in the admin screens. Note that bugs #3595 and #4477 are also still open, and they pertain to this issue of filtering text. So, before testing, I applied the following patches for these bugs: http://trac.wordpress.org/attachment/ticket/4477/get-the-title.diff
http://trac.wordpress.org/attachment/ticket/3595/bookmark-template-php-NEW.diff
Here are the remaining items I found that were still not being filtered. Note that all of the information described is filtered elsewhere in the blog and admin screens -- these are just a couple of spots where a given bit of information is not run through the standard filters.
a) When you create a new category from the Manage / Categories page, the AJAX update that adds it to the category list above doesn't filter the category name. (When you refresh the page it gets filtered. Also note that on the Blogroll / Categories page, the AJAX add does filter the category name before adding it to the list. So it is only the AJAX for adding a category on Manage / Categories that has the problem.)
b) On the comments list page (Comments / Comments), the post names are not filtered when they are shown at the bottom right corner of the box for each comment.
c) On the blogroll categories page (Blogroll / Categories), the note about what happens when you delete a category displays an unfiltered category name for the default category. (This is not a problem on the Manage / Categories page, where the default category name is filtered.)
d) On the Options / Writing screen, the category drop-down lists have unfiltered category names (both post and link categories)
e) On the Options / Reading screen, the page drop-down lists for the static home page option are displaying unfiltered page names.
f) On the Login screen, the "Back to (blogname)" link at the bottom uses an unfiltered blog name
I'll create patches for these issues.
Attachments (7)
Change History (21)
#1
@
17 years ago
- Keywords has-patch added
I've just attached patches to fix all of these issues. A few notes (referencing the description above):
a) wp-admin/admin-ajax.php patch fixes this
b) wp-admin/includes/template.php patch fixes this.
c) No patch needed -- added additional filter for 'term_name' in plugin -- this is a new filter defined by the new taxonomy scheme. Someone will need to document these new filters in the Codex (probably me).
d) wp-admin/options-writing.php patch fixes this. Note that I am not sure why options-writing.php doesn't use one of the standard dropdown category functions instead of writing its own function to list categories?
e) No patch needed -- fixed by adding filter for 'wp_dropdown_pages' in plugin that had been missing.
f) wp-login.php patch fixes this. Note that it would be cleaner to use bloginfo() rather than apply_filters( 'bloginfo', get_bloginfo()), but the current setup uses printf to print "Back to (blog title)", and bloginfo always echos its result.
#2
@
17 years ago
I think some better API would help eliminate having to apply filters by hand everywhere.
First, let's move the bloginfo filter into get_bloginfo.
Add a 'the' context to sanitize_term() and sanitize_term_field(). 'the' will trigger the_term_$field and the_$taxonomy_$field filters in addition to the existing term_$field and $taxonomy_$field filters. We'll need to map the_$taxonomy_name to the_$taxonomy for back compat.
Add a filter argument to get_term(). If filter is specified, get_term() will use it to sanitize_term. The cache should store only unfiltered terms, so filtering should be done after the cache add.
Add a filter option to get_terms(). If a filter is specified, get_terms() will run sanitize_term() against each fetched term object.
Do the same for posts and other objects. Create sanitize_post() and sanitize_post_field() and add a filter argument to get_post().
In those places where we have to filter a field by hand, use sanitize_term_field(), sanitize_post_field(), etc. to trigger the filters instead of calling apply_filters directly.
Thoughts?
#3
@
17 years ago
If I am not mistaken, get_bloginfo is used to get the option data for some of the option screens; if that is the case, it cannot be filtered, because you need the raw information there. But I might be wrong about that.
As far as your other proposal, something like that is a good idea. There is a new filter for term_name, but it's not applied universally -- fixing that would be a good first step. The problem is that the new term taxonomy functions have been substituted for old ones in some places but not all. Consistency in always using the new taxonomy functions (which filter appropriately anyway) would go a long way.
So I opted for a band-aid...
#4
@
17 years ago
I bumped the bigger issue into its own bug: #4546
As for bloginfo, having get_bloginfo and bloginfo return different things is confusing. If someone really needs to raw option, get_option is probably better. I'll look and see what impact if any there would be on applying filters to get_bloginfo.
#5
@
17 years ago
Testing [5974] to see which of these issues still applies.
a) fixed.
b) (STILL BROKEN) On the comments list page (Comments / Comments), the post names are not filtered when they are shown at the bottom right corner of the box for each comment.
c) Fixed. However there is a new blogroll problem: on the main Blogroll management page, the Link names are unfiltered in the list. This is a reversion of an earlier bug, which I'll track down and either reopen or file again.
d) (STILL BROKEN) On the Options / Writing screen, the category drop-down lists have unfiltered category names (both post and link categories)
e) fixed
f) (STILL BROKEN) On the Login screen, the "Back to (blogname)" link at the bottom uses an unfiltered blog name
#6
@
17 years ago
Note on (c): new blogroll issue is fixed now for me, after applying patch for #3595 (or it could have been the new add_filter I put into the plugin I am using for testing)
So that leaves (b), (d), and (f). I'll work on some patches for these.
#7
@
17 years ago
I just added a new patch for template.php that fixes (b) (post names were unfiltered in comment list on Manage Comments screen in admin menus).
#8
@
17 years ago
I think the existing patch for options-writing.php should be used. There doesn't seem to be an obvious sanitize method for get_categories. ??
#9
@
17 years ago
As suggested by rboren, I revised the patches for the login system. Basically, I added a $filter argument to get_bloginfo (took the filtering logic out of bloginfo), and used it to filter the blog name displayed on the login page.
So there is a different patch for wp-login.php, and a new patch to general-template.php, both of which I'll attach in a sec.
@
17 years ago
Patch for general-template.php that adds $filter arg to get_bloginfo function (and takes filtering out of bloginfo function)
#10
@
17 years ago
So, to summarize, I suggest applying the following patches, which will fix all the above issues:
wp-login-php-2-3.diff
general-template-php.diff
template-php-2-3.diff
options-writing-php.diff
#13
@
17 years ago
I changed the patch a bit. options-writing.php sanitizes using sanitize_category(). This will apply term_name and category_name for categories and term_name, and link_category_name for link categories. These differ a bit from the old filters. We might need to add some back compat for those filters to the sanitizer.
Patch for wp-admin/admin-ajax.php