Opened 17 years ago
Closed 15 years ago
#4723 closed defect (bug) (duplicate)
kses removes last attribute in empty xhtml elements
Reported by: | whoismanu | Owned by: | markjaquith |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.2.1 |
Component: | Formatting | Keywords: | kses posting verification formatting |
Focuses: | Cc: |
Description
wp_filter_post_kses
removes the last attribute from an empty xhtml tag (even if it is an allowed one) if there is no whitespace between the last attribute and the closing />
. Now, according to my understanding of the xhtml specification there
doesn't have to be a whitespace.
Here's an example with an img tag (especially annoying because it kills the src attribute and you are left with no clue as to why your image doesn't show up):
$texttest = '<img width="700" height="525" alt="Wrecked I" src="http://www.whoismanu.com/wp-content/2007_08/img_2659_web.jpg"/>'; wp_filter_post_kses($texttest);
And here's what goes into kses and what comes out:
data in: <img width="700" height="525" alt="Wrecked I" src="http://www.whoismanu.com/wp-content/2007_08/img_2659_web.jpg"/> data out: <img width="700" height="525" alt="Wrecked I">
Here's an example where there is whitespace, kses handles it correctly:
$texttest = '<img width="700" height="525" alt="Wrecked I" src="http://www.whoismanu.com/wp-content/2007_08/img_2659_web.jpg" />'; wp_filter_post_kses($texttest);
Here's the result:
data in: <img width="700" height="525" alt="Wrecked I" src="http://www.whoismanu.com/wp-content/2007_08/img_2659_web.jpg" /> data out: <img width="700" height="525" alt="Wrecked I" src="http://www.whoismanu.com/wp-content/2007_08/img_2659_web.jpg" />
Attachments (1)
Change History (7)
#4
@
15 years ago
confirmed, this is still current. Even more worse, that function now addslashes:
in: string '<img width="700" height="525" alt="Wrecked I" src="http://www.whoismanu.com/wp-content/2007_08/img_2659_web.jpg"/>' (length=114) out: string '<img width=\"700\" height=\"525\" alt=\"Wrecked I\">' (length=52)
looks like the faulty stripslashes mis-concept in wordpress breaks necks again.
Confirmed on latest trunk (r5859).