Make WordPress Core

Opened 2 weeks ago

Closed 2 days ago

Last modified 20 hours ago

#62551 closed defect (bug) (fixed)

search field (users) looses AT sign in field after editting profile

Reported by: pctevree's profile PcTevree Owned by:
Milestone: 6.8 Priority: normal
Severity: normal Version: 6.7.1
Component: Users Keywords: has-patch has-testing-info
Focuses: administration Cc:

Description

We noticed that at the search field (users) if you search for a email-address, it looses the AT (@) sign in searchfield after editting profile and clicking the "to to users" button, the mailaddress IS filled in, but the @ sign is gone.

1 minute explainer video: https://youtu.be/xD5P_LkGH4s

Hope you can make this better.

Attachments (2)

#62551-without-patch.mov (8.4 MB) - added by shanemuir 3 days ago.
62551 - Test without patch
#65221-with-patch.mov (6.1 MB) - added by shanemuir 3 days ago.
65221 - With patch applied

Change History (13)

#1 follow-up: @knutsp
2 weeks ago

  • Component changed from General to Users
  • Focuses administration added
  • Keywords reporter-feedback added; needs-patch removed

Hello @PcTevree and welcome to Trac!

I just tested by searching for a user with en email adddress, edited, saved and went back to the search results using the backlink.

Ths full email address, including the @, still appeared in the search field.

Only difference was that I did not test with Storefront, but with several other classic themes, plus with the Twenty Twenty-Five theme. Did you try other themes?

Last edited 2 weeks ago by knutsp (previous) (diff)

#2 @PcTevree
2 weeks ago

Hi @knutsp

Plse check https://youtu.be/wSo4w_9Utw8 <-- new video

Its only wordpress installed, if you want i can skip you a login of this test area (can i post that secure here?)

... BUT i get this at all my wp-websites online, regardlessly also of what host.

Last edited 2 weeks ago by PcTevree (previous) (diff)

#3 in reply to: ↑ 1 @siliconforks
2 weeks ago

Replying to knutsp:

I just tested by searching for a user with en email adddress, edited, saved and went back to the search results using the backlink.

Ths full email address, including the @, still appeared in the search field.

That's odd, I tested it and was able to reproduce the issue easily (using the latest trunk version of WordPress).

Are you running an older version of WordPress? I suspect this issue may have been introduced a few months ago (in r58069).

See this line which will strip out any %-encoded characters, including the @ symbol (encoded as %40).

$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : '';

This ticket was mentioned in PR #7883 on WordPress/wordpress-develop by @yogeshbhutkar.


2 weeks ago
#4

  • Keywords has-patch added

#5 @yogeshbhutkar
2 weeks ago

Hi @PcTevree,

Welcome to Trac and Thanks for reporting the issue. I was able to reproduce the issue at my end and have submitted a potential solution for the bug.

Also, thanks to @siliconforks for analyzing the bug, and yes, the issue was caused by sanitize_text_field itself as it was stripping out all the %-encoded characters, replacing it with sanitize_url made more sense (as wp_http_referrer is not a generic text field) and fixed the issue.

#6 @yogeshbhutkar
2 weeks ago

  • Keywords reporter-feedback removed

#7 @stromhalm
3 days ago

#62659 was marked as a duplicate.

@shanemuir
3 days ago

62551 - Test without patch

@shanemuir
3 days ago

65221 - With patch applied

#8 @shanemuir
3 days ago

  • Keywords has-testing-info added

Test Report

Description

This report validates whether the indicated patch works as expected.

Patch tested: https://patch-diff.githubusercontent.com/raw/WordPress/wordpress-develop/pull/7883.diff

Environment

  • WordPress: 6.8-alpha-59274-src
  • PHP: 8.2.26
  • Server: Apache/2.4.62 (Unix) OpenSSL/3.4.0 PHP/8.2.26
  • Database: mysqli (Server: 8.0.39 / Client: mysqlnd 8.2.26)
  • Browser: Chrome 131.0.0.0
  • OS: macOS
  • Theme: Twenty Twenty-Five 1.0
  • MU Plugins: None activated
  • Plugins:
    • Test Reports 1.2.0

Actual Results

  1. ✅ Issue resolved with patch.

Supplemental Artifacts

Reproduced issue without patch:- https://core.trac.wordpress.org/attachment/ticket/62551/%2362551-without-patch.mov

Issue resolved with patch applied:- https://core.trac.wordpress.org/attachment/ticket/62551/%2365221-with-patch.mov

#9 @SergeyBiryukov
2 days ago

  • Resolution set to fixed
  • Status changed from new to closed

In 59496:

Coding Standards: Use correct escaping function for wp_http_referer.

Follow-up to [58069].

Props yogeshbhutkar, sainathpoojary, PcTevree, knutsp, siliconforks, stromhalm, shanemuir.
Fixes #62551.

#10 @SergeyBiryukov
2 days ago

  • Milestone changed from Awaiting Review to 6.8

@SergeyBiryukov commented on PR #7883:


20 hours ago
#11

Thanks for the PR! Merged in r59496.

Note: See TracTickets for help on using tickets.