WordPress.org

Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#6374 closed defect (bug) (fixed)

Editing a Post With an Existing Custom Field Value Containing an HTML Encoded Entity Produces an Unescaped Character Upon Save.

Reported by: qweenie Owned by: markjaquith
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.5
Component: Administration Keywords:
Focuses: Cc:

Description (last modified by lloydbudd)

Editing a Post With an Existing Custom Field Value Containing an HTML Encoded Entity Produces an Unescaped Character Upon Save.

ENV: WP trunk 2.5 revision 7502
Repro: Always
Steps:

  1. update a custom field with value of 'lopez & gwatney'
  2. view post and the source of page shows a valid html escaped entity 'lopez & gwatney'
  3. edit same post changing category and save
  4. view post and the source of page shows invalid unescaped character. 'lopez & gwatney'

Expected Result:
Source of page to show 'lopez & gwatney' when displaying custom field value

Change History (3)

#1 @lloydbudd
11 years ago

  • Description modified (diff)
  • Milestone set to 2.6
  • Version set to 2.5

#2 @markjaquith
11 years ago

  • Milestone changed from 2.6 to 2.5
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

Looks like we moved to using a <textarea /> but are still using attribute_escape() instead of htmlspecialchars()

#3 @markjaquith
11 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [7506]) Preserve HTML entities in Custom Fields. fixes #6374

Note: See TracTickets for help on using tickets.