Opened 17 years ago
Closed 17 years ago
#6888 closed defect (bug) (fixed)
Colon in title attribute causes truncation
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 2.7 | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
Example here:
Reproduced in a unit test here, class WPTestAttributeFiltering:
http://svn.automattic.com/wordpress-tests/wp-testcase/test_post_output.php
Test results:
1) test_the_content(WPTestAttributeFiltering) Failed asserting that two strings are equal. expected string <<p><span class="Z3988" title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.aulast=Mariat&rft.aufirst=Denis&rft. au=Denis+Mariat&rft.au=Sead+Taourit&rft.au=G%C3%A9rard+Gu%C3%A9rin& rft.title=Genetics+Selection+Evolution&rft.atitle=&rft.date=2003&rft. volume=35&rft.issue=1&rft.spage=119&rft.epage=133&rft.genre=article& rft.id=info:DOI/10.1051%2Fgse%3A2002039"></span>Mariat, D., Taourit, S., Guérin, G. (2003). . <span style="font-style: italic;">Genetics Selection Evolution, 35</span>(1), 119-133. DOI: <a rev="review" href= "http://dx.doi.org/10.1051/gse:2002039">10.1051/gse:2002039</a></p>> difference < xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????> got string <<p><span class="Z3988" title="DOI/10.1051%2Fgse%3A2002039"></span>Mariat, D., Taourit, S., Guérin, G. (2003). . <span style="italic;">Genetics Selection Evolution, 35</span>(1), 119-133. DOI: <a rev="review" href="http://dx.doi.org/10.1051/gse:2002039">10.1051/gse:2002039</a></p>>
The results match those shown in the blog post. Presumably a kses issue.
Change History (4)
Note: See
TracTickets for help on using
tickets.
Actually it can be trivially reproduced by any title attribute containing a colon. Any text before the colon is stripped, most likely by the bad_protocol functions in kses.
See WPTestAttributeColon in the same wp-testcase file.
Possible fixes: either the bad protocol filters shouldn't be applied to Title (if that's safe); or they should be made more specific so they only filter sequences that actually look like URL protocols (allowing of course for % and entity encoding).