WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#9168 closed defect (bug) (fixed)

Double attribute escaping for post attachments

Reported by: dwc Owned by:
Milestone: 2.7.2 Priority: normal
Severity: normal Version: 2.7
Component: Media Keywords: has-patch
Focuses: Cc:

Description

When the rich editor is off, editing attachments causes the description field to be double encoded. This is due to the use of htmlspecialchars, when the value is already encoded in sanitize_post_field.

Switching to attribute_escape fixes this; I'll attach patches for 2.7 and trunk.

Attachments (2)

attribute-escape-media-description-2.7.patch (776 bytes) - added by dwc 8 years ago.
Use wp_specialchars instead of attribute_escape
attribute-escape-media-description-trunk.patch (776 bytes) - added by dwc 8 years ago.
Use wp_specialchars instead of attribute_escape

Download all attachments as: .zip

Change History (6)

#1 @FFEMTcJ
8 years ago

  • Keywords has-patch added

#2 @sambauers
8 years ago

This should use wp_specialchars, not attribute_escape. The new wp_specialchars does not double encode entities by default.

@dwc
8 years ago

Use wp_specialchars instead of attribute_escape

@dwc
8 years ago

Use wp_specialchars instead of attribute_escape

#3 @ryan
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10700]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for trunk

#4 @ryan
8 years ago

(In [10701]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for 2.7

Note: See TracTickets for help on using tickets.