WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#9168 closed defect (bug) (fixed)

Double attribute escaping for post attachments

Reported by: dwc Owned by:
Milestone: 2.7.2 Priority: normal
Severity: normal Version: 2.7
Component: Media Keywords: has-patch
Focuses: Cc:

Description

When the rich editor is off, editing attachments causes the description field to be double encoded. This is due to the use of htmlspecialchars, when the value is already encoded in sanitize_post_field.

Switching to attribute_escape fixes this; I'll attach patches for 2.7 and trunk.

Attachments (2)

attribute-escape-media-description-2.7.patch (776 bytes) - added by dwc 5 years ago.
Use wp_specialchars instead of attribute_escape
attribute-escape-media-description-trunk.patch (776 bytes) - added by dwc 5 years ago.
Use wp_specialchars instead of attribute_escape

Download all attachments as: .zip

Change History (6)

comment:1 FFEMTcJ5 years ago

  • Keywords has-patch added

comment:2 sambauers5 years ago

This should use wp_specialchars, not attribute_escape. The new wp_specialchars does not double encode entities by default.

dwc5 years ago

Use wp_specialchars instead of attribute_escape

dwc5 years ago

Use wp_specialchars instead of attribute_escape

comment:3 ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10700]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for trunk

comment:4 ryan5 years ago

(In [10701]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for 2.7

Note: See TracTickets for help on using tickets.