WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#9168 closed defect (bug) (fixed)

Double attribute escaping for post attachments

Reported by: dwc Owned by:
Milestone: 2.7.2 Priority: normal
Severity: normal Version: 2.7
Component: Media Keywords: has-patch
Focuses: Cc:

Description

When the rich editor is off, editing attachments causes the description field to be double encoded. This is due to the use of htmlspecialchars, when the value is already encoded in sanitize_post_field.

Switching to attribute_escape fixes this; I'll attach patches for 2.7 and trunk.

Attachments (2)

attribute-escape-media-description-2.7.patch (776 bytes) - added by dwc 6 years ago.
Use wp_specialchars instead of attribute_escape
attribute-escape-media-description-trunk.patch (776 bytes) - added by dwc 6 years ago.
Use wp_specialchars instead of attribute_escape

Download all attachments as: .zip

Change History (6)

comment:1 @FFEMTcJ6 years ago

  • Keywords has-patch added

comment:2 @sambauers6 years ago

This should use wp_specialchars, not attribute_escape. The new wp_specialchars does not double encode entities by default.

@dwc6 years ago

Use wp_specialchars instead of attribute_escape

@dwc6 years ago

Use wp_specialchars instead of attribute_escape

comment:3 @ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10700]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for trunk

comment:4 @ryan6 years ago

(In [10701]) Avoid double encoding of attachment descriptions. Props dwc. fixes #9168 for 2.7

Note: See TracTickets for help on using tickets.