Opened 16 years ago
Closed 16 years ago
#9322 closed defect (bug) (fixed)
Post/Page titles aren't fully escaped
Reported by: | Viper007Bond | Owned by: | |
---|---|---|---|
Milestone: | 2.8 | Priority: | normal |
Severity: | normal | Version: | 2.8 |
Component: | Administration | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
To reproduce:
- Write a post called "
I <3 WordPress
". Note you cannot use "<
" as HTML is currently allowed in post titles (<del>
for example is a valid usage).
- Save or Publish the post. You'll notice the title of the post is now "
I <3 WordPress
". This is incorrect and will break things if you save again.
Attached patch fully escapes all post titles.
Attachments (2)
Change History (6)
Note: See
TracTickets for help on using
tickets.
Bad patch. Quotes and things now improperly get escaped.