WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#9322 closed defect (bug) (fixed)

Post/Page titles aren't fully escaped

Reported by: Viper007Bond Owned by:
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.8
Component: Administration Keywords: has-patch needs-testing
Focuses: Cc:

Description

To reproduce:

  1. Write a post called "I &lt;3 WordPress". Note you cannot use "<" as HTML is currently allowed in post titles (<del> for example is a valid usage).


  1. Save or Publish the post. You'll notice the title of the post is now "I <3 WordPress". This is incorrect and will break things if you save again.

Attached patch fully escapes all post titles.

Attachments (2)

9322.patch (768 bytes) - added by Viper007Bond 5 years ago.
9322.2.patch (770 bytes) - added by Viper007Bond 5 years ago.

Download all attachments as: .zip

Change History (6)

Viper007Bond5 years ago

comment:1 Viper007Bond5 years ago

Bad patch. Quotes and things now improperly get escaped.

Viper007Bond5 years ago

comment:2 Viper007Bond5 years ago

There, working as intended now (I think).

comment:3 azaozz5 years ago

  • Milestone changed from Future Release to 2.8

comment:4 azaozz5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10787]) Fully escape Post/Page titles, props Viper007Bond, fixes #9322

Note: See TracTickets for help on using tickets.