Opened 16 years ago
Closed 15 years ago
#9402 closed enhancement (fixed)
Validation fixes - "&" instead of "&"
Reported by: | simek | Owned by: | |
---|---|---|---|
Milestone: | 2.8 | Priority: | low |
Severity: | trivial | Version: | 2.8 |
Component: | Validation | Keywords: | has-patch tested commit |
Focuses: | Cc: |
Description
Validation fixes for latest WP revision.
Some "&" signs are replaced with "&" tag in mentioned below files:
- wp-admin\plugin-editor.php
- wp-admin\theme-editor.php
- wp-admin\includes\update.php
Patch file attached into ticket
Attachments (4)
Change History (15)
#2
follow-ups:
↓ 3
↓ 6
@
16 years ago
Did you do these changes based on finding invalid ampersands, or did you just replace them all? clean_url()
does the &
entity encoding, so those changes aren't necessary if clean_url()
is still functioning properly.
#3
in reply to:
↑ 2
@
16 years ago
And when I say "these changes" I mean "the changes for strings passed through clean_url()"
#6
in reply to:
↑ 2
@
15 years ago
Replying to markjaquith:
Did you do these changes based on finding invalid ampersands, or did you just replace them all?
clean_url()
does the&
entity encoding, so those changes aren't necessary ifclean_url()
is still functioning properly.
I did this by validating the output. So the patched places are locations that I could identify as the source of the invalid output passed through all programm logic before outputted. well, make easy things complicated. short answer is: "by finding invalid ampersands by hand, not by replace all".
#7
@
15 years ago
- Keywords needs-patch added; has-patch removed
- Milestone changed from 2.8 to 2.9
moving to 2.9, as patch needs to be refreshed
#8
@
15 years ago
I got myself mixed up with the wrong ticket in my last comment. anyway, I will take a look into the issue to get a more actual patch.
#9
@
15 years ago
- Keywords has-patch added; needs-patch removed
- Milestone changed from 2.9 to 2.8
The following Functions add & or & automatically and therefore the places did not needed a patch any longer:
- clean_url
- wp_nonce_url
The the wp() function is based on the server request which is an URI that contains &. & / & is only used for XHTML output. This reduces the patch as well.
Some functions aren't using XHTML-Encoded URIs:#
- get_categories
wp-admin/includes/plugin-install.php - already fixed
wp-admin/includes/plugin.php - already fixed
wp-admin/includes/post.php - partially fixed, one script tag left
wp-admin/includes/template.php - already fixed
wp-admin/includes/theme-install.php - alread fixed
for the one script tag left I've created a patch against 2.8 bleeding.
This is only a single fix now. I would suggest to put that into 2.8. I know that it is part of another patch I've put on here: #9432 / qcop-r00-ampersand-post.patch.
More validation fixes in next patch for mentioned below files: