Make WordPress Core

Opened 15 years ago

Closed 15 years ago

Last modified 15 years ago

#9432 closed defect (bug) (fixed)

Output Broken: Ticket for collecting patches to proplery encode script and other href attribute values

Reported by: hakre's profile hakre Owned by:
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7.1
Component: Validation Keywords: has-patch
Focuses: Cc:

Description

The output does not validate in certain points because ampersands (&) are not properly used within urls (should be & not a sole &).

this ticket contains patches to fix various of such issues.

Attachments (6)

qcop-r00-ampersand-post.patch (566 bytes) - added by hakre 15 years ago.
amp; was missing on post edit page
qcop-r00-ampersand-andthelike-codepress.patch (1.5 KB) - added by hakre 15 years ago.
codepress validation patch
qcop-r00-ampersand-andthelike-plugin-editor.patch (2.4 KB) - added by hakre 15 years ago.
plugin editor multiple ampersands and a missing ID (accidently taken over from the theme editor, had to be named plugin)
9432-comment-dashboard.patch (981 bytes) - added by hakre 15 years ago.
clean_url()
9432-post-script-cdata.patch (952 bytes) - added by hakre 15 years ago.
missing cdata added.
9432-package.patch (1.9 KB) - added by hakre 15 years ago.
Put both new patches into one.

Download all attachments as: .zip

Change History (20)

@hakre
15 years ago

amp; was missing on post edit page

@hakre
15 years ago

codepress validation patch

@hakre
15 years ago

plugin editor multiple ampersands and a missing ID (accidently taken over from the theme editor, had to be named plugin)

#1 @hakre
15 years ago

Finished with checking the Admin. All pages dones. This should fix all amp; Issues in the Admin but not one with generating CSS for the default theme header image. But that is not solveable w/o changing the overall parameter design.

#2 @ryan
15 years ago

  • Component changed from General to Validation
  • Owner anonymous deleted

#4 @hakre
15 years ago

when #9402 is fixed with a changeset, these patches here need to be updated.

#5 @Denis-de-Bernardy
15 years ago

  • Milestone changed from 2.8 to Future Release

patch is b0rke (or possibly it no longer applies)

#6 @ryan
15 years ago

  • Milestone changed from Future Release to 2.8
  • Resolution set to fixed
  • Status changed from new to closed

I think everything went in on other tickets.

#7 @hakre
15 years ago

_wp_dashboard_recent_comments_row() in dashboard.php is using get_comment_link() but does not escape it properly for XHTML usage. I created a helper function to do the job (so that a single point needs to be fixed in case of a bad implementation). Patch follows.

@hakre
15 years ago

clean_url()

#8 @hakre
15 years ago

forget the note about the helper function, clean_url() does it.

#9 @hakre
15 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

@hakre
15 years ago

missing cdata added.

#10 @hakre
15 years ago

clean_url() does not &ersand, esc_attr() should be used.

#11 @Denis-de-Bernardy
15 years ago

mmm, you may want to double check that. when the output is meant to be displayed (the default), it should convert un-converted & to &. westi raised a separate bug the other day, however, related to double-escaping no longer occurring or something.

@hakre
15 years ago

Put both new patches into one.

#12 @hakre
15 years ago

double checked it now, clean_url() does &038; (same as &), so it is OK to use it. esc_attr() does &, so it is OK for that to use it as well. clean_url() is my preference here.

i put both changes into one patchfile as well.

#13 @azaozz
15 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [11375]) HTML validity fixes, props hakre, fixes #9432

#14 @hakre
15 years ago

missing fixes went into a new ticket, see #10257

Note: See TracTickets for help on using tickets.