[wp-hackers] Bug when post title contains > and "
elharo at metalab.unc.edu
Sat Mar 17 19:47:17 GMT 2007
> So, what goes into the title definitely needs to be sanitized. Wait, didn't
> I see something about this, and that it's fixed in 2.1.3?
Possibly, though I thought that was something different.
Part of the problem is that the documentation is insufficiently clear
about what functions like the_title_rss and the-title do or don't do to
the text before returning it.
I think what happens is that all text is stored in the database just as
the user enters it in the forms (though I'm not certain about that) and
that different functions escape or strip this text in different ways. It
would be nice if the documentation specified how they do that. Even if I
can figure this out by experiment, I'm still never quite sure what may
change in the next release. Once a function's behavior is documented I'm
confident that the programmer meant it to behave in a certain way, not
that's merely an accident of implementation I shouldn't depend on.
Elliotte Rusty Harold elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!
More information about the wp-hackers