[wp-trac] [WordPress Trac] #8002: Term names and descriptions are being encoded before being saved in the database

WordPress Trac wp-trac at lists.automattic.com
Wed Oct 29 16:19:53 GMT 2008


#8002: Term names and descriptions are being encoded before being saved in the
database
-------------------------+--------------------------------------------------
 Reporter:  josephscott  |       Owner:     
     Type:  defect       |      Status:  new
 Priority:  normal       |   Milestone:  2.8
Component:  Taxonomy     |     Version:     
 Severity:  normal       |    Keywords:     
-------------------------+--------------------------------------------------
 When a new term (tag or category) name or description is saved with an &
 in it, that gets stored in the database as &.  The correct thing to do
 would be to store the value original value in the database and encode it
 when displaying it in certain contexts, like on the web.  This would allow
 for the APIs (XML-RPC and {{{AtomPub}}}) to be able to expose the the non-
 encoded value.

 I followed the code path to the {{{sanitize_term_field}}} function in wp-
 includes/taxonomy.php.  Here the term values get different filters applied
 depending on the context.  In the case of saving a new term the 'db'
 context is used and applies the 'pre_term_name' filter, which by default
 includes strip_tags, trim, wp_filter_kses and wp_specialchars.

 It's wp_filter_kses that is changing the & to & before getting saved,
 but if that's removed then wp_specialchars will also try to encode it.  As
 a test I saved a new term with a real & in the database by removing the
 wp_filter_kses and wp_specialchars filters for pre_term_name.  This
 worked, but caused another problem because the & was no longer showing as
 & on the web.  The assumption being that since it was encoded before
 being saved, no reason to try and encode it when displaying it on the web.

 This will require targeted work on fixing the save and display filters.
 Unfortunately because of the timing we'll have to push this work to after
 2.7 is released.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8002>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list