[wp-trac] [WordPress Trac] #11311: kses converts ampersands to & in post titles, post content, and more

WordPress Trac wp-trac at lists.automattic.com
Wed May 30 13:42:13 UTC 2012


#11311: kses converts ampersands to & in post titles, post content, and more
----------------------------+-----------------------------
 Reporter:  Viper007Bond    |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  Future Release
Component:  Administration  |     Version:  2.9
 Severity:  normal          |  Resolution:
 Keywords:  needs-patch     |
----------------------------+-----------------------------
Changes (by johnbillion):

 * keywords:  needs-patch gsoc => needs-patch


Comment:

 There are actually quite a few places where WordPress is storing data with
 entities encoded. For example, a term named "This & That" will have
 entities in its name encoded, resulting in a term name of "This &
 That". Not good for when you're trying to do things with data and you
 don't want it encoded (for example, putting the term name in a 'title'
 attribute).

 The following fields are stored with encoded entities regardless of your
 user role as they all go through `wp_kses()`:

  * Term name and description
  * User first name, last name, display name, nickname and description
  * Comment author name
  * Link name, description, image, rel and notes

 Link target, comment author email, comment author URL, user email, user
 URL and link URL are also stored with encoded entities, although these
 fields typically don't contain entities.

 The best solution would be to switch to storing this data in unencoded
 form and run an upgrade routine to decode existing data when the change
 happens, but I realise that this is potentially an expensive upgrade. I'm
 not sure how to address that problem.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11311#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list