[wp-trac] [WordPress Trac] #16165: Media Library Bulk Delete: Error in deleting...

WordPress Trac noreply at wordpress.org
Wed Nov 7 20:17:43 UTC 2012


#16165: Media Library Bulk Delete: Error in deleting...
------------------------------------+-----------------------------
 Reporter:  hakre                   |       Owner:  nacin
     Type:  enhancement             |      Status:  assigned
 Priority:  low                     |   Milestone:  Future Release
Component:  Administration          |     Version:  3.1
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch dev-feedback  |
------------------------------------+-----------------------------

Comment (by bpetty):

 Replying to [comment:9 scribu]:
 > From the patch:
 >
 > {{{
 > // Escape item titles displayed in error messages.
 > add_filter( 'the_title', 'esc_html' );
 > }}}
 >
 > Why is that needed?

 These are error messages, not post previews, and the wp_die() page they
 end up on don't even have the same styles set for either the current theme
 or wp-admin which would result in displaying them in yet a third,
 completely different way then the user is expecting to see them. Here,
 we're only concerned about the user identifying the corresponding post
 that failed, not display it.

 That, and it's one less place to worry about CSRF if it were ever a
 problem in post titles (not saying the post edit pages don't already trust
 titles with markup, but limiting the locations this is exposed is still
 ideal).

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16165#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list