[buddypress-trac] [BuddyPress] #2603: [patch] has-xprofile field values aren't sanitised in database
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Mon Aug 30 11:22:55 UTC 2010
#2603: [patch] has-xprofile field values aren't sanitised in database
----------------------+-----------------------------------------------------
Reporter: DJPaul | Owner: DJPaul
Type: defect | Status: assigned
Priority: blocker | Milestone: 1.2.6
Component: XProfile | Keywords: has-patch, dev-feedback
----------------------+-----------------------------------------------------
Changes (by DJPaul):
* keywords: has-patch => has-patch, dev-feedback
Comment:
sanitize_text_field calls wp_strip_all_tags. Currently, BP allows
wp_filter_kses filtered tags in text boxes/areas, and displays those on
both view/edit screens.
For textareas, WP only calls wp_filter_kses.
Therefore, it seems that BP is okay for textareas as we already uses kses.
Removing tags from textbox xProfile fields could be considered a
substantial change in behaviour?
--
Ticket URL: <http://trac.buddypress.org/ticket/2603#comment:13>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list