[buddypress-trac] [BuddyPress] #3213: Can't save a profile field with special characters
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Sun May 15 15:50:13 UTC 2011
#3213: Can't save a profile field with special characters
-----------------------+-------------------------------------
Reporter: javiervd | Owner:
Type: defect | Status: new
Priority: minor | Milestone: 1.3
Component: XProfile | Version: 1.2.8
Resolution: | Keywords: has-patch needs-testing
-----------------------+-------------------------------------
Changes (by boonebgorges):
* keywords: needs-patch => has-patch needs-testing
Comment:
DJPaul, your suggestion that we should stop the checkbox name from being
encoded on save is hard to implement. That field value is run through
xprofile_sanitize_data_value_before_save(), which uses
xprofile_filter_kses(), which uses wp_kses(), which uses
wp_kses_normalize_entities(), which is where the & conversion is
happening. We'd have to rebuild much of the kses process in order to skip
this step in the sanitization routine.
Instead, I'm taking the opposite route, and filtering the allowed values
through xprofile_sanitize_data_value_before_save() before comparing it
against the submitted values. (This requires a tweak in the way that
xprofile_sanitize_data_value_before_save() works.) I know that this is not
ideal in the grand scheme of things, but I think it's the best practical
solution, given the way that the rest of the xprofile data validation
process works.
In 3213-1.patch, I've applied this fix. Please test.
--
Ticket URL: <https://trac.buddypress.org/ticket/3213#comment:3>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list