[buddypress-trac] [BuddyPress] #3213: Can't save a profile field with special characters

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Sun May 15 15:50:13 UTC 2011


#3213: Can't save a profile field with special characters
-----------------------+-------------------------------------
  Reporter:  javiervd  |      Owner:
      Type:  defect    |     Status:  new
  Priority:  minor     |  Milestone:  1.3
 Component:  XProfile  |    Version:  1.2.8
Resolution:            |   Keywords:  has-patch needs-testing
-----------------------+-------------------------------------
Changes (by boonebgorges):

 * keywords:  needs-patch => has-patch needs-testing


Comment:

 DJPaul, your suggestion that we should stop the checkbox name from being
 encoded on save is hard to implement. That field value is run through
 xprofile_sanitize_data_value_before_save(), which uses
 xprofile_filter_kses(), which uses wp_kses(), which uses
 wp_kses_normalize_entities(), which is where the & conversion is
 happening. We'd have to rebuild much of the kses process in order to skip
 this step in the sanitization routine.

 Instead, I'm taking the opposite route, and filtering the allowed values
 through xprofile_sanitize_data_value_before_save() before comparing it
 against the submitted values. (This requires a tweak in the way that
 xprofile_sanitize_data_value_before_save() works.) I know that this is not
 ideal in the grand scheme of things, but I think it's the best practical
 solution, given the way that the rest of the xprofile data validation
 process works.

 In 3213-1.patch, I've applied this fix. Please test.

-- 
Ticket URL: <https://trac.buddypress.org/ticket/3213#comment:3>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list