[wp-hackers] Bug when post title contains > and "

Elliotte Harold elharo at metalab.unc.edu
Sat Mar 17 19:47:17 GMT 2007

Matt wrote:

> So, what goes into the title definitely needs to be sanitized. Wait, didn't
> I see something about this, and that it's fixed in 2.1.3?

Possibly, though I thought that was something different.

Part of the problem is that the documentation is insufficiently clear 
about what functions like the_title_rss and the-title do or don't do to 
the text before returning it.

I think what happens is that all text is stored in the database just as 
the user enters it in the forms (though I'm not certain about that) and 
that different functions escape or strip this text in different ways. It 
would be nice if the documentation specified how they do that. Even if I 
can figure this out by experiment, I'm still never quite sure what may 
change in the next release. Once a function's behavior is documented I'm 
confident that the programmer meant it to behave in a certain way, not 
that's merely an accident of implementation I shouldn't depend on.

Elliotte Rusty Harold  elharo at metalab.unc.edu
Java I/O 2nd Edition Just Published!

More information about the wp-hackers mailing list