[wp-trac] [WordPress Trac] #17780: Use PHP native double encoding prevention in htmlspecialchars()
WordPress Trac
noreply at wordpress.org
Thu Jul 9 08:48:18 UTC 2015
#17780: Use PHP native double encoding prevention in htmlspecialchars()
------------------------------------------+--------------------------
Reporter: nbachiyski | Owner: miqrogroove
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 4.3
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+--------------------------
Comment (by JanR):
Replying to [comment:27 azaozz]:
> > Seems like at the time (and maybe still) `_wp_specialchars()` is
getting double encoded strings and is expected to return single encoded.
It is "undocumented behaviour" but not sure if we can remove it.
>
> This broke post titles when there is a `&` (ampersand) in them. To
reproduce:
> - Create new post with an ampersand in the title.
> - Save draft several times.
For what it's worth: WordPress 4.2.2 doesn't double encode the subject,
but 4.3 beta does.
It not only affects the ampersand `&`, it affects `"`, `<`, `>` too.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/17780#comment:30>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list