Ticket #2761 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

AYS Dialog adds slashes to quotes

Reported by: markjaquith Assigned to: markjaquith
Priority: high Milestone:
Component: Administration Version: 2.0.2
Severity: major Keywords: has-patch 2nd-opinion
Cc: gunnar@wagenknecht.org

Description

Post forms that go through the AYS dialog get an extra round of slashes. For instance, editing a comment turns 

I'm going home.

Into: 

I\'m going home

This is for version 2.0.3

Attachments

ays_use_textarea.diff (0.9 kB) - added by markjaquith on 06/01/06 16:22:46.
Patch for 2.0.3 (branches/2.0)
strip_ays_post.diff (0.5 kB) - added by ryan on 06/01/06 22:15:32.

Change History

06/01/06 16:22:46 changed by markjaquith

  • attachment ays_use_textarea.diff added.

Patch for 2.0.3 (branches/2.0)

06/01/06 16:24:02 changed by markjaquith

  • keywords set to has-patch 2nd-opinion.
  • owner changed from anonymous to markjaquith.
  • status changed from new to assigned.

Patch changes the hidden inputs to hidden textareas. That way, we don't need to escape slashes.

06/01/06 16:47:14 changed by mdawaffe

The AYS should be designed to work in all manner of strange browsers (mobile, etc.). Can we depend on everything to deal with the CSS?

I don't understand why can't we just stripslashes the hidden field value.

This isn't a problem in trunk, but I don't see the difference. Do you?

06/01/06 22:15:32 changed by ryan

  • attachment strip_ays_post.diff added.

06/01/06 22:16:48 changed by ryan

Alternative patch that stripslashes_deep $_POST. Think that'll work?

06/01/06 23:38:37 changed by ryan

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [3833]) Strip extra slashes from _POST when doing nonce AYS. Props MarkJaquith? and mdawaffe. fixes #2761

06/01/06 23:39:05 changed by ryan

  • status changed from closed to closed.
  • resolution set to fixed.

(In [3834]) Strip extra slashes from _POST when doing nonce AYS. Props MarkJaquith? and mdawaffe. fixes #2761

06/01/06 23:39:24 changed by ryan

Hopefully that will get it. Please confirm.

06/02/06 00:19:38 changed by markjaquith

Just tested Ryan's patch, and it works.

I tested by editing /wp-admin/post.php and purposely mismatching the nonce keys.

And mdawaffe, yeah, you're right. I was really tired when I wrote that. Single quotes are already converted to HTML entities, so there's no problem sticking it in a hidden input.

06/05/06 14:23:58 changed by Varsity

How do us plebs apply this patch? Could someone provide an updated version of the file for 2.0.3?

06/05/06 20:32:25 changed by markjaquith

The plebs should just use this plugin that I made:

http://txfx.net/code/wordpress/wordpress-203-tuneup/

06/10/06 18:05:50 changed by gwagenknecht

  • cc set to gunnar@wagenknecht.org.