Ticket #3069 (closed defect: fixed)

Opened 2 years ago

Last modified 1 year ago

User description (profile) is stored in database html entity encoded

Reported by: markjaquith Assigned to: markjaquith
Priority: normal Milestone:
Component: General Version: 2.1
Severity: normal Keywords: has-patch 2nd-opinion
Cc:

Description

The user description (profile) is stored in the database encoded into html entities. This necessitates extra work if you actually want to display the user description on the site somewhere, like on their author page, and have things like links work.

Attachments

no_entity_encode_user_description.diff (0.6 kB) - added by markjaquith on 08/25/06 13:17:49.
Patch for /trunk/

Change History

08/25/06 13:17:49 changed by markjaquith

  • attachment no_entity_encode_user_description.diff added.

Patch for /trunk/

08/25/06 13:19:20 changed by markjaquith

  • keywords set to has-patch 2nd-opinion.
  • owner changed from anonymous to markjaquith.
  • status changed from new to assigned.

Patch removes call to wp_specialchars();

This will need a security check to make sure that wp_specialchars() call wasn't protecting against script injection. It's already kses'd via filters, however.

08/25/06 13:33:17 changed by westi

Do we need to do any database upgrade on this?

Where are we kses's the profile - a quick search lead me to nothing.

08/25/06 17:47:21 changed by ryan

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [4118]) Don't specialchar user description on save. fixes #3069

08/25/06 17:48:05 changed by ryan

Most of the wp_specialchars calls in that function can be removed since the filters for those elements take care of specialchars.

09/25/06 02:10:51 changed by ryan

(In [4230]) Don't specialchar user description on save. fixes #3069

09/25/06 04:16:30 changed by foolswisdom

  • milestone changed from 2.1 to 2.0.5.

11/30/06 19:41:51 changed by

  • milestone deleted.

Milestone 2.0.5 deleted