Ticket #4645 (closed defect: duplicate)

Opened 1 year ago

Last modified 8 months ago

Wordpress editor "forgets" everything after </textarea>

Reported by: Nosve Assigned to: anonymous
Priority: low Milestone:
Component: General Version: 2.2
Severity: minor Keywords: forms textarea needs-patch
Cc:

Description

I have two pages, 'Content' and 'Feedback', on the Wordpress-based site redesign I'm working on (http://www.genocideintervention.net/testdrive/wordpress) that have forms on them. Most of the form's inputs (text and textarea types) appear just fine. However, there is a bug regarding the 'submit' button of either form. As soon as I add the button to the page code and save, it appears on the site just fine. If I ever go back to the page editor and edit the page further, however, it's as if the site forgets the button ever existed. The submit button disappears from the page, along with the <tr> and <td> that it was contained in. Even more strangely, the submit button isn't even really gone--it appears in the page editor window, right below the page content text box, as you can see in the attached screencap. It has just disappeared from the code and the site.

I know the form works--I've tested it during the times immediately proceeding my adding the submit button code. But having to rewrite my submit <td> after every tweak is driving me mad! And while I don't know if this bug could have malicious applications, having page code apparently executing within the editor can't be a good thing...

Attachments

screencap.jpg (46.1 kB) - added by Nosve on 07/16/07 19:44:01.
Submit button no longer appearing in the code but appearing below the text box in the editor window

Change History

07/16/07 19:44:01 changed by Nosve

  • attachment screencap.jpg added.

Submit button no longer appearing in the code but appearing below the text box in the editor window

07/16/07 19:56:05 changed by Nosve

  • milestone set to 2.2.2.

The form code that this happening with: 

<form action="http://www.genocideintervention.net/testdrive/wordpress/feedbackcode.php" method="post">
<table summary="feedback form" border="0" cellpadding="5" cellspacing="5">
<tr>
<td><label for="name">Name:</label></td>
<td><input name="name" size="25" class="contact" type="text" /></td>
</tr>
<tr>
<td><label for="email">Email address:</label></td>
<td><input name="email" size="25" class="contact" type="text" /></td>
</tr>
<tr>
<td><label for="official">Who you called:</label></td>
<td><input name="official" size="25" class="contact" type="text" /></td>
</tr>
<tr>
<td colspan="2"><label for="comments">Comments:</label><textarea rows="15" cols="45" name="comments" class="contact"></textarea></td>
</tr>
<!-- this is the part that disappears -->
<tr>
<td colspan="2">
<input type="submit" value="Send Feedback" /><br />
</td>
</tr>
<!-- /disappear -->
</table>
</form>

07/16/07 20:02:05 changed by Nosve

  • priority changed from normal to high.

07/16/07 20:15:29 changed by Otto42

Turn off the visual editor entirely. Does it still happen then?

07/16/07 20:16:40 changed by Nazgul

It's not the buttons that "dissapear".

It's everything after the </textarea>, because that's being interpreted as the end of the editors textarea.

07/16/07 20:53:14 changed by Nosve

Nazgul appears to be right. Once I took out the textarea, the 'submit' button appeared just fine.

That the page interprets an entered </textarea> as the end of the editor is bad, though. I'll put up a screencap in a second, but this bug also makes it so you can enter unescaped PHP into the page editor. Seems like a security risk to me.

07/16/07 21:03:07 changed by rob1n

Wouldn't it only be a security risk if it actually executed it?

I can type PHP code on this page right now and it's not a security problem...

07/16/07 21:07:21 changed by Nazgul

It's not a security risk.

You need the unfiltered_html capability to include javascript/raw php in your pages/posts, which by default is only given to administrators.

Contributers don't have that capability and therefore can't abuse it, because script tags and the like are filtered out.

07/16/07 21:08:14 changed by Nazgul

  • summary changed from Wordpress page editor "forgets" submit button on form to Wordpress editor "forgets" everything after </textarea>.

07/16/07 21:22:02 changed by Nosve

  • priority changed from high to normal.

Strike that, you're right. It appeared that it wasn't escaping the post-<textarea> PHP code but now it seems that that was because I was testing with echo() instead of something more interesting.

So this bug is simply a headache for anyone who wants to have forms on their blog. :)

07/16/07 21:23:31 changed by Nosve

  • keywords changed from forms submit to forms textarea.

07/16/07 22:19:49 changed by foolswisdom

  • keywords changed from forms textarea to forms textarea needs-patch.
  • milestone changed from 2.2.2 to 2.4 (future).

03/01/08 15:41:25 changed by andy

  • priority changed from normal to low.
  • severity changed from major to minor.
  • milestone changed from 2.5 to 2.6.

Uncommon usage. Maybe a shortcode for textarea?

03/30/08 10:39:45 changed by Nazgul

  • status changed from new to closed.
  • resolution set to duplicate.
  • milestone deleted.

Duplicate of #6449.