Opened 15 years ago
Closed 15 years ago
#1657 closed defect (bug) (fixed)
Double-escaping in groups_notification_group_invites() and other places
Reported by: | DJPaul | Owned by: | |
---|---|---|---|
Milestone: | 1.2 | Priority: | minor |
Severity: | Version: | ||
Component: | Keywords: | encoding, groups, dev-feedback | |
Cc: |
Description
In groups_notification_group_invites() and possibly in other similar functions, the group name is being double-escaped. This was tested on 1.1.3 but looks like it will affect trunk. To recreate, just change the name of a group to something containing an apostrophe, i.e. "Bob's Famous Tomatoes's".
Invite someone, and look at the text of that email. Those apostrophes will be escaped still.
This is because the group names are being escaped by wpdb->prepare, and then they are used in this routine like so, causing a double-escape situation.
stripslashes( attribute_escape( $group->name ) )
A fix is to remove the attribute_escape calls. This is probably safe as when the group name is set, it is filtered with kses and force_balance_tags.
(In [2512]) Fixes #1657 props DJPaul