Opened 12 years ago
Closed 12 years ago
#4392 closed defect (bug) (fixed)
email Profile fields not formatting correctly
Reported by: | zkwc | Owned by: | zkwc |
---|---|---|---|
Milestone: | 1.6 | Priority: | normal |
Severity: | normal | Version: | 1.5.7 |
Component: | Core | Keywords: | needs-patch needs-testing |
Cc: |
Description
When someone enters their email address into the profile field like this: me@… - buddypress turns it into html <a href="mailto:me@…">me@…</a> and that is what a user sees. i've checked to see that the users are entering the emails correctly in profile fields and they are.
Attachments (1)
Change History (3)
#2
@
12 years ago
- Resolution set to fixed
- Status changed from new to closed
(In [6224]) Cleanup of sanitization and formatting of xprofile output
In r6202 and r6204, sanitization was introduced into the xprofile output
functions, to protect against CSRF-style vulnerabilities. However, the
sanitization (esc_html()) was run in such a way that some clickable items,
such as email addresses, were double escaped, resulting in HTML tags being
printed to the screen rather than parsed by the browser.
This changeset reconfigures the sanitization procedure, so that output is
sanitized by esc_html() before being run through the formatting filters such
as make_clickable() and xprofile_filter_link_profile_data().
Fixes #4392
Props rachelbaker, DJPaul
screen shot of what is happening