Skip to:
Content

BuddyPress.org

Opened 3 years ago

Closed 2 years ago

#7459 closed defect (bug) (fixed)

Autolink disturb values containing single quotes

Reported by: danbp Owned by: djpaul
Milestone: 3.0 Priority: normal
Severity: normal Version: 2.8.0
Component: Extended Profile Keywords: has-patch
Cc: danco38@…

Description

Issue is very near of the one described in #7317. Affect only selectbox type. A single text box or a multiselectbox is not affected.

You can reproduce by doing following steps

Create a selectbox.
Add a first option and call it o'brien
Add a second and call it o'hara

Disable autolink option.

Go to your profile, select an option and save. Anything looks correct.
Now enable autolink, return to your profile, set the option you want and save.

The quote comes up as ascii (ie. o' hara )

I also tried to enter the option value with ascii chars. All went well on admin side, but when i tried to save the change on frontend, i received an error message.

Attachments (1)

7459-1.patch (1.4 KB) - added by DJPaul 2 years ago.

Download all attachments as: .zip

Change History (8)

#1 @DJPaul
2 years ago

  • Milestone changed from Awaiting Review to 3.0

Thanks for the report. I remember working with Andy back in the day to debug this sort of issue when xprofile was first implemented.

#2 @DJPaul
2 years ago

  • Owner set to DJPaul
  • Status changed from new to assigned

#3 @DJPaul
2 years ago

  • Owner DJPaul deleted

#4 @DJPaul
2 years ago

This was introduced by r10254. Looking into how to fix.

@DJPaul
2 years ago

#5 @DJPaul
2 years ago

  • Keywords has-patch added

xprofile: fix HTML entities in field values rendering incorrectly when auto-link is enabled.

bp_xprofile_escape_field_data() runs before this function, which often runs esc_html().
In turn, that encodes HTML entities in the string (";" becomes "'").

Before splitting on the ";" character, decode the HTML entities, and re-encode after.

Version 0, edited 2 years ago by DJPaul (next)

This ticket was mentioned in Slack in #buddypress by djpaul. View the logs.


2 years ago

#7 @djpaul
2 years ago

  • Owner set to djpaul
  • Resolution set to fixed
  • Status changed from assigned to closed

In 11803:

xprofile: fix HTML entities in semi-colon seperated field values rendering incorrectly when auto-link is enabled.

bp_xprofile_escape_field_data() runs before the function, which often runs esc_html().
In turn, that encodes HTML entities in the string (";" becomes "'").

Before splitting on the ";" character, decode the HTML entities, and re-encode after.

Fixes #7459

Note: See TracTickets for help on using tickets.