- This topic has 2 replies, 2 voices, and was last updated 6 years, 3 months ago by
.
-
Posts
-
-
Hi there,
[WP 4.3.1, piklist 0.9.9.3]
Today I was adding sanitization rules to all the fields in my project and noticed a very peculiar behavior in editor.
When I add a sanitization type “wp_kses_post” (haven’t tried different) to the editor field and save the page the output in the editor looks fine but the output on the site has escaped apostrophes like “\’quote\'” or
<a href="\"http://mydomain.com/wp-content/uploads/sites/4/2015/10/Comp_91040683.jpg\""><img class="\"size-thumbnail" wp-image-37="" alignleft\"="" src="\"http://mydomain.com/wp-content/uploads/sites/4/2015/10/Comp_91040683-150x150.jpg\"" alt="\"test\"" width="\"150\"" height="\"150\""></a>After a bit of googling I’ve come across a solution. In page tempalte I have to output the code like that > “wpautop( stripslashes_deep($miniPost[‘content’]) )”.
Is it a bug, my server configuration is wrong (unlikely since content in the admin looks ok) or am I doing something wrong?
UPDATE 1. I’ve just noticed that sanitization doesn’t work on groupped textarea – sanitization type “text field”. I haven’t tried other fields nor sanitization types but there’s a chance other fields don’t get sanitized too.
Have a nice day,
Krzysiek (Chris) -
UPDATE 2 & Clarification.
Case 1 above takes place in “add_more” groups. Haven’t texsted it in non-add-more fields.
There’s something definitely wrong with data sanitization in “add_more” groups since now I’ve checked how does the “text_field” sanitization type works on editor in grouped add-more fields and the code looks exactly the same, that is no HTML is stripped. Hence, I believe the sanitization doesn’t work on fields in add more groups.
-
@kplaneta– We confirmed this bug and are working on a fix for 0.9.9.4
-
- You must be logged in to reply to this topic.