Co-Authors-Plus
Co-Authors-Plus copied to clipboard
Automattic
Biographical Info field on contributors profile is double-encoded
The Biographical Info (cap-description) field is double encoded. It generates HTML like this:
<label for="cap-description">Biographical Info</label></th><td>
<textarea style="width:300px;margin-bottom:6px;" name="cap-description">&amp;Aaron is
here.</textarea>
In class-coauthors-guest-authors.php, in get_guest_author_fields(), we have this code:
array(
'key' => 'description',
'label' => __( 'Biographical Info', 'co-authors-plus' ),
'group' => 'about',
'sanitize_function' => 'wp_filter_post_kses',
),
By calling wp_filter_post_kses instead of the default filter (sanitize_text_field), we end up with the double encoding.
Here's a workaround:
foreach ( $fields as $index => $field ) {
if ( 'description' === $field['key'] ) {
$fields[ $index ]['sanitize_function'] = function( $s ) { return html_entity_decode( wp_filter_post_kses( $s ) ); };
}
}```
Could you clarify where you're seeing this please? I'm assuming it's on the guest author edit screen in the "Biographical Info" textarea. Here are the steps I've taken to reproduce:
- Create a new guest author
- Include this in the "Biographical Info" field:
Aaron is here. - Save the author
- Check the textarea
- Value is
Aaron is here.as expected
You missed the the ampersand in step 2. &Aaron is here.
This results in &amp;Aaron is here instead of the expected &Aaron is here.
Ah that may have been a typo.
Here's what I'm typing in:
Then I hit save and see
^ That's actually after saving twice (once to add the .).
This results in
&amp;Aaron is hereinstead of the expected&Aaron is here.
I thought the bug was the double amp as in that ^ example?
My original example showed the HTML source of a double-encoded ampersand (&amp;). Your example showed the rendered version (&). We're seeing the same bug.