I found an irritating bug in WordPress 1.5: ampersands in blogroll URLs don’t get properly escaped. Thus, blogrolls that contains URL with ampersand in it don’t validate.
Quick fix: modify wp-includes/links.php around line 206 like this (add the line with + in front of it)
if (” != $target) {
$target = ” target=’$target'”;
}
+ $the_link = htmlspecialchars($the_link);
echo(“
Gak ngerti gw… :(
Efeknya apa?
#1: HTML-nya jadi gak valid lagi
Thanks mas
Have you considered submitting this bug to the official WP SVN repo?
Actually, I recommend using htmlentities2(), which will add encoding for entities, but only if they are not already encoded.
For example, if you add a properly encoded url to your link manager, e.g. “http://example.com/?q=foo&z=bar”, htmlspecialchars will encode the amp, giving you:
http://example.com/?q=foo&z=bar
The htmlentities2() function detects already-encoded entities, and leaves them alone. (it’s found in wp-includes/functions.php, and the code came from php.net, BTW)
Oops. Of course my examples were interpreted, so don’t show the problem. Unless you view the source of my previous comment :)
Oops again. Should have recommended wp_specialchars() instead of htmlentities2(). Matt already put the fix in for this, so it shouldn’t be an issue with WP 1.5.1.
#5: I’m not even sure if this is the correct place to fix that, the problem probably lies somewhere else. I haven’t checked the wordpress source code thoroughly.
#6: Actually, I’m not very fond of this ‘dualism’, in this context and especially in comments. It should be either we escape all data, or we don’t escape them at all, or else we would have trouble unescaping. I would prefer escaping everything to be sure we are generating correct HTML. Comment posters can copy paste from character map if they really need to insert funny characters. If they need formatting, use something like wiki syntax, bbcode or markdown. No need to use hacks like balancetags. OK, enough rambling for now :)
#7: That’s the real world example why I don’t like this escaping ‘dualism’. It is very hard to insert HTML in comments :)
Satu hal yang terasa lebih manusiawi di site ini setelah upgrade itu apa coba? sy ndak ngeliat ada “Pesan untuk ganti pake firefox…” :-)
Pesan ini bikin mehe, bukan apa-apa, saya browsing postingan blog itu pake Desktop RSS aggregator, jarang saya punya kesempatan buat blogwalking dengan browser. Masalahnya hampir semua RSS aggregator yang ada di windows itu make embedded HTML engine punyanya IE.
moga-moga itu pesan ndak perlu dimunculin lagi deh. saran yang baik sebenarnya sih, cuman… agak mengganggu kenyamanan.. :-)
upsss… saya blom refresh rupanya, ternyata sudah ada lagi .. :-(
#10, #11: iya tadi lagi ngoprek template, saya hilangkan deh kalau itu mengganggu. nanti saya cari cara lain untuk promo yang tidak intrusif :)
loh ko halaman depan gw malah gak tampil apa2, blank putih toh, ini masih di lokal saya blom d upload
weh, komentator ketahuan pake os dan browsernya… :D
Has anyone seen this similar bug in 2.02? My issue ampersand in a category causes invalid xml whitespace area.