Input sanitization | WordPress.org

Resolved Brian Brown, Ph.D.
(@brianbrown)

2 years, 12 months ago
Hi Fallas!

Thanks for your hard work on this plugin!

I would like to give you a heads-up on an error in the way in which you are sanitizing user input. You are adding an escape character every time the settings are save.

For example, say you are editing Auto Terms->Edit Auto Terms->Stop Words.

If one of the stop words contains an apostrophe ,the you naturally sanitize it by escaping it with a backslash. However, this occurs each and every time the input is saved, so you can end up with a string of backslashes thus:
I'm becomes I\'m and on subsequent saves, another backslash is added, so it can eventually become:

I\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'m. Yikes! You eventually will receive an entity too long error message from the server!

I hope that I\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\’ve explained this so you can understand it.
- This topic was modified 2 years, 12 months ago by Brian Brown, Ph.D..

Viewing 1 replies (of 1 total)

Plugin Author Steve Burge
(@stevejburge)

2 years, 12 months ago

Thanks for the bug report @brianbrown. We’ve been working on tightening the sanitization after some pushback from a couple of users. We may have tightened too much here. I’ve reported the bug to team. Please follow here for updates:

https://github.com/TaxoPress/TaxoPress/issues/1601

Viewing 1 replies (of 1 total)

The topic ‘Input sanitization’ is closed to new replies.

1 reply
2 participants
Last reply from: Steve Burge
Last activity: 2 years, 12 months ago
Status: resolved