WordPress.org

Ready to get started?Download WordPress

Forums

Subscribe2
[resolved] angle bracket in post subject (6 posts)

  1. eightize
    Member
    Posted 2 years ago #

    I had a left angle bracket (<) in the post subject. the post notification email got truncated right before the left angle bracket and no further text was included in the emails. The subject of the post was "sad day D:<"

    I've pasted the entire email as it got sent out below:

    we just made a new post, 'sad day D:

    http://wordpress.org/extend/plugins/subscribe2/

  2. mattyrob
    Member
    Posted 2 years ago #

    @eightize,

    This is because the subject line goes through some sanitisation and one of the steps is using the WordPress strip_tags() function so that HTML tags are removed.

    It seems that this is the code that is stripping the '<' as this is an opening tag for HTML and all subsequent text.

    I'll have to scratch my head and see if I can figure out a safe fix for this. In the meantime you could try using the escaped HTML for the which is this without the space (if I remove the space on here you just get <!):

    '& lt;'

  3. eightize
    Member
    Posted 2 years ago #

    Is strip_tags() running on the content of the email rather than on the subject of the post and body of the post individually? Seems that wordpress is storing the subject without changing angle brackets to the html entity (I just looked at the database, and it's stored as an angle bracket, not & lt;). Would it work to run htmlspecialchars() on the subject before including it in the email, then just leave everything else as-is?

  4. mattyrob
    Member
    Posted 2 years ago #

    @eightize,

    I'm not sure that htmlspecialchars() would help as it would encode any angle brackets around HTML tags and this may result in HTML code ending up in the subject of the email.

    I've just check the trunk of WordPress and HTML is allowed in the Title of a post so this could end up in a per-post subject and look pretty messy.

  5. esmi
    Forum Moderator
    Posted 2 years ago #

  6. mattyrob
    Member
    Posted 2 years ago #

    @esmi,

    Thanks for that.

    @eightize,

    Let's see if this work, in the wp-content/plugins/subscribe2/classes/ folder there is a file called class-s2-core.php. In there you'll find this line:
    $subject = stripslashes(strip_tags($this->substitute($this->subscribe2_options['notification_subject'])));
    Change it to:
    $subject = html_entity_decode(stripslashes(wp_kses($this->substitute($this->subscribe2_options['notification_subject']))));

    Also, in the wp-content/plugins/subscribe2/admin/ folder there is a file called send_mail.php, in there you'll find:
    $subject = html_entity_decode($this->substitute(stripslashes(strip_tags($_POST['subject']))), ENT_QUOTES);
    Change that to:
    $subject = html_entity_decode(stripslashes(wp_kses($this->substitute($_POST['subject']))), ENT_QUOTES);

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic