WordPress.org

Support

Support » Plugins and Hacks » Subscribe2 » [Resolved] [Plugin: Subscribe2] angle bracket in post subject

[Resolved] [Plugin: Subscribe2] angle bracket in post subject

  • I had a left angle bracket (<) in the post subject. the post notification email got truncated right before the left angle bracket and no further text was included in the emails. The subject of the post was “sad day D:<“

    I’ve pasted the entire email as it got sent out below:

    we just made a new post, 'sad day D:

    http://wordpress.org/extend/plugins/subscribe2/

Viewing 5 replies - 1 through 5 (of 5 total)
  • @eightize,

    This is because the subject line goes through some sanitisation and one of the steps is using the WordPress strip_tags() function so that HTML tags are removed.

    It seems that this is the code that is stripping the ‘<‘ as this is an opening tag for HTML and all subsequent text.

    I’ll have to scratch my head and see if I can figure out a safe fix for this. In the meantime you could try using the escaped HTML for the which is this without the space (if I remove the space on here you just get <!):

    '& lt;'

    Is strip_tags() running on the content of the email rather than on the subject of the post and body of the post individually? Seems that wordpress is storing the subject without changing angle brackets to the html entity (I just looked at the database, and it’s stored as an angle bracket, not & lt;). Would it work to run htmlspecialchars() on the subject before including it in the email, then just leave everything else as-is?

    @eightize,

    I’m not sure that htmlspecialchars() would help as it would encode any angle brackets around HTML tags and this may result in HTML code ending up in the subject of the email.

    I’ve just check the trunk of WordPress and HTML is allowed in the Title of a post so this could end up in a per-post subject and look pretty messy.

    esmi

    @esmi

    Forum Moderator

    @esmi,

    Thanks for that.

    @eightize,

    Let’s see if this work, in the wp-content/plugins/subscribe2/classes/ folder there is a file called class-s2-core.php. In there you’ll find this line:
    $subject = stripslashes(strip_tags($this->substitute($this->subscribe2_options['notification_subject'])));
    Change it to:
    $subject = html_entity_decode(stripslashes(wp_kses($this->substitute($this->subscribe2_options['notification_subject']))));

    Also, in the wp-content/plugins/subscribe2/admin/ folder there is a file called send_mail.php, in there you’ll find:
    $subject = html_entity_decode($this->substitute(stripslashes(strip_tags($_POST['subject']))), ENT_QUOTES);
    Change that to:
    $subject = html_entity_decode(stripslashes(wp_kses($this->substitute($_POST['subject']))), ENT_QUOTES);

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Resolved] [Plugin: Subscribe2] angle bracket in post subject’ is closed to new replies.
Skip to toolbar