codesmith32
Forum Replies Created
-
Forum: Plugins
In reply to: [Job Postings] When customizing most titles, & is getting escaped twiceHey devs, just wanted to say thanks for starting to fix this issue! I saw in v2.8 that someone went through and resolved most of the issues with
class-job-single-view.php.With that said, I realized this issue was more widespread than just
class-job-single-view.php. It also applies toinclude/class-job-add-edit.phpwhich I didn’t see any changes for yet (I should’ve mentioned it sooner). I found that specifically if we add an & to the position title, after saving, it re-renders triple-escaped, meaning we get &. If we save again, this then actually applies to the position page, and it worsens each time.Again, I fixed this in my copy, but it doesn’t look like your code has fixed this yet. So, I’ll update and then apply my fix for this file, and see how it goes. EDIT: Worked fine after I applied my patch.
______________________________________________________________________________________
In general, though, to properly escape in WP plugins, you should follow these rules:
- Never escape anywhere except in the html directly. This ensures that double escaping never occurs, and also that lack of escaping never happens (which is in fact still true in some small places in the plugin). Your html strings therefore should be made up exclusively of:
- quoted literals,
esc_attrcalls, andesc_htmlcalls.- Only break this rule if it is absolutely necessary to inject strings containing html (which is generally very rare). In this case, it might be worth using a variable name convention to indicate a var that represents html.
esc_htmlshould always be used for escaping non-html contents within html (again, just don’t escape a string if it must contain html).- e.g.,
'<option ...>' . esc_html(...) . '</option>'
- e.g.,
esc_attrshould be used for escaping within attributes.- e.g.,
'<input value="' . esc_attr(...) . '">.
- e.g.,
______________________________________________________________________________________
There’s also a minor bug in
admin/script.jsthat occurs when I use text mode instead of tinymce (which I always do). On line 839 (or so?) we havetinymce.get(editor_id).getContent()buttinymce.get(editor_id)returns null if I’m in text mode. It seems to work fine if I just break it up and only continue if the editor exists.______________________________________________________________________________________
I would be more than willing to contribute, but I use github pretty much exclusively. I don’t see a github repo – just an SVN repo, and I’m not familiar with connecting github to an SVN repo..
Thanks again!
- This reply was modified 4 months, 1 week ago by codesmith32.
- This reply was modified 4 months, 1 week ago by codesmith32.
- This reply was modified 4 months, 1 week ago by codesmith32.
Forum: Plugins
In reply to: [Job Postings] When customizing most titles, & is getting escaped twiceFor myself, I just removed all these dumb double-encoding lines from
job-postings/include/class-job-single-view.php. Sorry for any non-coders dealing with this. Maybe they’ll fix it soon.Forum: Plugins
In reply to: [Redirection for Contact Form 7] Undefined variable responseHey @rodicaelena,
I believe it is fixed now. I was helping a client when I discovered it, and I think I recall they said it was working since the update.
Thank you!
Forget it.
It was due to WPEngine caching.
I had the issue with the new plugin too. I had to go into WPEngine and clear page cache to fix it. I’m assuming this was the real issue.
Forum: Fixing WordPress
In reply to: I can't add more pages to menu – menu delete pagesAfter researching, I discovered the root of the issue.
The PHP 5.3.9 update includes a new
php.inisetting calledmax_input_vars. This new setting is a restriction on the number of data values that may be sent back to the server, and was added as an attempt to potentially avoid some dos attacks. However, due to the fact that saving a WordPress menu sends back a large number of values (multiple for each menu item, especially when using UberMenu), the values will be truncated to this limit. The default value formax_input_varsis1000, and if the PHP server being used has not adjusted this value, the maximum number of menu items that may be added successfully (with the UberMenu) is something around 80. Any more will not only be cut off, but the set locations (under Manage Locations) may also be lost.Bottom line is, if you don’t have access to the
php.inifile (which you typically won’t), you’ll have to contact your host to get the value changed.Forum: Fixing WordPress
In reply to: I can't add more pages to menu – menu delete pagesIt’s a wordpress 3.9.1 bug. I’ve got the exact same problem. The similarity with your situation and mine is that I just updated WP, and now it fails. Request a bug-fix <del>or revert to a previous version</del>.
@esmi is right. I’ll look more deeply into it. I did deactivate all plugins, and reactivate all, but not individually.
- Never escape anywhere except in the html directly. This ensures that double escaping never occurs, and also that lack of escaping never happens (which is in fact still true in some small places in the plugin). Your html strings therefore should be made up exclusively of: