The get_option('blogname') / blogname option are being used incorrectly.
The comment from wp-login.php:
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
Actually spotted a couple of places in the WordPress core and Jetpack where this is incorrectly handled, I'll report them when I have a moment.
This was noticed because a site name had an ampersand in the title "Bits & Bobs" for example, although I'm sure there are more characters that matter.
The
get_option('blogname')/blognameoption are being used incorrectly.The comment from
wp-login.php:Actually spotted a couple of places in the WordPress core and Jetpack where this is incorrectly handled, I'll report them when I have a moment.
This was noticed because a site name had an ampersand in the title "Bits & Bobs" for example, although I'm sure there are more characters that matter.