Non-valid code if double quotes, etc. in meta desc or keywords

[GoogleCodeExporter]

get_page_meta_keywords and get_page_meta_desc (admin/inc/theme_functions.php) 
are generating invalid html code if there are any double quotes ("), or even 
breaking the page if there are < or > symbols.

I suggest changing

$myVar = strip_decode(...

to

$myVar = stripslashes(...

in both functions.

Original issue reported on code.google.com by carnav on 18 Jan 2012 at 5:50

[GoogleCodeExporter]

This is a bit strange... doesn't happen with 3.0, but I don't see changes in 
strip_decode() since then.

Original comment by carnav on 18 Jan 2012 at 6:13

[GoogleCodeExporter]

I think I found it.
It's all because of the changes to get_header() in r616.
Since then, functions get_page_meta_desc() and get_page_meta_keywords() are now 
used in get_header()
Unfortunately both functions have problems (reported in this issue) when 
there's a double quote in the description or the keywords/tags. (This does not 
happen not only in 3.1, but in any previous GS versions. It just seems no one 
had noticed this bug because few use them, but get_header() instead.)

I suggest, for both get_page_meta_desc() and get_page_meta_keywords(), changing:
  $myVar = strip_decode( ... );
to:
  $myVar = str_replace('"','"',strip_decode( ... ));

You may prefer to create a new function encode_doublequotes() in basic.php, and 
use it instead of those str_replace... This new function could also be used for 
another doublequote-related issue(s).

Original comment by carnav on 28 Jan 2012 at 9:57

[GoogleCodeExporter]

Thanks for finding this carnav - I will make sure this gets fixed.

Original comment by ccagle8 on 28 Jan 2012 at 1:43

[GoogleCodeExporter]

This issue was closed by revision r645.

Original comment by ccagle8 on 28 Jan 2012 at 2:03

• Changed state: Fixed

[GoogleCodeExporter]

You also patched get_page_title()? :-o
That was working ok, now it isn't.

...unless you intend to change the way encode_quotes() works -- It does ok for 
single and double quotes, but encodes html entitites too much (adds & to all of 
them).

Original comment by carnav on 28 Jan 2012 at 3:02

[GoogleCodeExporter]

damn it. sorry sorry sorry

Original comment by ccagle8 on 28 Jan 2012 at 5:24