Opened 22 hours ago
Last modified 21 hours ago
#8231 assigned defect (bug)
Plugin submission email subject lines display HTML entities instead of plain text characters (e.g., "A & B" instead of "A & B")
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Component: | Plugin Directory | Keywords: | has-patch |
| Cc: |
Description
In the Plugin_Submission class, the subject() method inserts $this->plugin->post_title directly into a translatable string via sprintf(). The post_title is stored in the database with HTML entities (e.g., & instead of &), which are appropriate for HTML content but not for email subject lines.
Current behavior: When a plugin is submitted with an ampersand in its name (e.g., "A & B"), the email subject line displays as:
Successful Plugin Submission - A & B
Expected behavior: The email subject line should display as:
Successful Plugin Submission - A & B
Change History (3)
This ticket was mentioned in PR #606 on WordPress/wordpress.org by @nimeshatxecurify.
22 hours ago
#1
- Keywords has-patch added; needs-patch removed
#2
@
21 hours ago
Issue Summary
Plugin names are stored with HTML entities (e.g., &) which are appropriate for HTML output, but they are currently used directly in email subject lines.
This results in subjects like:
Successful Plugin Submission - A & B
Instead of the expected:
Successful Plugin Submission - A & B
Proposed Solution
Decode the plugin title when used in plain-text contexts (such as email subjects).
To ensure consistency and avoid duplication, I introduced a helper method in the base email class:
protected function plugin_title() {
return html_entity_decode( $this->plugin->post_title, ENT_QUOTES | ENT_HTML5, 'UTF-8' );
}
This method is then used across all email classes where the plugin title is rendered.
Benefits
- Ensures correct display of plugin names in email subjects and bodies
- Centralizes logic for maintainability
- Avoids repeated inline decoding
- Keeps HTML-safe storage intact while fixing plain-text output
Testing
Tested with plugin name:
A & B
Result before patch:
Successful Plugin Submission - A & B
Result after patch:
Successful Plugin Submission - A & B
Notes / Questions
- This change assumes email content (subject/body) should always be treated as plain text.
- If there are cases where HTML output is required, we may want to explicitly escape at output instead of relying on stored values.
Happy to adjust approach if a different escaping strategy is preferred.
Introduces a helper method to ensure plugin titles are HTML entity decoded when used in email plain-text contexts. This prevents titles containing HTML entities from displaying incorrectly.
Updates all relevant email classes to utilize this new method for consistent output.
Trac Ticket : https://meta.trac.wordpress.org/ticket/8231