I am trying to embed a flash video into a custom setup of the tinyMCE editor. It is seperate from the main WordPress one, but it is still within the wordpress admin area.
The output code from a simple youtube embed block is as follows:
<p><img mce_src="../wp-content/themes/porcelain/tinymce/jscripts/tiny_mce/plugins/media/img/trans.gif" src="../wp-content/themes/porcelain/tinymce/jscripts/tiny_mce/plugins/media/img/trans.gif" width="560" height="340" style="" class="mceItemFlash" title=""allowFullScreen":"true","allowscriptaccess":"always","src":"http://www.youtube.com/v/26Ywp6vUQMY&hl=en&fs=1&","allowfullscreen":"true""></p>
As you can see, it’s escaping the quotes when I don’t want it to…
Any help is massively appreciated, and I know this is a school boy error. I just need setting straight.
Thanks.
This often happens when you have code that escapes data before using it in SQL (as it should do) on a server that has php’s
magic_quotes
feature enabled. This feature causes php to automatically escape get and post data when it loads. If you then escape it again, things go wrong – it gets double escaped, so escaped data goes into the db.PHP has now deprecated this feature, they realised it was a nuiscance, caused more pain than it saved – they were trying to build in security, but ultimately the developer needs to be aware of and work around security issues, rather than having them taken care of silently. Myself, I ended up regularly including code in stuff to detect if this was enabled and reverse it early in the execution if it was.
If you are transfering your data through $_POST it is escaped if magic_quotes is enabled (it’s deprecated now and automatically removed from PHP 5.4 and above). Just use stripslashes() if it’s escaped, fixed my problems with HTML being escaped in wordpress using tinymce, at least.
I had this happen using “the_editor()” and “wp_editor()” functions. I don’t think my server has magic quotes enabled, because I didn’t enable it, and I installed everything.
Either way, I added stripslashes… everywhere.
When I call the editor:
When I go to save the POST data:
And when I retrieve the stored data:
This fixed it for me, though I would love to know if there is another way. I thought the filters had this built in, I was wrong, but I wonder if there isn’t something else I am missing.