tinyMCE & wordpress giving odd characters… tried combination of solutions

I am trying to embed a flash video into a custom setup of the tinyMCE editor. It is seperate from the main WordPress one, but it is still within the wordpress admin area.

The output code from a simple youtube embed block is as follows:

Read More
<p><img mce_src="../wp-content/themes/porcelain/tinymce/jscripts/tiny_mce/plugins/media/img/trans.gif" src="../wp-content/themes/porcelain/tinymce/jscripts/tiny_mce/plugins/media/img/trans.gif" width="560" height="340" style="" class="mceItemFlash" title="&quot;allowFullScreen&quot;:&quot;true&quot;,&quot;allowscriptaccess&quot;:&quot;always&quot;,&quot;src&quot;:&quot;http://www.youtube.com/v/26Ywp6vUQMY&amp;hl=en&amp;fs=1&amp;&quot;,&quot;allowfullscreen&quot;:&quot;true&quot;"></p>

As you can see, it’s escaping the quotes when I don’t want it to…

Any help is massively appreciated, and I know this is a school boy error. I just need setting straight.

Thanks.

Related posts

Leave a Reply

3 comments

  1. This often happens when you have code that escapes data before using it in SQL (as it should do) on a server that has php’s magic_quotes feature enabled. This feature causes php to automatically escape get and post data when it loads. If you then escape it again, things go wrong – it gets double escaped, so escaped data goes into the db.

    PHP has now deprecated this feature, they realised it was a nuiscance, caused more pain than it saved – they were trying to build in security, but ultimately the developer needs to be aware of and work around security issues, rather than having them taken care of silently. Myself, I ended up regularly including code in stuff to detect if this was enabled and reverse it early in the execution if it was.

  2. I had this happen using “the_editor()” and “wp_editor()” functions. I don’t think my server has magic quotes enabled, because I didn’t enable it, and I installed everything.

    Either way, I added stripslashes… everywhere.

    When I call the editor:

    <?php wp_editor(stripslashes($custom_text), 'custom_text'); ?>
    

    When I go to save the POST data:

    if ( isset($_REQUEST['custom_text']) ) {
        update_option('my_custom_text', esc_sql(stripslashes($_POST['custom_text'])));
        $updated = true;
    }
    

    And when I retrieve the stored data:

    $custom_text = apply_filters( 'the_content', stripslashes(get_option('my_custom_text')) );
    

    This fixed it for me, though I would love to know if there is another way. I thought the filters had this built in, I was wrong, but I wonder if there isn’t something else I am missing.