Do not escape the Username. (#1018)

* Do not escape the Username. It will already be escaped by `json_encode`. Fixes #581 * add changelog
Automattic · Nov 29, 2024 · bbef697 · bbef697
1 parent 26a6d34
commit bbef697
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -27,6 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * A potential fatal error in Enable Mastodon Apps
 * Show Followers name instead of avatar on mobile view
 * Fixed a potential fatal error in Enable Mastodon Apps
+* Broken escaping of Usernames in Actor-JSON
 * Fixed missing attachement-type for enclosures
 * Prevention against self pings
 

diff --git a/includes/model/class-user.php b/includes/model/class-user.php
@@ -121,7 +121,7 @@ public function get_id() {
 	 * @return string The Username.
 	 */
 	public function get_name() {
-		return \esc_attr( \get_the_author_meta( 'display_name', $this->_id ) );
+		return \get_the_author_meta( 'display_name', $this->_id );
 	}
 
 	/**
@@ -161,7 +161,7 @@ public function get_alternate_url() {
 	 * @return string The preferred username.
 	 */
 	public function get_preferred_username() {
-		return \esc_attr( \get_the_author_meta( 'login', $this->_id ) );
+		return \get_the_author_meta( 'login', $this->_id );
 	}
 
 	/**

diff --git a/readme.txt b/readme.txt
@@ -144,6 +144,7 @@ For reasons of data protection, it is not possible to see the followers of other
 * Improved: Better handling of `readme.txt` and `README.md`
 * Fixed: Fediverse preview showing `preferredUsername` instead of `name`
 * Fixed: Potential fatal error in Enable Mastodon Apps
+* Fixed: Broken escaping of Usernames in Actor-JSON
 * Fixed: Show Followers name instead of avatar on mobile view
 * Fixed: Missing attachement-type for enclosures
 * Fixed: Prevention against self pings