Ticket #18250: wp-io-sanity-by-miqrogroove.patch
| File wp-io-sanity-by-miqrogroove.patch, 1.4 KB (added by miqrogroove, 22 months ago) |
|---|
-
wp-includes/formatting.php
333 333 } 334 334 335 335 // Handle double encoding ourselves 336 if ( !$double_encode ) { 336 if ( $double_encode ) { 337 $string = @htmlspecialchars( $string, $quote_style, $charset ); 338 } else { 339 // Decode & into & 337 340 $string = wp_specialchars_decode( $string, $_quote_style ); 338 341 339 /* Critical */ 340 // The previous line decodes &phrase; into &phrase; We must guarantee that &phrase; is valid before proceeding. 342 // Guarantee every &entity; is valid or re-encode the & 341 343 $string = wp_kses_normalize_entities($string); 342 344 343 // Now proceed with custom double-encoding silliness 344 $string = preg_replace( '/&(#?x?[0-9a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string ); 345 } 345 // Now re-encode everything except &entity; 346 $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE ); 346 347 347 $string = @htmlspecialchars( $string, $quote_style, $charset ); 348 for ($i=0; $i < count($string); $i += 2) 349 $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset ); 348 350 349 // Handle double encoding ourselves 350 if ( !$double_encode ) { 351 $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string ); 351 $string = implode('', $string); 352 352 } 353 353 354 354 // Backwards compatibility
