Opened 4 years ago

Closed 3 years ago

#9270 closed enhancement (wontfix)

force_balance_tags() gets mixed up with < and numbers

Reported by: feedr Owned by:
Priority: normal Milestone:
Component: Formatting Version: 2.7.1
Severity: normal Keywords: has-patch needs-review close
Cc:

Description

The function mentioned above (in formatting.php) will produce incorrect output when the entered text contains < followed by a number.
If you enter "3 < 5 here may be some text <a href="#">and a link</a> and some more text", the closing </a> will be omitted.
The problem here is the regex <(\/?\w*)\s*([>]*)>. When changed to <(\/?\w+)\s*([>]*)> the output will be as expected.

Attachments (2)

9270.diff (536 bytes) - added by Denis-de-Bernardy 4 years ago.
9270.2.diff (678 bytes) - added by Denis-de-Bernardy 4 years ago.

Download all attachments as: .zip

Change History (15)

comment:1   feedr4 years ago

Edit: WikiFormatting got messed up

Old regex:

<(\/?\w*)\s*([^>]*)>

New regex:

<(\/?\w+)\s*([^>]*)>

comment:2   Viper007Bond4 years ago

  • Component changed from Administration to General
  • Keywords has-patch added

Doesn't have a patch per se, but it does have a fix. :)

comment:3   FFEMTcJ4 years ago

  • Milestone changed from Unassigned to 2.8

comment:4   ryan4 years ago

  • Component changed from General to Formatting
  • Owner anonymous deleted

Denis-de-Bernardy4 years ago

comment:5   Denis-de-Bernardy4 years ago

  • Keywords needs-testing added

comment:6   Denis-de-Bernardy4 years ago

  • Keywords 2nd-opinion added

Patch should even allow things like foo < bar, provided that a space follows the <.

The "real" issue, however, is not fixed. That < should get turned into (or be written from the onset as) &lt;.

comment:7   Denis-de-Bernardy4 years ago

  • Keywords dev-feedback added

comment:8   Denis-de-Bernardy4 years ago

  • Keywords needs-patch added; has-patch needs-testing dev-feedback removed
  • Milestone changed from 2.8 to Future Release

patching this can potentially introduce issues like foo < script src=evil.js

punting to future.

comment:9   Denis-de-Bernardy4 years ago

  • Milestone changed from Future Release to 2.9

Denis-de-Bernardy4 years ago

comment:10   Denis-de-Bernardy4 years ago

  • Keywords has-patch needs-review added; needs-patch 2nd-opinion removed

comment:11 follow-up: ↓ 13   Denis-de-Bernardy4 years ago

  • Keywords close added

This should probably be closed as wontfix, imo. There's far too much potential to break things here, no matter what the solution we try.

comment:12   ryan3 years ago

  • Milestone changed from 2.9 to 3.0

comment:13 in reply to: ↑ 11   scribu3 years ago

  • Milestone 3.0 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Replying to Denis-de-Bernardy:

This should probably be closed as wontfix, imo. There's far too much potential to break things here, no matter what the solution we try.

Agreed.

What if I want to write 3<5 (without the spaces)?

What if I have a variable 'a' and I need to write 3<a ?

The correct way to write it would be 3&lt;a.

Note: See TracTickets for help on using tickets.