Opened 4 years ago
Closed 4 years ago
#9955 closed defect (bug) (fixed)
Missing preg_quote parameters
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 2.8.1 |
| Component: | General | Version: | |
| Severity: | normal | Keywords: | has-patch commit early |
| Cc: |
Description
Found this while investigating a bug in a plugin.
when the second argument is null, preg_quote() assumes the regexp is wrapped around {}. But WP occasionally uses it with / wrappers.
Attachments (1)
Change History (12)
- Keywords has-patch needs-testing added
Denis-de-Bernardy — 4 years ago
- Keywords early added
- Milestone changed from 2.8 to 2.9
- Keywords needs-review added; needs-testing removed
still applies clean
- Keywords commit added; needs-review removed
closed #10144 as dup
I'd really urge you to consider this patch as a bugfix for 2.8.1 (I reported the dupe). Thanks.
I went ahead and committed the simple cases for 2.8.1. I want to test the shortcodes.php one a bit more.
cool. the one for shortcodes is unneeded if we change add_shortcode() to use:
if ( is_callable($func) ) $shortcode_tags[$tag] = $func;
to something like:
$tag = sanitize_title($tag); if ( is_callable($func) ) $shortcode_tags[$tag] = $func;
comment:10
azaozz — 4 years ago
Also the last two in xmlrpc.php L:3303 and L:3325 seem unneeded as preg_quote() escapes | (pipe) by default http://us2.php.net/manual/en/function.preg-quote.php
- Milestone changed from 2.9 to 2.8.1
- Resolution set to fixed
- Status changed from new to closed
good point. in this case, the one for shortcodes isn't needed either, and we can close as fixed.
I ignored snoopy, presuming it was obsolete anyway.
Patch needs some testing.