WordPress.org

Make WordPress Core

Ticket #11390: no-&apos.patch

File no-&apos.patch, 1.5 KB (added by azaozz, 8 years ago)
  • wp-admin/press-this.php

     
    1414        wp_die( __( 'Cheatin’ uh?' ) );
    1515
    1616/**
    17  * Convert characters.
    18  *
    19  * @package WordPress
    20  * @subpackage Press_This
    21  * @since 2.6.0
    22  *
    23  * @param string $text
    24  * @return string
    25  */
    26 function aposfix($text) {
    27         $translation_table[chr(34)] = '"';
    28         $translation_table[chr(38)] = '&';
    29         $translation_table[chr(39)] = ''';
    30         return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($text, $translation_table));
    31 }
    32 
    33 /**
    3417 * Press It form handler.
    3518 *
    3619 * @package WordPress
     
    9376
    9477// Set Variables
    9578$title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : '';
    96 $selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : '';
     79
     80$selection = '';
     81if ( !empty($_GET['s']) ) {
     82        $selection = str_replace(''', "'", stripslashes($_GET['s']));
     83        $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
     84}
     85
    9786if ( ! empty($selection) ) {
    9887        $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
    99         $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';
     88        $selection = '<p>' . str_replace('<p></p>', '', $selection) . '</p>';
    10089}
    10190
    10291$url = isset($_GET['u']) ? esc_url($_GET['u']) : '';