WordPress.org

Make WordPress Core

Ticket #11390: no-&apos.patch

File no-&apos.patch, 1.5 KB (added by azaozz, 4 years ago)
  • wp-admin/press-this.php

     
    1414        wp_die( __( 'Cheatin’ uh?' ) ); 
    1515 
    1616/** 
    17  * Convert characters. 
    18  * 
    19  * @package WordPress 
    20  * @subpackage Press_This 
    21  * @since 2.6.0 
    22  * 
    23  * @param string $text 
    24  * @return string 
    25  */ 
    26 function aposfix($text) { 
    27         $translation_table[chr(34)] = '"'; 
    28         $translation_table[chr(38)] = '&'; 
    29         $translation_table[chr(39)] = '''; 
    30         return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($text, $translation_table)); 
    31 } 
    32  
    33 /** 
    3417 * Press It form handler. 
    3518 * 
    3619 * @package WordPress 
     
    9376 
    9477// Set Variables 
    9578$title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : ''; 
    96 $selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : ''; 
     79 
     80$selection = ''; 
     81if ( !empty($_GET['s']) ) { 
     82        $selection = str_replace(''', "'", stripslashes($_GET['s'])); 
     83        $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); 
     84} 
     85 
    9786if ( ! empty($selection) ) { 
    9887        $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection); 
    99         $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>'; 
     88        $selection = '<p>' . str_replace('<p></p>', '', $selection) . '</p>'; 
    10089} 
    10190 
    10291$url = isset($_GET['u']) ? esc_url($_GET['u']) : '';