WordPress.org

Make WordPress Core

Ticket #12284: 12284-extra.2.2.patch

File 12284-extra.2.2.patch, 2.1 KB (added by miqrogroove, 8 years ago)

Adds XHTML output filtering. Adds 3-digit padding for decimal entity references.

  • wp-includes/default-filters.php

     
    124124add_filter( 'comment_text', 'force_balance_tags', 25 );
    125125add_filter( 'comment_text', 'convert_smilies',    20 );
    126126add_filter( 'comment_text', 'wpautop',            30 );
     127add_filter( 'comment_text', 'wp_kses_normalize_entities', 9 );
    127128
    128129add_filter( 'comment_excerpt', 'convert_chars' );
    129130
  • wp-includes/kses.php

     
    996996        # Change back the allowed entities in our entity whitelist
    997997
    998998        $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string);
    999         $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);
    1000         $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);
     999        $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string);
     1000        $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string);
    10011001
    10021002        return $string;
    10031003}
     
    10401040                return '';
    10411041
    10421042        $i = $matches[1];
    1043         return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" );
     1043        if (valid_unicode($i)) {
     1044                $i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT);
     1045                $i = "&#$i;";
     1046        } else {
     1047            $i = "&#$i;";
     1048        }
     1049
     1050        return $i;
    10441051}
    10451052
    10461053/**
     
    10551062 * @return string Correctly encoded entity
    10561063 */
    10571064function wp_kses_normalize_entities3($matches) {
    1058         if ( empty($matches[2]) )
     1065        if ( empty($matches[1]) )
    10591066                return '';
    10601067
    1061         $hexchars = $matches[2];
    1062         return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" );
     1068        $hexchars = $matches[1];
     1069        return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' );
    10631070}
    10641071
    10651072/**