Ticket #12284: 12284-extra.2.2.patch
| File 12284-extra.2.2.patch, 2.1 KB (added by , 15 years ago) |
|---|
-
wp-includes/default-filters.php
124 124 add_filter( 'comment_text', 'force_balance_tags', 25 ); 125 125 add_filter( 'comment_text', 'convert_smilies', 20 ); 126 126 add_filter( 'comment_text', 'wpautop', 30 ); 127 add_filter( 'comment_text', 'wp_kses_normalize_entities', 9 ); 127 128 128 129 add_filter( 'comment_excerpt', 'convert_chars' ); 129 130 -
wp-includes/kses.php
996 996 # Change back the allowed entities in our entity whitelist 997 997 998 998 $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string); 999 $string = preg_replace_callback('/&# 0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);1000 $string = preg_replace_callback('/&# ([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);999 $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string); 1000 $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string); 1001 1001 1002 1002 return $string; 1003 1003 } … … 1040 1040 return ''; 1041 1041 1042 1042 $i = $matches[1]; 1043 return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); 1043 if (valid_unicode($i)) { 1044 $i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT); 1045 $i = "&#$i;"; 1046 } else { 1047 $i = "&#$i;"; 1048 } 1049 1050 return $i; 1044 1051 } 1045 1052 1046 1053 /** … … 1055 1062 * @return string Correctly encoded entity 1056 1063 */ 1057 1064 function wp_kses_normalize_entities3($matches) { 1058 if ( empty($matches[ 2]) )1065 if ( empty($matches[1]) ) 1059 1066 return ''; 1060 1067 1061 $hexchars = $matches[ 2];1062 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;");1068 $hexchars = $matches[1]; 1069 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' ); 1063 1070 } 1064 1071 1065 1072 /**