WordPress.org

Make WordPress Core

Ticket #12284: 12284-extra.2.2.patch

File 12284-extra.2.2.patch, 2.1 KB (added by miqrogroove, 5 years ago)

Adds XHTML output filtering. Adds 3-digit padding for decimal entity references.

  • wp-includes/default-filters.php

     
    124124add_filter( 'comment_text', 'force_balance_tags', 25 ); 
    125125add_filter( 'comment_text', 'convert_smilies',    20 ); 
    126126add_filter( 'comment_text', 'wpautop',            30 ); 
     127add_filter( 'comment_text', 'wp_kses_normalize_entities', 9 ); 
    127128 
    128129add_filter( 'comment_excerpt', 'convert_chars' ); 
    129130 
  • wp-includes/kses.php

     
    996996        # Change back the allowed entities in our entity whitelist 
    997997 
    998998        $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string); 
    999         $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); 
    1000         $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); 
     999        $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string); 
     1000        $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string); 
    10011001 
    10021002        return $string; 
    10031003} 
     
    10401040                return ''; 
    10411041 
    10421042        $i = $matches[1]; 
    1043         return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); 
     1043        if (valid_unicode($i)) { 
     1044                $i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT); 
     1045                $i = "&#$i;"; 
     1046        } else { 
     1047            $i = "&#$i;"; 
     1048        } 
     1049 
     1050        return $i; 
    10441051} 
    10451052 
    10461053/** 
     
    10551062 * @return string Correctly encoded entity 
    10561063 */ 
    10571064function wp_kses_normalize_entities3($matches) { 
    1058         if ( empty($matches[2]) ) 
     1065        if ( empty($matches[1]) ) 
    10591066                return ''; 
    10601067 
    1061         $hexchars = $matches[2]; 
    1062         return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); 
     1068        $hexchars = $matches[1]; 
     1069        return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' ); 
    10631070} 
    10641071 
    10651072/**