WordPress.org

Make WordPress Core

Ticket #12284: 12284-extra.patch

File 12284-extra.patch, 1.5 KB (added by miqrogroove, 8 years ago)

Only zero-strip the valid entities, and correct inconsistent logic.

  • wp-includes/kses.php

     
    996996        # Change back the allowed entities in our entity whitelist
    997997
    998998        $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string);
    999         $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);
    1000         $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);
     999        $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string);
     1000        $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string);
    10011001
    10021002        return $string;
    10031003}
     
    10401040                return '';
    10411041
    10421042        $i = $matches[1];
    1043         return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" );
     1043        return ( ( ! valid_unicode($i) ) ? "&#$i;" : '&#'.ltrim($i,'0').';' );
    10441044}
    10451045
    10461046/**
     
    10551055 * @return string Correctly encoded entity
    10561056 */
    10571057function wp_kses_normalize_entities3($matches) {
    1058         if ( empty($matches[2]) )
     1058        if ( empty($matches[1]) )
    10591059                return '';
    10601060
    1061         $hexchars = $matches[2];
    1062         return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" );
     1061        $hexchars = $matches[1];
     1062        return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' );
    10631063}
    10641064
    10651065/**