WordPress.org

Make WordPress Core

Ticket #12284: 12284-extra.patch

File 12284-extra.patch, 1.5 KB (added by miqrogroove, 4 years ago)

Only zero-strip the valid entities, and correct inconsistent logic.

  • wp-includes/kses.php

     
    996996        # Change back the allowed entities in our entity whitelist 
    997997 
    998998        $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string); 
    999         $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); 
    1000         $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); 
     999        $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string); 
     1000        $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string); 
    10011001 
    10021002        return $string; 
    10031003} 
     
    10401040                return ''; 
    10411041 
    10421042        $i = $matches[1]; 
    1043         return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); 
     1043        return ( ( ! valid_unicode($i) ) ? "&#$i;" : '&#'.ltrim($i,'0').';' ); 
    10441044} 
    10451045 
    10461046/** 
     
    10551055 * @return string Correctly encoded entity 
    10561056 */ 
    10571057function wp_kses_normalize_entities3($matches) { 
    1058         if ( empty($matches[2]) ) 
     1058        if ( empty($matches[1]) ) 
    10591059                return ''; 
    10601060 
    1061         $hexchars = $matches[2]; 
    1062         return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); 
     1061        $hexchars = $matches[1]; 
     1062        return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' ); 
    10631063} 
    10641064 
    10651065/**