WordPress.org

Make WordPress Core

Ticket #16788: 16788.diff

File 16788.diff, 1.3 KB (added by dkotter, 8 years ago)
  • wp-includes/kses.php

     
    484484                $allowed_protocols = wp_allowed_protocols();
    485485        $string = wp_kses_no_null($string);
    486486        $string = wp_kses_js_entities($string);
    487         $string = wp_kses_normalize_entities($string);
     487        $string = wp_kses_normalize_entities($string, $allowed_html);
    488488        $string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
    489489        return wp_kses_split($string, $allowed_html, $allowed_protocols);
    490490}
     
    11411141 * @param string $string Content to normalize entities
    11421142 * @return string Content with normalized entities
    11431143 */
    1144 function wp_kses_normalize_entities($string) {
    1145         # Disarm all entities by converting & to &
     1144function wp_kses_normalize_entities($string, $allowed_html = '') {
     1145        // Don't convert & to & in emails
     1146        if ( 'pre_user_email' !== $allowed_html ) {
     1147                # Disarm all entities by converting & to &
     1148                $string = str_replace('&', '&', $string);
     1149        }
    11461150
    1147         $string = str_replace('&', '&', $string);
    1148 
    11491151        # Change back the allowed entities in our entity whitelist
    11501152
    11511153        $string = preg_replace_callback('/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string);