Ticket #16788: 16788.diff
File 16788.diff, 1.3 KB (added by , 10 years ago) |
---|
-
wp-includes/kses.php
484 484 $allowed_protocols = wp_allowed_protocols(); 485 485 $string = wp_kses_no_null($string); 486 486 $string = wp_kses_js_entities($string); 487 $string = wp_kses_normalize_entities($string );487 $string = wp_kses_normalize_entities($string, $allowed_html); 488 488 $string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook 489 489 return wp_kses_split($string, $allowed_html, $allowed_protocols); 490 490 } … … 1141 1141 * @param string $string Content to normalize entities 1142 1142 * @return string Content with normalized entities 1143 1143 */ 1144 function wp_kses_normalize_entities($string) { 1145 # Disarm all entities by converting & to & 1144 function wp_kses_normalize_entities($string, $allowed_html = '') { 1145 // Don't convert & to & in emails 1146 if ( 'pre_user_email' !== $allowed_html ) { 1147 # Disarm all entities by converting & to & 1148 $string = str_replace('&', '&', $string); 1149 } 1146 1150 1147 $string = str_replace('&', '&', $string);1148 1149 1151 # Change back the allowed entities in our entity whitelist 1150 1152 1151 1153 $string = preg_replace_callback('/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string);