Ticket #17780: miqro-17780.5.patch
| File miqro-17780.5.patch, 6.4 KB (added by , 11 years ago) |
|---|
-
src/wp-admin/edit-form-advanced.php
494 494 $title_placeholder = apply_filters( 'enter_title_here', __( 'Enter title here' ), $post ); 495 495 ?> 496 496 <label class="screen-reader-text" id="title-prompt-text" for="title"><?php echo $title_placeholder; ?></label> 497 <input type="text" name="post_title" size="30" value="<?php echo esc_attr( htmlspecialchars( $post->post_title )); ?>" id="title" spellcheck="true" autocomplete="off" />497 <input type="text" name="post_title" size="30" value="<?php echo esc_attr( $post->post_title ); ?>" id="title" spellcheck="true" autocomplete="off" /> 498 498 </div> 499 499 <?php 500 500 /** -
src/wp-includes/formatting.php
751 751 $quote_style = ENT_NOQUOTES; 752 752 } 753 753 754 // Handle double encoding ourselves 755 if ( $double_encode ) { 756 $string = @htmlspecialchars( $string, $quote_style, $charset ); 757 } else { 758 // Decode & into & 759 $string = wp_specialchars_decode( $string, $_quote_style ); 760 761 // Guarantee every &entity; is valid or re-encode the & 754 if ( ! $double_encode ) { 755 // Guarantee every &entity; is valid, convert &garbage; into &garbage; 756 // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable. 762 757 $string = wp_kses_normalize_entities( $string ); 758 } 763 759 764 // Now re-encode everything except &entity; 765 $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE ); 760 $string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode ); 766 761 767 for ( $i = 0, $c = count( $string ); $i < $c; $i += 2 ) {768 $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );769 }770 $string = implode( '', $string );771 }772 773 762 // Backwards compatibility 774 763 if ( 'single' === $_quote_style ) 775 764 $string = str_replace( "'", ''', $string ); -
tests/phpunit/tests/formatting/EscAttr.php
26 26 } 27 27 28 28 function test_esc_attr_amp() { 29 $out = esc_attr( 'foo & bar &baz; & apos;' );30 $this->assertEquals( "foo & bar &baz; & apos;", $out );29 $out = esc_attr( 'foo & bar &baz; ' ); 30 $this->assertEquals( "foo & bar &baz; ", $out ); 31 31 } 32 32 } -
tests/phpunit/tests/formatting/EscHtml.php
34 34 35 35 function test_ignores_existing_entities() { 36 36 $source = '& £ " &'; 37 $res = '& amp; £ " &';37 $res = '& £ " &'; 38 38 $this->assertEquals( $res, esc_html($source) ); 39 39 } 40 40 } -
tests/phpunit/tests/formatting/JSEscape.php
23 23 } 24 24 25 25 function test_js_escape_amp() { 26 $out = esc_js('foo & bar &baz; & apos;');27 $this->assertEquals("foo & bar &baz; & apos;", $out);26 $out = esc_js('foo & bar &baz; '); 27 $this->assertEquals("foo & bar &baz; ", $out); 28 28 } 29 29 30 30 function test_js_escape_quote_entity() { 31 31 $out = esc_js('foo ' bar ' baz &'); 32 $this->assertEquals("foo \\' bar \\' baz & amp;", $out);32 $this->assertEquals("foo \\' bar \\' baz &", $out); 33 33 } 34 34 35 35 function test_js_no_carriage_return() { -
tests/phpunit/tests/formatting/WPSpecialchars.php
17 17 18 18 // Allowed entities should be unchanged 19 19 foreach ( $allowedentitynames as $ent ) { 20 if ( 'apos' == $ent ) { 21 // But for some reason, PHP doesn't allow ' 22 continue; 23 } 20 24 $ent = '&' . $ent . ';'; 21 25 $this->assertEquals( $ent, _wp_specialchars( $ent ) ); 22 26 } … … 39 43 $this->assertEquals( '"'hello!'"', _wp_specialchars($source, true) ); 40 44 $this->assertEquals( $source, _wp_specialchars($source) ); 41 45 } 46 47 /** 48 * Check some of the double-encoding features for entity references. 49 * 50 * @ticket 17780 51 * @dataProvider data_double_encoding 52 */ 53 function test_double_encoding( $input, $output ) { 54 return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) ); 55 } 56 57 function data_double_encoding() { 58 return array( 59 array( 60 'This & that, this & that, — " " Ú " " " " " $ ×', 61 'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;', 62 ), 63 array( 64 '&& && && &;', 65 '&& &&amp; &amp;&amp; &amp;;', 66 ), 67 array( 68 '&garbage; &***; &aaaa; &0000; &####; &;;', 69 '&garbage; &***; &aaaa; &0000; &####; &;;', 70 ), 71 ); 72 } 73 74 /** 75 * Check some of the double-encoding features for entity references. 76 * 77 * @ticket 17780 78 * @dataProvider data_no_double_encoding 79 */ 80 function test_no_double_encoding( $input, $output ) { 81 return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) ); 82 } 83 84 function data_no_double_encoding() { 85 return array( 86 array( 87 'This & that, this & that, — " " Ú " " " " " $ ×', 88 'This & that, this & that, — " &QUOT; Ú " " " " " &dollar; ×', 89 ), 90 array( 91 '&& && && &;', 92 '&& && && &;', 93 ), 94 array( 95 '&garbage; &***; &aaaa; &0000; &####; &;;', 96 '&garbage; &***; &aaaa; &0000; &####; &;;', 97 ), 98 ); 99 } 42 100 }