WordPress.org

Make WordPress Core

Ticket #18250: wp-io-sanity-by-miqrogroove.patch

File wp-io-sanity-by-miqrogroove.patch, 1.4 KB (added by miqrogroove, 7 years ago)

The original 1 June security patch.

  • wp-includes/formatting.php

     
    333333        }
    334334
    335335        // Handle double encoding ourselves
    336         if ( !$double_encode ) {
     336        if ( $double_encode ) {
     337                $string = @htmlspecialchars( $string, $quote_style, $charset );
     338        } else {
     339                // Decode & into &
    337340                $string = wp_specialchars_decode( $string, $_quote_style );
    338341
    339                 /* Critical */
    340                 // The previous line decodes &phrase; into &phrase;  We must guarantee that &phrase; is valid before proceeding.
     342                // Guarantee every &entity; is valid or re-encode the &
    341343                $string = wp_kses_normalize_entities($string);
    342344
    343                 // Now proceed with custom double-encoding silliness
    344                 $string = preg_replace( '/&(#?x?[0-9a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string );
    345         }
     345                // Now re-encode everything except &entity;
     346                $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
    346347
    347         $string = @htmlspecialchars( $string, $quote_style, $charset );
     348                for ($i=0; $i < count($string); $i += 2)
     349                        $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
    348350
    349         // Handle double encoding ourselves
    350         if ( !$double_encode ) {
    351                 $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string );
     351                $string = implode('', $string);
    352352        }
    353353
    354354        // Backwards compatibility