WordPress.org

Make WordPress Core

Ticket #2061: kses_escape_literal_lower_than.patch

File kses_escape_literal_lower_than.patch, 963 bytes (added by allan, 10 years ago)

Patch to fix the problem

  • wp-includes/kses.php

     
    4747                # call this function. 
    4848                ############################################################################### 
    4949        { 
     50 
     51   # escape all lower-than characters (<) which are not part of a tag 
     52   $html_4_tags = "(s(cript|t(yle|r(ike|ong))|u(p|b)|pan|elect|amp|mall)?|h(1|tml|2|3|ead|4|5|r|6)|c(ite|o(de|l)|enter|aption)|t(h(ead)?|t|itle|d|foot|able|r|body)|i(sindex|n(s|put)|frame|mg)?|o(ption|l|bject)|d(t|i(v|r)|d|el|fn|l)|u(l)?|p(aram|re)?|em|var|kbd|q|f(o(nt|rm)|rame)|l(i(nk)?|egend|abel)|a(cronym|ddress|pplet|rea|bbr)?|m(e(nu|ta)|ap)|b(ig|ody|do|utton|ase|r)?)"; 
     53   $string = preg_replace("/<(?!\/?$html_4_tags\b)/", "&lt;", $string); 
     54 
    5055        $string = wp_kses_no_null($string); 
    5156        $string = wp_kses_js_entities($string); 
    5257        $string = wp_kses_normalize_entities($string);