WordPress.org

Make WordPress Core

Ticket #21537: 21537.diff

File 21537.diff, 2.5 KB (added by valendesigns, 7 years ago)
  • src/wp-includes/default-filters.php

    diff --git src/wp-includes/default-filters.php src/wp-includes/default-filters.php
    index dc0c8f8..801c8c9 100644
    if ( is_admin() ) { 
    4646foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
    4747        add_filter( $filter, 'trim'           );
    4848        add_filter( $filter, 'sanitize_email' );
    49         add_filter( $filter, 'wp_filter_kses' );
     49        add_filter( $filter, 'wp_kses_email' );
    5050}
    5151
    5252// Email admin display
  • src/wp-includes/kses.php

    diff --git src/wp-includes/kses.php src/wp-includes/kses.php
    index cd2727a..0375130 100644
    function wp_filter_kses( $data ) { 
    13261326}
    13271327
    13281328/**
     1329 * Sanitize email with allowed HTML Kses rules.
     1330 *
     1331 * Reverts entities that should not be encoded in email addresses.
     1332 *
     1333 * @since 4.2.0
     1334 *
     1335 * @param string $data Content to filter, expected to not be escaped
     1336 * @return string Filtered content
     1337 */
     1338function wp_kses_email( $data ) {
     1339        return str_replace( '&', '&', wp_filter_kses( $data , current_filter() ) );
     1340}
     1341
     1342/**
    13291343 * Sanitize content with allowed HTML Kses rules.
    13301344 *
    13311345 * @since 2.9.0
  • tests/phpunit/tests/user.php

    diff --git tests/phpunit/tests/user.php tests/phpunit/tests/user.php
    index 8ba4f97..182009b 100644
    class Tests_User extends WP_UnitTestCase { 
    617617                $metas = array_keys( get_user_meta( 1 ) );
    618618                $this->assertNotContains( 'key', $metas );
    619619        }
     620       
     621        /**
     622         * @ticket 21537
     623         */
     624        function test_user_should_not_sanitize_ampersands() {
     625                $random_string = rand_str();
     626                $raw_user_email = 'taco&chalupa@burrito.com';
     627
     628                // Test filter
     629                $user_email = apply_filters( 'pre_user_email', $raw_user_email );
     630                $this->assertSame( $raw_user_email, $user_email );
     631               
     632                // Test insert user
     633                $id1 = wp_insert_user( array(
     634                        'user_login' => $random_string,
     635                        'user_pass' => 'password',
     636                        'user_email' => $raw_user_email,
     637                ) );
     638                $this->assertEquals( $id1, email_exists( $raw_user_email ) );
     639                $this->assertEquals( $id1, get_user_by( 'email', $raw_user_email )->ID );
     640               
     641                // Test create comment
     642                $post_id = $this->factory->post->create();
     643                $comment_id = wp_insert_comment(array(
     644                        'comment_post_ID' => $post_id,
     645                        'comment_author' => $random_string,
     646                        'comment_content' => $random_string,
     647                        'comment_author_email' => $raw_user_email,
     648                ));
     649                $comment = get_comment( $comment_id );
     650                $this->assertSame( $raw_user_email, $comment->comment_author_email );
     651        }
    620652
    621653        /**
    622654         * @ticket 29696