Ticket #29557: miqro-29557.6.patch
File miqro-29557.6.patch, 4.6 KB (added by , 10 years ago) |
---|
-
src/wp-includes/formatting.php
28 28 * @return string The string replaced with html entities 29 29 */ 30 30 function wptexturize($text, $reset = false) { 31 global $wp_cockneyreplace , $shortcode_tags;31 global $wp_cockneyreplace; 32 32 static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements, 33 33 $default_no_texturize_tags, $default_no_texturize_shortcodes, $run_texturize = true; 34 34 … … 205 205 206 206 // Look for shortcodes and HTML elements. 207 207 208 $tagnames = array_keys( $shortcode_tags );209 $tagregexp = join( '|', array_map( 'preg_quote', $tagnames ) );210 $tagregexp = "(?:$tagregexp)(?![\\w-])"; // Excerpt of get_shortcode_regex().211 212 208 $regex = '/(' // Capture the entire match. 213 209 . '<' // Find start of element. 214 210 . '(?(?=!--)' // Is this a comment? … … 219 215 . '|' 220 216 . '\[' // Find start of shortcode. 221 217 . '\[?' // Shortcodes may begin with [[ 222 . '\/?' // Closing slash may precede name. 223 . $tagregexp // Only match registered shortcodes, because performance. 224 . '[^\[\]]*' // Shortcodes do not contain other shortcodes. 218 . '[^\[\]]++' // Shortcodes do not contain other shortcodes. Possessive critical. 225 219 . '\]' // Find end of shortcode. 226 220 . '\]?' // Shortcodes may end with ]] 227 221 . ')/s'; … … 243 237 244 238 continue; 245 239 246 } elseif ( '[' === $first && 1 === preg_match( '/^\[\[? \/?' . $tagregexp . '[^\[\]]*\]\]?$/', $curl ) ) {240 } elseif ( '[' === $first && 1 === preg_match( '/^\[\[?[^\[\]]++\]\]?$/', $curl ) ) { 247 241 // This is a shortcode delimiter. 248 242 249 243 if ( '[[' !== substr( $curl, 0, 2 ) && ']]' !== substr( $curl, -2 ) ) { -
src/wp-includes/shortcodes.php
231 231 $tagregexp = join( '|', array_map('preg_quote', $tagnames) ); 232 232 233 233 // WARNING! Do not change this regex without changing do_shortcode_tag() and strip_shortcode_tag() 234 // Also, see shortcode_unautop() and shortcode.js and wptexturize().234 // Also, see shortcode_unautop() and shortcode.js. 235 235 return 236 236 '\\[' // Opening bracket 237 237 . '(\\[?)' // 1: Optional second opening bracket for escaping shortcodes: [[tag]] -
tests/phpunit/tests/formatting/WPTexturize.php
1188 1188 function data_tag_avoidance() { 1189 1189 return array( 1190 1190 array( 1191 '[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]', 1192 '[ is it wise to <a title="allow user content ] here? hmm "> maybe </a> ]',1191 '[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]', // HTML corruption is a known bug. See tickets #12690 and #29557. 1192 '[ is it wise to <a title="allow user content ] here? hmm”> maybe </a> ]', 1193 1193 ), 1194 1194 array( 1195 1195 '[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a> ]', … … 1212 1212 '[/gallery ...]', 1213 1213 ), 1214 1214 array( 1215 '[...]...[/...]', // These are potentially usable shortcodes.1216 '[…]…[/…]',1217 ),1218 array(1219 1215 '[[gallery]]...[[/gallery]]', // Shortcode parsing will ignore the inner ]...[ part and treat this as a single escaped shortcode. 1220 1216 '[[gallery]]…[[/gallery]]', 1221 1217 ), … … 1224 1220 '[[[gallery]]]…[[[/gallery]]]', 1225 1221 ), 1226 1222 array( 1227 '[gal>ery ...]',1228 '[gal>ery …]',1229 ),1230 array(1231 1223 '[gallery ...', 1232 1224 '[gallery …', 1233 1225 ), … … 1727 1719 ), 1728 1720 array( 1729 1721 '[code ...]...[/code]', // code is not a registered shortcode. 1730 '[code …]…[/code]',1722 '[code ...]...[/code]', 1731 1723 ), 1732 1724 array( 1733 1725 '[hello ...]...[/hello]', // hello is not a registered shortcode. 1734 '[hello …]…[/hello]',1726 '[hello ...]…[/hello]', 1735 1727 ), 1736 1728 array( 1729 '[...]...[/...]', // These are potentially usable shortcodes. 1730 '[...]…[/...]', 1731 ), 1732 array( 1733 '[gal>ery ...]', 1734 '[gal>ery ...]', 1735 ), 1736 array( 1737 '[randomthing param="test"]', 1738 '[randomthing param="test"]', 1739 ), 1740 array( 1737 1741 '[[audio]...[/audio]...', // These are potentially usable shortcodes. Unfortunately, the meaning of [[audio] is ambiguous unless we run the entire shortcode regexp. 1738 1742 '[[audio]…[/audio]…', 1739 1743 ),