Ticket #29557: miqro-29557.8.patch
File miqro-29557.8.patch, 7.3 KB (added by , 10 years ago) |
---|
-
src/wp-includes/formatting.php
28 28 * @return string The string replaced with html entities 29 29 */ 30 30 function wptexturize($text, $reset = false) { 31 global $wp_cockneyreplace , $shortcode_tags;31 global $wp_cockneyreplace; 32 32 static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements, 33 33 $default_no_texturize_tags, $default_no_texturize_shortcodes, $run_texturize = true; 34 34 … … 205 205 206 206 // Look for shortcodes and HTML elements. 207 207 208 $tagnames = array_keys( $shortcode_tags ); 209 $tagregexp = join( '|', array_map( 'preg_quote', $tagnames ) ); 210 $tagregexp = "(?:$tagregexp)(?![\\w-])"; // Excerpt of get_shortcode_regex(). 208 $comment_regex = 209 '!--' // Start of comment, after the <. 210 . '[^\-]*' // Consume non-dashes. 211 . '(?:' // Unroll the loop: Consume everything until -- is found. 212 . '-[^\-]++' // Dash followed by non-dashes. 213 . ')*+' // Loop possessively. 214 . '(?:' // End of comment. If not found, match all input. 215 . '--' 216 . '(?:\s*>)?' 217 . ')?'; 211 218 212 $regex = '/(' // Capture the entire match. 213 . '<' // Find start of element. 214 . '(?(?=!--)' // Is this a comment? 215 . '.+?--\s*>' // Find end of comment 219 $shortcode_regex = 220 '\[' // Find start of shortcode. 221 . '[\/\[]?' // Shortcodes may begin with [/ or [[ 222 . '[^\s\/\[\]]' // No whitespace before name. 223 . '[^\[\]]*+' // Shortcodes do not contain other shortcodes. Possessive critical. 224 . '\]' // Find end of shortcode. 225 . '\]?'; // Shortcodes may end with ]] 226 227 $regex = 228 '/(' // Capture the entire match. 229 . '<' // Find start of element. 230 . '(?(?=!--)' // Is this a comment? 231 . $comment_regex // Find end of comment. 232 . '|' 233 . '[^>]+>' // Find end of element. 234 . ')' 216 235 . '|' 217 . '[^>]+>' // Find end of element 218 . ')' 219 . '|' 220 . '\[' // Find start of shortcode. 221 . '\[?' // Shortcodes may begin with [[ 222 . '\/?' // Closing slash may precede name. 223 . $tagregexp // Only match registered shortcodes, because performance. 224 . '[^\[\]]*' // Shortcodes do not contain other shortcodes. 225 . '\]' // Find end of shortcode. 226 . '\]?' // Shortcodes may end with ]] 227 . ')/s'; 236 . $shortcode_regex // Find shortcodes. 237 . ')/s'; 228 238 229 239 $textarr = preg_split( $regex, $text, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY ); 230 240 … … 231 241 foreach ( $textarr as &$curl ) { 232 242 // Only call _wptexturize_pushpop_element if $curl is a delimiter. 233 243 $first = $curl[0]; 234 if ( '<' === $first && ' >' === substr( $curl, -1) ) {235 // This is an HTML delimiter.244 if ( '<' === $first && '<!--' === substr( $curl, 0, 4 ) ) { 245 // This is an HTML comment delimeter. 236 246 237 if ( '<!--' !== substr( $curl, 0, 4 ) ) { 238 _wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags ); 239 } 247 continue; 240 248 249 } elseif ( '<' === $first && '>' === substr( $curl, -1 ) ) { 250 // This is an HTML element delimiter. 251 252 _wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags ); 253 241 254 } elseif ( '' === trim( $curl ) ) { 242 255 // This is a newline between delimiters. Performance improves when we check this. 243 256 244 257 continue; 245 258 246 } elseif ( '[' === $first && 1 === preg_match( '/^ \[\[?\/?' . $tagregexp . '[^\[\]]*\]\]?$/', $curl ) ) {259 } elseif ( '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) { 247 260 // This is a shortcode delimiter. 248 261 249 262 if ( '[[' !== substr( $curl, 0, 2 ) && ']]' !== substr( $curl, -2 ) ) { -
src/wp-includes/shortcodes.php
231 231 $tagregexp = join( '|', array_map('preg_quote', $tagnames) ); 232 232 233 233 // WARNING! Do not change this regex without changing do_shortcode_tag() and strip_shortcode_tag() 234 // Also, see shortcode_unautop() and shortcode.js and wptexturize().234 // Also, see shortcode_unautop() and shortcode.js. 235 235 return 236 236 '\\[' // Opening bracket 237 237 . '(\\[?)' // 1: Optional second opening bracket for escaping shortcodes: [[tag]] -
tests/phpunit/tests/formatting/WPTexturize.php
1188 1188 function data_tag_avoidance() { 1189 1189 return array( 1190 1190 array( 1191 '[ ... ]', 1192 '[ … ]', 1193 ), 1194 array( 1191 1195 '[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]', 1192 1196 '[ is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]', 1193 1197 ), 1194 1198 array( 1199 '[is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]', // HTML corruption is a known bug. See tickets #12690 and #29557. 1200 '[is it wise to <a title="allow user content ] here? hmm”> maybe </a> ]', 1201 ), 1202 array( 1203 '[caption - is it wise to <a title="allow user content ] here? hmm"> maybe </a> ]', 1204 '[caption - is it wise to <a title="allow user content ] here? hmm”> maybe </a> ]', 1205 ), 1206 array( 1195 1207 '[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a> ]', 1196 1208 '[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a> ]', 1197 1209 ), 1198 1210 array( 1211 '[photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a>]', 1212 '[photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy </a>]', 1213 ), 1214 array( 1199 1215 '[gallery ...]', 1200 1216 '[gallery ...]', 1201 1217 ), … … 1212 1228 '[/gallery ...]', 1213 1229 ), 1214 1230 array( 1215 '[...]...[/...]', // These are potentially usable shortcodes.1216 '[…]…[/…]',1217 ),1218 array(1219 1231 '[[gallery]]...[[/gallery]]', // Shortcode parsing will ignore the inner ]...[ part and treat this as a single escaped shortcode. 1220 1232 '[[gallery]]…[[/gallery]]', 1221 1233 ), … … 1224 1236 '[[[gallery]]]…[[[/gallery]]]', 1225 1237 ), 1226 1238 array( 1227 '[gal>ery ...]',1228 '[gal>ery …]',1229 ),1230 array(1231 1239 '[gallery ...', 1232 1240 '[gallery …', 1233 1241 ), … … 1304 1312 '<!-- ... -- >', 1305 1313 ), 1306 1314 array( 1315 '<!-- ...', // An unclosed comment is still a comment. 1316 '<!-- ...', 1317 ), 1318 array( 1307 1319 '<!-- <br /> [gallery] ... -->', 1308 1320 '<!-- <br /> [gallery] ... -->', 1309 1321 ), … … 1727 1739 ), 1728 1740 array( 1729 1741 '[code ...]...[/code]', // code is not a registered shortcode. 1730 '[code …]…[/code]',1742 '[code ...]...[/code]', 1731 1743 ), 1732 1744 array( 1733 1745 '[hello ...]...[/hello]', // hello is not a registered shortcode. 1734 '[hello …]…[/hello]',1746 '[hello ...]…[/hello]', 1735 1747 ), 1736 1748 array( 1749 '[...]...[/...]', // These are potentially usable shortcodes. 1750 '[...]…[/...]', 1751 ), 1752 array( 1753 '[gal>ery ...]', 1754 '[gal>ery ...]', 1755 ), 1756 array( 1757 '[randomthing param="test"]', 1758 '[randomthing param="test"]', 1759 ), 1760 array( 1737 1761 '[[audio]...[/audio]...', // These are potentially usable shortcodes. Unfortunately, the meaning of [[audio] is ambiguous unless we run the entire shortcode regexp. 1738 1762 '[[audio]…[/audio]…', 1739 1763 ),