Ticket #29810: miqro-29810.4.patch
File miqro-29810.4.patch, 17.4 KB (added by , 10 years ago) |
---|
-
src/wp-admin/import.php
79 79 <table class="widefat importers"> 80 80 81 81 <?php 82 disable_shortcodes(); 82 83 $alt = ''; 83 84 foreach ($importers as $importer_id => $data) { 84 85 $action = ''; … … 115 116 <td class='desc'>{$data[1]}</td> 116 117 </tr>"; 117 118 } 119 enable_shortcodes(); 118 120 ?> 119 121 120 122 </table> -
src/wp-admin/includes/plugin.php
165 165 if ( $plugin_data['AuthorURI'] && $plugin_data['Author'] ) 166 166 $plugin_data['Author'] = '<a href="' . $plugin_data['AuthorURI'] . '">' . $plugin_data['Author'] . '</a>'; 167 167 168 disable_shortcodes(); 168 169 $plugin_data['Description'] = wptexturize( $plugin_data['Description'] ); 170 enable_shortcodes(); 169 171 170 172 if ( $plugin_data['Author'] ) 171 173 $plugin_data['Description'] .= ' <cite>' . sprintf( __('By %s.'), $plugin_data['Author'] ) . '</cite>'; -
src/wp-admin/menu-header.php
46 46 function _wp_menu_output( $menu, $submenu, $submenu_as_parent = true ) { 47 47 global $self, $parent_file, $submenu_file, $plugin_page, $typenow; 48 48 49 disable_shortcodes(); 50 49 51 $first = true; 50 52 // 0 = menu_title, 1 = capability, 2 = menu_slug, 3 = page_title, 4 = classes, 5 = hookname, 6 = icon_url 51 53 foreach ( $menu as $key => $item ) { … … 204 206 echo '<li id="collapse-menu" class="hide-if-no-js"><div id="collapse-button"><div></div></div>'; 205 207 echo '<span>' . esc_html__( 'Collapse menu' ) . '</span>'; 206 208 echo '</li>'; 209 210 enable_shortcodes(); 207 211 } 208 212 209 213 ?> -
src/wp-includes/class-wp-theme.php
658 658 $value = $this->get_stylesheet(); 659 659 break; 660 660 case 'Description' : 661 disable_shortcodes(); 661 662 $value = wptexturize( $value ); 663 enable_shortcodes(); 662 664 break; 663 665 case 'Author' : 664 666 if ( $this->get('AuthorURI') ) { -
src/wp-includes/comment-template.php
963 963 if ( isset( $_SERVER['HTTP_USER_AGENT'] ) && false !== stripos( $_SERVER['HTTP_USER_AGENT'], 'W3C_Validator' ) ) { 964 964 return; 965 965 } 966 967 disable_shortcodes(); 966 968 967 969 echo '<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" 968 970 xmlns:dc="http://purl.org/dc/elements/1.1/" … … 976 978 echo ' dc:title="'.str_replace('--', '--', wptexturize(strip_tags(get_the_title()))).'"'."\n"; 977 979 echo ' trackback:ping="'.get_trackback_url().'"'." />\n"; 978 980 echo '</rdf:RDF>'; 981 982 enable_shortcodes(); 979 983 } 980 984 981 985 /** -
src/wp-includes/default-filters.php
92 92 93 93 // Format strings for display. 94 94 foreach ( array( 'comment_author', 'term_name', 'link_name', 'link_description', 'link_notes', 'bloginfo', 'wp_title', 'widget_title' ) as $filter ) { 95 add_filter( $filter, 'wptexturize' ); 96 add_filter( $filter, 'convert_chars' ); 97 add_filter( $filter, 'esc_html' ); 95 add_filter( $filter, 'restrict_shortcodes', 8 ); 96 add_filter( $filter, 'wptexturize' ); 97 add_filter( $filter, 'convert_chars' ); 98 add_filter( $filter, 'esc_html' ); 99 add_filter( $filter, 'enable_shortcodes', 12 ); 98 100 } 99 101 100 102 // Format WordPress … … 104 106 105 107 // Format titles 106 108 foreach ( array( 'single_post_title', 'single_cat_title', 'single_tag_title', 'single_month_title', 'nav_menu_attr_title', 'nav_menu_description' ) as $filter ) { 107 add_filter( $filter, 'wptexturize' ); 108 add_filter( $filter, 'strip_tags' ); 109 add_filter( $filter, 'restrict_shortcodes', 8 ); 110 add_filter( $filter, 'wptexturize' ); 111 add_filter( $filter, 'strip_tags' ); 112 add_filter( $filter, 'enable_shortcodes', 12 ); 109 113 } 110 114 111 115 // Format text area for display. 112 116 foreach ( array( 'term_description' ) as $filter ) { 113 add_filter( $filter, 'wptexturize' ); 114 add_filter( $filter, 'convert_chars' ); 115 add_filter( $filter, 'wpautop' ); 116 add_filter( $filter, 'shortcode_unautop'); 117 add_filter( $filter, 'restrict_shortcodes', 8 ); 118 add_filter( $filter, 'wptexturize' ); 119 add_filter( $filter, 'convert_chars' ); 120 add_filter( $filter, 'wpautop' ); 121 add_filter( $filter, 'shortcode_unautop' ); 122 add_filter( $filter, 'enable_shortcodes', 12 ); 117 123 } 118 124 119 125 // Format for RSS … … 124 130 add_filter( 'wp_update_term_parent', 'wp_check_term_hierarchy_for_loops', 10, 3 ); 125 131 126 132 // Display filters 127 add_filter( 'the_title', 'wptexturize' ); 128 add_filter( 'the_title', 'convert_chars' ); 129 add_filter( 'the_title', 'trim' ); 133 add_filter( 'the_title', 'restrict_shortcodes', 8 ); 134 add_filter( 'the_title', 'wptexturize' ); 135 add_filter( 'the_title', 'convert_chars' ); 136 add_filter( 'the_title', 'trim' ); 137 add_filter( 'the_title', 'enable_shortcodes', 12 ); 130 138 131 139 add_filter( 'the_content', 'wptexturize' ); 132 140 add_filter( 'the_content', 'convert_smilies' ); … … 135 143 add_filter( 'the_content', 'shortcode_unautop' ); 136 144 add_filter( 'the_content', 'prepend_attachment' ); 137 145 138 add_filter( 'the_excerpt', 'wptexturize' ); 139 add_filter( 'the_excerpt', 'convert_smilies' ); 140 add_filter( 'the_excerpt', 'convert_chars' ); 141 add_filter( 'the_excerpt', 'wpautop' ); 142 add_filter( 'the_excerpt', 'shortcode_unautop'); 146 add_filter( 'the_excerpt', 'restrict_shortcodes', 8 ); 147 add_filter( 'the_excerpt', 'wptexturize' ); 148 add_filter( 'the_excerpt', 'convert_smilies' ); 149 add_filter( 'the_excerpt', 'convert_chars' ); 150 add_filter( 'the_excerpt', 'wpautop' ); 151 add_filter( 'the_excerpt', 'shortcode_unautop' ); 152 add_filter( 'the_excerpt', 'enable_shortcodes', 12 ); 153 143 154 add_filter( 'get_the_excerpt', 'wp_trim_excerpt' ); 144 155 156 add_filter( 'comment_text', 'restrict_shortcodes', 8 ); 145 157 add_filter( 'comment_text', 'wptexturize' ); 146 158 add_filter( 'comment_text', 'convert_chars' ); 147 159 add_filter( 'comment_text', 'make_clickable', 9 ); 160 add_filter( 'comment_text', 'enable_shortcodes', 12 ); 148 161 add_filter( 'comment_text', 'force_balance_tags', 25 ); 149 162 add_filter( 'comment_text', 'convert_smilies', 20 ); 150 163 add_filter( 'comment_text', 'wpautop', 30 ); … … 151 164 152 165 add_filter( 'comment_excerpt', 'convert_chars' ); 153 166 154 add_filter( 'list_cats', 'wptexturize' ); 167 add_filter( 'list_cats', 'restrict_shortcodes', 8 ); 168 add_filter( 'list_cats', 'wptexturize' ); 169 add_filter( 'list_cats', 'enable_shortcodes', 12 ); 155 170 156 171 add_filter( 'wp_sprintf', 'wp_sprintf_l', 10, 2 ); 157 172 -
src/wp-includes/formatting.php
28 28 * @return string The string replaced with html entities 29 29 */ 30 30 function wptexturize($text, $reset = false) { 31 global $wp_cockneyreplace ;31 global $wp_cockneyreplace, $shortcode_enabled; 32 32 static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements, 33 33 $default_no_texturize_tags, $default_no_texturize_shortcodes, $run_texturize = true; 34 34 … … 203 203 $no_texturize_tags_stack = array(); 204 204 $no_texturize_shortcodes_stack = array(); 205 205 206 $find_shortcodes = false; 207 $html = ''; 208 209 if ( 'false' !== $shortcode_enabled ) { 210 if ( 'restricted' === $shortcode_enabled ) { 211 // Shortcodes in this $text are not allowed to contain raw HTML. 212 $html = '<>'; 213 } 214 $pos = strpos( $text, '[' ); 215 if ( false !== $pos && false !== strpos( $text, ']', $pos ) ) { 216 $find_shortcodes = true; 217 } 218 } 219 206 220 // Look for shortcodes and HTML elements. 207 221 208 $comment_regex = 209 '!' // Start of comment, after the <.210 . '(?:' // Unroll the loop: Consume everything until --> is found.211 . '-(?!->)' // Dash not followed by end of comment.212 . '[^\-]*+' // Consume non-dashes.213 . ')*+' // Loop possessively.214 . '(?:-->)?'; // End of comment. If not found, match all input.222 $comment_regex = 223 '!' // Start of comment, after the <. 224 . '(?:' // Unroll the loop: Consume everything until --> is found. 225 . '-(?!->)' // Dash not followed by end of comment. 226 . '[^\-]*+' // Consume non-dashes. 227 . ')*+' // Loop possessively. 228 . '(?:-->)?'; // End of comment. If not found, match all input. 215 229 230 $html_regex = 231 '<' // Find start of element. 232 . '(?(?=!--)' // Is this a comment? 233 . $comment_regex // Find end of comment. 234 . '|' 235 . '[^>]+>' // Find end of element. 236 . ')'; 237 216 238 $shortcode_regex = 217 '\[' // Find start of shortcode.218 . '[\/\[]?' // Shortcodes may begin with [/ or [[219 . '[^\s\/\[\]]' // No whitespace before name.220 . '[^\[\]]*+'// Shortcodes do not contain other shortcodes. Possessive critical.221 . '\]' // Find end of shortcode.222 . '\]?'; // Shortcodes may end with ]]239 '\[' // Find start of shortcode. 240 . '[\/\[]?' // Shortcodes may begin with [/ or [[ 241 . '[^\s\/\[\]]' // No whitespace before name. 242 . "[^\[\]$html]*+" // Shortcodes do not contain other shortcodes. Possessive critical. 243 . '\]' // Find end of shortcode. 244 . '\]?'; // Shortcodes may end with ]] 223 245 224 $regex = 225 '/(' // Capture the entire match. 226 . '<' // Find start of element. 227 . '(?(?=!--)' // Is this a comment? 228 . $comment_regex // Find end of comment. 229 . '|' 230 . '[^>]+>' // Find end of element. 231 . ')' 232 . '|' 233 . $shortcode_regex // Find shortcodes. 234 . ')/s'; 246 if ( $find_shortcodes ) { 247 $regex = "/($html_regex|$shortcode_regex)/s"; 248 } else { 249 $regex = "/($html_regex)/s"; 250 } 235 251 236 252 $textarr = preg_split( $regex, $text, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY ); 237 253 … … 253 269 254 270 continue; 255 271 256 } elseif ( '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) {272 } elseif ( $find_shortcodes && '[' === $first && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) { 257 273 // This is a shortcode delimiter. 258 274 259 275 if ( '[[' !== substr( $curl, 0, 2 ) && ']]' !== substr( $curl, -2 ) ) { … … 480 496 * @return string The filtered content. 481 497 */ 482 498 function shortcode_unautop( $pee ) { 483 global $shortcode_tags ;499 global $shortcode_tags, $shortcode_enabled; 484 500 485 if ( empty( $shortcode_tags ) || !is_array( $shortcode_tags ) ) {501 if ( 'false' === $shortcode_enabled || empty( $shortcode_tags ) || !is_array( $shortcode_tags ) ) { 486 502 return $pee; 487 503 } 488 504 … … 489 505 $tagregexp = join( '|', array_map( 'preg_quote', array_keys( $shortcode_tags ) ) ); 490 506 $spaces = wp_spaces_regexp(); 491 507 508 if ( 'restricted' === $shortcode_enabled ) { 509 $html = '<>'; 510 } else { 511 $html = ''; 512 } 513 492 514 $pattern = 493 515 '/' 494 516 . '<p>' // Opening paragraph … … 498 520 . "($tagregexp)" // 2: Shortcode name 499 521 . '(?![\\w-])' // Not followed by word character or hyphen 500 522 // Unroll the loop: Inside the opening shortcode tag 501 . '[^\\]\\/]*'// Not a closing bracket or forward slash523 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 502 524 . '(?:' 503 525 . '\\/(?!\\])' // A forward slash not followed by a closing bracket 504 . '[^\\]\\/]*'// Not a closing bracket or forward slash526 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 505 527 . ')*?' 506 528 . '(?:' 507 529 . '\\/\\]' // Self closing tag and closing bracket -
src/wp-includes/general-template.php
1129 1129 * @return string HTML link content for archive. 1130 1130 */ 1131 1131 function get_archives_link($url, $text, $format = 'html', $before = '', $after = '') { 1132 disable_shortcodes(); 1132 1133 $text = wptexturize($text); 1134 enable_shortcodes(); 1133 1135 $url = esc_url($url); 1134 1136 1135 1137 if ('link' == $format) -
src/wp-includes/media.php
1075 1075 $image_output 1076 1076 </{$icontag}>"; 1077 1077 if ( $captiontag && trim($attachment->post_excerpt) ) { 1078 disable_shortcodes(); 1078 1079 $output .= " 1079 1080 <{$captiontag} class='wp-caption-text gallery-caption'> 1080 1081 " . wptexturize($attachment->post_excerpt) . " 1081 1082 </{$captiontag}>"; 1083 enable_shortcodes(); 1082 1084 } 1083 1085 $output .= "</{$itemtag}>"; 1084 1086 if ( ! $html5 && $columns > 0 && ++$i % $columns == 0 ) { -
src/wp-includes/shortcodes.php
44 44 $shortcode_tags = array(); 45 45 46 46 /** 47 * The status of the Shortcode API, which may need to be known in related functions. 48 * 49 * Values: 50 * 'true' - Full shortcode support. 51 * 'restricted' - Shortcodes that contain special characters will be ignored. 52 * 'false' - All shortcode features are disabled. 53 * 54 * @since 4.1.0 55 * 56 * @name $shortcode_enabled 57 * @var string 58 * @global string $shortcode_enabled 59 */ 60 $shortcode_enabled = 'true'; 61 62 /** 47 63 * Add hook for shortcode tag. 48 64 * 49 65 * There can only be one hook for each shortcode. Which means that if another … … 191 207 * @return string Content with shortcodes filtered out. 192 208 */ 193 209 function do_shortcode($content) { 194 global $shortcode_tags ;210 global $shortcode_tags, $shortcode_enabled; 195 211 196 if ( false === strpos( $content, '[' ) ) {212 if ( 'false' === $shortcode_enabled || false === strpos( $content, '[' ) ) { 197 213 return $content; 198 214 } 199 215 … … 226 242 * @return string The shortcode search regular expression 227 243 */ 228 244 function get_shortcode_regex() { 229 global $shortcode_tags ;245 global $shortcode_tags, $shortcode_enabled; 230 246 $tagnames = array_keys($shortcode_tags); 231 247 $tagregexp = join( '|', array_map('preg_quote', $tagnames) ); 248 249 if ( 'restricted' === $shortcode_enabled ) { 250 $html = '<>'; 251 } else { 252 $html = ''; 253 } 232 254 233 255 // WARNING! Do not change this regex without changing do_shortcode_tag() and strip_shortcode_tag() 234 256 // Also, see shortcode_unautop() and shortcode.js. … … 238 260 . "($tagregexp)" // 2: Shortcode name 239 261 . '(?![\\w-])' // Not followed by word character or hyphen 240 262 . '(' // 3: Unroll the loop: Inside the opening shortcode tag 241 . '[^\\]\\/]*'// Not a closing bracket or forward slash263 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 242 264 . '(?:' 243 265 . '\\/(?!\\])' // A forward slash not followed by a closing bracket 244 . '[^\\]\\/]*'// Not a closing bracket or forward slash266 . "[^\\]\\/$html]*" // Not a closing bracket or forward slash 245 267 . ')*?' 246 268 . ')' 247 269 . '(?:' … … 384 406 * @return string Content without shortcode tags. 385 407 */ 386 408 function strip_shortcodes( $content ) { 387 global $shortcode_tags ;409 global $shortcode_tags, $shortcode_enabled; 388 410 389 if ( false === strpos( $content, '[' ) ) {411 if ( 'false' === $shortcode_enabled || false === strpos( $content, '[' ) ) { 390 412 return $content; 391 413 } 392 414 … … 407 429 return $m[1] . $m[6]; 408 430 } 409 431 432 /** 433 * Enable the Shortcode API 434 * 435 * @since 4.1.0 436 * 437 * @param string $filter_arg Allows this function to get hooked to a filter. 438 * @return string The first param will be returned. 439 */ 440 function enable_shortcodes( $filter_arg = '' ) { 441 global $shortcode_enabled; 442 $shortcode_enabled = 'true'; 443 return $filter_arg; 444 } 445 446 /** 447 * Restrict the Shortcode API from parsing shortcodes that contain HTML. 448 * 449 * @since 4.1.0 450 * 451 * @param string $filter_arg Allows this function to get hooked to a filter. 452 * @return string The first param will be returned. 453 */ 454 function restrict_shortcodes( $filter_arg = '' ) { 455 global $shortcode_enabled; 456 $shortcode_enabled = 'restricted'; 457 return $filter_arg; 458 } 459 460 /** 461 * Disable the Shortcode API 462 * 463 * @since 4.1.0 464 * 465 * @param string $filter_arg Allows this function to get hooked to a filter. 466 * @return string The first param will be returned. 467 */ 468 function disable_shortcodes( $filter_arg = '' ) { 469 global $shortcode_enabled; 470 $shortcode_enabled = 'false'; 471 return $filter_arg; 472 } 473 410 474 add_filter('the_content', 'do_shortcode', 11); // AFTER wpautop()