Ticket #34406: 34406.3.diff

src/wp-includes/kses.php

@@ -927 +927 @@
                 switch ($mode) {
                         case 0 : // attribute name, href for instance
 
-                                if ( preg_match('/^([-a-zA-Z:]+)/', $attr, $match ) ) {
+                                if ( preg_match('/^([-_a-zA-Z0-9:]+)/', $attr, $match ) ) {
                                         $attrname = $match[1];
                                         $working = $mode = 1;
-                                        $attr = preg_replace( '/^[-a-zA-Z:]+/', '', $attr );
+                                        $attr = preg_replace( '/^[-_a-zA-Z0-9:]+/', '', $attr );
                                 }
 
                                 break;

tests/phpunit/tests/kses.php

@@ -653 +653 @@
 
                 $this->assertEquals( $input, wp_kses( $input, $allowedposttags ) );
         }
+
+    /**
+     * Test wp_kses_hair().
+     *
+     * @ticket 34406
+     *
+     * @dataProvider data_hair
+     */
+    function test_hair( $input, $output, $allowed ) {
+        return $this->assertEquals( $output, wp_kses( $input, $allowed ) );
+    }
+
+    function data_hair() {
+
+        global $allowedposttags;
+        $allowedposttags['img']['data_at:2x'] = true;
+
+        return array(
+            array(
+                '<img src="" data_at:2x="" alt="blah" />',
+                '<img src="" data_at:2x="" alt="blah" />',
+                $allowedposttags,
+            ),
+            array(
+                '<img src="" data_at:2x="" alt="blah" />',
+                '<img src="" data_at:2x="" alt="blah" />',
+                $allowedposttags,
+            ),
+            array(
+                '<img src="" data&="" alt="blah" />',
+                '<img src="" alt="blah" />',
+                $allowedposttags,
+            ),
+            array(
+                '<img src="" data%="" alt="blah" />',
+                '<img src="" alt="blah" />',
+                $allowedposttags,
+            ),
+        );
+    }
 }