WordPress.org

Make WordPress Core

Ticket #37698: 37698.diff

File 37698.diff, 2.1 KB (added by xknown, 13 months ago)

  • tests/phpunit/tests/kses.php

     
    10461046                );
    10471047        }
    10481048
     1049        function test_wp_kses_split_global_pollution() {
     1050                $func = function ( $attributes ) {
     1051                        wp_kses_split( '', [], [] ); // this triggers the bug
     1052                        return $attributes;
     1053                };
     1054                add_filter( 'safe_style_css', $func );
     1055
     1056                $expected = "<a style='color: red'>I link this</a>";
     1057                $result   = wp_kses_split( "<a style='color: red;'>I link this</a>", array( 'a' => array( 'style' => array() ) ), array( 'http' ) );
     1058                $this->assertEquals( $expected, $result );
     1059        }
     1060
    10491061        /**
    10501062         * Test URL sanitization in the style tag.
    10511063         *

  • src/wp-includes/kses.php

     
    941941 * @return string Content with fixed HTML tags
    942942 */
    943943function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
    944         global $pass_allowed_html, $pass_allowed_protocols;
    945         $pass_allowed_html      = $allowed_html;
    946         $pass_allowed_protocols = $allowed_protocols;
    947         return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
     944        return preg_replace_callback(
     945                '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%',
     946                function ( $match ) use ( $allowed_html, $allowed_protocols ) {
     947                        return wp_kses_split2( $match[0], $allowed_html, $allowed_protocols );
     948                },
     949                $string
     950        );
    948951}
    949952
    950953/**
     
    9981001}
    9991002
    10001003/**
    1001  * Callback for `wp_kses_split()`.
    1002  *
    1003  * @since 3.1.0
    1004  * @access private
    1005  * @ignore
    1006  *
    1007  * @global array $pass_allowed_html
    1008  * @global array $pass_allowed_protocols
    1009  *
    1010  * @return string
    1011  */
    1012 function _wp_kses_split_callback( $match ) {
    1013         global $pass_allowed_html, $pass_allowed_protocols;
    1014         return wp_kses_split2( $match[0], $pass_allowed_html, $pass_allowed_protocols );
    1015 }
    1016 
    1017 /**
    10181004 * Callback for `wp_kses_split()` for fixing malformed HTML tags.
    10191005 *
    10201006 * This function does a lot of work. It rejects some very malformed things like