Ticket #43147: Introduce_esc_html_comment_functions-3.patch
| File Introduce_esc_html_comment_functions-3.patch, 10.3 KB (added by , 7 years ago) |
|---|
-
src/wp-includes/class-wp-html-comment-escape.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
1 <?php 2 /** 3 * @package WordPress 4 * @subpackage Formatting 5 * @since x.x.x 6 */ 7 8 /** 9 * Core class used to escape contents of a HTML comment. 10 * 11 * @since x.x.x 12 */ 13 class WP_HTML_Comment_Escape { 14 /** 15 * HTML_Comment constructor. 16 * 17 * @param string $text Text to use. 18 */ 19 public function __construct( $text ) { 20 $this->text = $text; 21 } 22 23 /** 24 * Escapes the string for use in a HTML comment. 25 * 26 * Based upon the specs located at the following url 27 * @url https://www.w3.org/TR/html51/syntax.html#sec-comments 28 * 29 * @return string Escaped string. 30 */ 31 public function escape() { 32 $safe_text = wp_check_invalid_utf8( $this->text ); 33 34 do { 35 $changed = false; 36 37 while ( $this->unexpected_end_tag( $safe_text ) ) { 38 $safe_text = $this->strip_end_tag( $safe_text ); 39 $changed = true; 40 } 41 42 while ( $this->invalid_starting_characters( $safe_text ) ) { 43 $safe_text = $this->strip_invalid_starting_characters( $safe_text ); 44 $changed = true; 45 } 46 47 while ( $this->invalid_end_characters( $safe_text ) ) { 48 $safe_text = $this->strip_invalid_end_characters( $safe_text ); 49 $changed = true; 50 } 51 52 while ( $this->invalid_characters( $safe_text ) ) { 53 $safe_text = $this->strip_invalid_characters( $safe_text ); 54 $changed = true; 55 } 56 } while( $changed ); 57 58 return apply_filters( 'esc_html_comment', $safe_text, $this->text ); 59 } 60 61 /** 62 * Detects if the text starts with invalid characters. 63 * 64 * Implements the following rules: 65 * 1. must not start with a single U+003E GREATER-THAN SIGN character (>) 66 * 2. nor start with a U+002D HYPHEN-MINUS character (-) followed by a U+003E GREATER-THAN SIGN (>) character 67 * 68 * @param string $text Text to parse. 69 * 70 * @return bool True if the text contains invalid characters. 71 */ 72 protected function invalid_starting_characters( $text ) { 73 return ( strpos( $text, '>' ) === 0 || strpos( $text, '->' ) === 0 ); 74 } 75 76 /** 77 * Detects if the text ends with invalid characters. 78 * 79 * Implements the rule: `not end with a U+002D HYPHEN-MINUS character (-).` 80 * 81 * @param string $text Text to parse. 82 * 83 * @return bool True if the text contains invalid ending characters. 84 */ 85 protected function invalid_end_characters( $text ) { 86 return ( substr( $text, -1 ) === '-' ); 87 } 88 89 /** 90 * Detects any unwanted ending sequences in the text. 91 * 92 * @param string $text Text to parse. 93 * 94 * @return bool True if an ending tag is found in the text. 95 */ 96 protected function unexpected_end_tag( $text ) { 97 return strpos( $text, '-->' ) !== false; 98 } 99 100 /** 101 * Detects if the text contains invalid character sequences. 102 * 103 * Implements the rule: `nor contain two consecutive U+002D HYPHEN-MINUS characters (--)` 104 * 105 * @param string $text Text to parse. 106 * 107 * @return bool True if invalid characters exist in the text. 108 */ 109 protected function invalid_characters( $text ) { 110 return strpos( $text, '--' ) !== false; 111 } 112 113 /** 114 * Strips invalid starting characters from the text. 115 * 116 * @param string $text Text to parse. 117 * 118 * @return string Replaced text. 119 */ 120 protected function strip_invalid_starting_characters( $text ) { 121 $text = preg_replace( '/^>/', '', $text ); 122 $text = preg_replace( '/^->/', '', $text ); 123 124 return ltrim( $text ); 125 } 126 127 /** 128 * Strips the comment end tag from the text. 129 * 130 * @param string $text Text to parse. 131 * 132 * @return string Replaced text. 133 */ 134 protected function strip_invalid_characters( $text ) { 135 $text = str_replace( array( ' --', '--' ), '', $text ); 136 137 return trim( $text ); 138 } 139 140 /** 141 * Strips the comment end tag from the text. 142 * 143 * @param string $text Text to parse. 144 * 145 * @return string Replaced text. 146 */ 147 protected function strip_end_tag( $text ) { 148 $text = str_replace( array( ' -->', '--> ', '-->' ), '', $text ); 149 150 return trim( $text ); 151 } 152 153 /** 154 * Strips invalid ending characters from the text. 155 * 156 * @param string $text Text to parse. 157 * 158 * @return string Replaced text. 159 */ 160 protected function strip_invalid_end_characters( $text ) { 161 $text = rtrim( $text, '-' ); 162 163 return rtrim( $text ); 164 } 165 } -
src/wp-includes/formatting.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
7 7 * @package WordPress 8 8 */ 9 9 10 require ABSPATH . WPINC . '/class-wp-html-comment-escape.php'; 11 10 12 /** 11 13 * Replaces common plain text characters into formatted entities 12 14 * … … 4230 4232 return apply_filters( 'esc_html', $safe_text, $text ); 4231 4233 } 4232 4234 4235 /** 4236 * Escaping for HTML comments. 4237 * 4238 * @since x.x.x 4239 * 4240 * @param string $text Text to escape. 4241 * @return string Escaped text. 4242 */ 4243 function esc_html_comment( $text ) { 4244 $html_comment = new WP_HTML_Comment_Escape( $text ); 4245 4246 return $html_comment->escape(); 4247 } 4248 4233 4249 /** 4234 4250 * Escaping for HTML attributes. 4235 4251 * -
src/wp-includes/l10n.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
235 235 return esc_html( translate( $text, $domain ) ); 236 236 } 237 237 238 /** 239 * Retrieve the translation of $text and escapes it for safe use in a HTML comment. 240 * 241 * If there is no translation, or the text domain isn't loaded, the original text 242 * is escaped and returned.. 243 * 244 * @since x.x.x 245 * 246 * @param string $text Text to translate. 247 * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. 248 * Default 'default'. 249 * @return string Translated text 250 */ 251 function esc_html_comment__( $text, $domain = 'default' ) { 252 return esc_html_comment( translate( $text, $domain ) ); 253 } 254 238 255 /** 239 256 * Display translated text. 240 257 * … … 274 291 echo esc_html( translate( $text, $domain ) ); 275 292 } 276 293 294 /** 295 * Display translated text that has been escaped for safe use in a HTML comment. 296 * 297 * @since x.x.x 298 * 299 * @param string $text Text to translate. 300 * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. 301 * Default 'default'. 302 */ 303 function esc_html_comment_e( $text, $domain = 'default' ) { 304 echo esc_html_comment( translate( $text, $domain ) ); 305 } 306 307 /** 308 * Translate string with gettext context, and escapes it for safe use in a HTML comment. 309 * 310 * @since x.x.x 311 * 312 * @param string $text Text to translate. 313 * @param string $context Context information for the translators. 314 * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. 315 * Default 'default'. 316 * @return string Translated text. 317 */ 318 function esc_html_comment_x( $text, $context, $domain = 'default' ) { 319 return esc_html_comment( translate_with_gettext_context( $text, $context, $domain ) ); 320 } 321 277 322 /** 278 323 * Retrieve translated string with gettext context. 279 324 * -
tests/phpunit/tests/formatting/EscHtmlComment.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
1 <?php 2 3 /** 4 * Class HTML_Comment 5 * 6 * @group esc_html_comment 7 */ 8 class Tests_Formatting_EscHtmlComment extends PHPUnit_Framework_TestCase { 9 /** 10 * @dataProvider html_comment_data 11 */ 12 public function test_esc_html_comment( $input, $expected, $description = '' ) { 13 $this->assertEquals( $expected, esc_html_comment( $input ), $description ); 14 } 15 16 /** 17 * Data provider for the escape html comment 18 * 19 * @return array 20 */ 21 public function html_comment_data() { 22 return array( 23 array( 24 '<!-- data -->', 25 '<! data', 26 'Strip end comment tag' 27 ), 28 array( 29 '<!-- data ---->>', 30 '<! data', 31 'Strip hidden end comment tag' 32 ), 33 array( 34 '<!-- data --> more data', 35 '<! data more data', 36 'Strip end comment tag, preserving data after the tag' 37 ), 38 array( 39 '<!-- data --> ', 40 '<! data', 41 'Strip end comment tag and removing spaces' 42 ), 43 array( 44 '<!-- data --> 1 ', 45 '<! data 1', 46 'Strip end comment tag maintaining spaces internally' 47 ), 48 array( 49 '<!--<!--<!-- data -->', 50 '<!<!<! data', 51 'Strip end comment tag, not stripping starting tags' 52 ), 53 array( 54 '-- data', 55 'data', 56 'Strip illegal prepending double dashes' 57 ), 58 array( 59 'data -- more data', 60 'data more data', 61 'Strip illegal double dashes in content' 62 ), 63 array( 64 'data --', 65 'data', 66 'Strip illegal double dashes at the end of the content' 67 ), 68 array( 69 'data -', 70 'data', 71 'Strip illegal ending dash' 72 ), 73 array( 74 '> data', 75 'data', 76 'Strip illegal starting greather-then-sign' 77 ), 78 array( 79 '> data > more data', 80 'data > more data', 81 'Strip illegal starting greather-then-sign, keeping ones that are not the starting character' 82 ), 83 array( 84 'data 85 more data 86 more data', 87 'data 88 more data 89 more data', 90 'Ensure new lines are untouched' 91 ), 92 array( 93 '-- > test', 94 'test', 95 'Remove starting > after stripping other illegal characters' 96 ), 97 array( 98 'test - -->-->', 99 'test', 100 'Remove end tags and dashes' 101 ), 102 array( 103 '<html> this is not html </html>', 104 '<html> this is not html </html>', 105 'Ensure HTML characters are untouched' 106 ), 107 array( 108 'It\'s a miracle', 109 'It\'s a miracle', 110 'Ensure quotes are untouched' 111 ), 112 ); 113 } 114 }