Ticket #43147: Introduce_esc_html_comment_functions.patch
| File Introduce_esc_html_comment_functions.patch, 9.0 KB (added by , 8 years ago) |
|---|
-
src/wp-includes/class-wp-html-comment-escape.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
1 <?php 2 /** 3 * @package WordPress 4 * @subpackage Formatting 5 * @since x.x.x 6 */ 7 8 /** 9 * Core class used to escape contents of a HTML comment. 10 * 11 * @since x.x.x 12 */ 13 class WP_HTML_Comment_Escape { 14 /** 15 * HTML_Comment constructor. 16 * 17 * @param string $text Text to use. 18 */ 19 public function __construct( $text ) { 20 $this->text = $text; 21 } 22 23 /** 24 * Escapes the string for use in a HTML comment. 25 * 26 * Based upon the specs located at the following url 27 * @url https://www.w3.org/TR/html51/syntax.html#sec-comments 28 * 29 * @return string Escaped string. 30 */ 31 public function escape() { 32 $safe_text = wp_check_invalid_utf8( $this->text ); 33 34 while ( $this->unexpected_end_tag( $safe_text ) ) { 35 $safe_text = $this->strip_end_tag( $safe_text ); 36 } 37 38 while ( $this->invalid_starting_characters( $safe_text ) ) { 39 $safe_text = $this->strip_invalid_starting_characters( $safe_text ); 40 } 41 42 while ( $this->invalid_end_characters( $safe_text ) ) { 43 $safe_text = $this->strip_invalid_end_characters( $safe_text ); 44 } 45 46 return apply_filters( 'esc_html_comment', $safe_text, $this->text ); 47 } 48 49 /** 50 * Detects if the text starts with invalid characters. 51 * 52 * Implements the following rules: 53 * 1. must not start with a single U+003E GREATER-THAN SIGN character (>) 54 * 2. nor start with a U+002D HYPHEN-MINUS character (-) followed by a U+003E GREATER-THAN SIGN (>) character 55 * 3. nor contain two consecutive U+002D HYPHEN-MINUS characters (--) 56 * 57 * @param string $text Text to parse. 58 * 59 * @return bool True if the text contains invalid characters. 60 */ 61 protected function invalid_starting_characters( $text ) { 62 if ( strpos( $text, '>' ) === 0 ) { 63 return true; 64 } 65 66 if ( strpos( $text, '->' ) === 0 ) { 67 return true; 68 } 69 70 return ( strpos( $text, '--' ) === 0 ); 71 } 72 73 /** 74 * Detects if the text ends with invalid characters. 75 * 76 * Implements the rule: `not end with a U+002D HYPHEN-MINUS character (-).` 77 * 78 * @param string $text Text to parse. 79 * 80 * @return bool True if the text contains invalid ending characters. 81 */ 82 protected function invalid_end_characters( $text ) { 83 return ( substr( $text, -1 ) === '-' ); 84 } 85 86 /** 87 * Detects any unwanted ending sequences in the text. 88 * 89 * @param string $text Text to parse. 90 * 91 * @return bool True if an ending tag is found in the text. 92 */ 93 protected function unexpected_end_tag( $text ) { 94 return strpos( $text, '-->' ) !== false; 95 } 96 97 /** 98 * Strips invalid starting characters from the text. 99 * 100 * @param string $text Text to parse. 101 * 102 * @return string Replaced text. 103 */ 104 protected function strip_invalid_starting_characters( $text ) { 105 $text = preg_replace( '/^>/', '', $text ); 106 $text = preg_replace( '/^--/', '', $text ); 107 $text = preg_replace( '/^->/', '', $text ); 108 109 return ltrim( $text ); 110 } 111 112 /** 113 * Strips the comment end tag from the text. 114 * 115 * @param string $text Text to parse. 116 * 117 * @return string Replaced text. 118 */ 119 protected function strip_end_tag( $text ) { 120 $text = str_replace( array( ' -->', '--> ', '-->' ), '', $text ); 121 122 return trim( $text ); 123 } 124 125 /** 126 * Strips invalid ending characters from the text. 127 * 128 * @param string $text Text to parse. 129 * 130 * @return string Replaced text. 131 */ 132 protected function strip_invalid_end_characters( $text ) { 133 $text = rtrim( $text, '-' ); 134 135 return rtrim( $text ); 136 } 137 } -
src/wp-includes/formatting.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
7 7 * @package WordPress 8 8 */ 9 9 10 require ABSPATH . WPINC . '/class-wp-html-comment-escape.php'; 11 10 12 /** 11 13 * Replaces common plain text characters into formatted entities 12 14 * … … 4230 4232 return apply_filters( 'esc_html', $safe_text, $text ); 4231 4233 } 4232 4234 4235 /** 4236 * Escaping for HTML comments. 4237 * 4238 * @since x.x.x 4239 * 4240 * @param string $text Text to escape. 4241 * @return string Escaped text. 4242 */ 4243 function esc_html_comment( $text ) { 4244 $html_comment = new WP_HTML_Comment_Escape( $text ); 4245 4246 return $html_comment->escape(); 4247 } 4248 4233 4249 /** 4234 4250 * Escaping for HTML attributes. 4235 4251 * -
src/wp-includes/l10n.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
235 235 return esc_html( translate( $text, $domain ) ); 236 236 } 237 237 238 /** 239 * Retrieve the translation of $text and escapes it for safe use in a HTML comment. 240 * 241 * If there is no translation, or the text domain isn't loaded, the original text 242 * is escaped and returned.. 243 * 244 * @since x.x.x 245 * 246 * @param string $text Text to translate. 247 * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. 248 * Default 'default'. 249 * @return string Translated text 250 */ 251 function esc_html_comment__( $text, $domain = 'default' ) { 252 return esc_html_comment( translate( $text, $domain ) ); 253 } 254 238 255 /** 239 256 * Display translated text. 240 257 * … … 274 291 echo esc_html( translate( $text, $domain ) ); 275 292 } 276 293 294 /** 295 * Display translated text that has been escaped for safe use in a HTML comment. 296 * 297 * @since x.x.x 298 * 299 * @param string $text Text to translate. 300 * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. 301 * Default 'default'. 302 */ 303 function esc_html_comment_e( $text, $domain = 'default' ) { 304 echo esc_html_comment( translate( $text, $domain ) ); 305 } 306 307 /** 308 * Translate string with gettext context, and escapes it for safe use in a HTML comment. 309 * 310 * @since x.x.x 311 * 312 * @param string $text Text to translate. 313 * @param string $context Context information for the translators. 314 * @param string $domain Optional. Text domain. Unique identifier for retrieving translated strings. 315 * Default 'default'. 316 * @return string Translated text. 317 */ 318 function esc_html_comment_x( $text, $context, $domain = 'default' ) { 319 return esc_html_comment( translate_with_gettext_context( $text, $context, $domain ) ); 320 } 321 277 322 /** 278 323 * Retrieve translated string with gettext context. 279 324 * -
tests/phpunit/tests/formatting/EscHtmlComment.php
IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8
1 <?php 2 3 /** 4 * Class HTML_Comment 5 * 6 * @group esc_html_comment 7 */ 8 class Tests_Formatting_EscHtmlComment extends PHPUnit_Framework_TestCase { 9 /** 10 * @dataProvider html_comment_data 11 */ 12 public function test_esc_html_comment( $input, $expected, $description = '' ) { 13 $this->assertEquals( $expected, esc_html_comment( $input ), $description ); 14 } 15 16 /** 17 * Data provider for the escape html comment 18 * 19 * @return array 20 */ 21 public function html_comment_data() { 22 return array( 23 array( 24 '<!-- data -->', 25 '<!-- data', 26 'Strip end comment tag' 27 ), 28 array( 29 '<!-- data ---->>', 30 '<!-- data', 31 'Strip hidden end comment tag' 32 ), 33 array( 34 '<!-- data --> more data', 35 '<!-- data more data', 36 'Strip end comment tag, preserving data after the tag' 37 ), 38 array( 39 '<!-- data --> ', 40 '<!-- data', 41 'Strip end comment tag removing spaces' 42 ), 43 array( 44 '<!-- data --> 1 ', 45 '<!-- data 1', 46 'Strip end comment tag maintaining spaces internally' 47 ), 48 array( 49 '<!--<!--<!-- data -->', 50 '<!--<!--<!-- data', 51 'Strip end comment tag, not stripping starting tags' 52 ), 53 array( 54 '-- data', 55 'data', 56 'Strip illegal prepending dashes' 57 ), 58 array( 59 'data -', 60 'data', 61 'Strip illegal ending dash' 62 ), 63 array( 64 '> data', 65 'data', 66 'Strip illegal starting greather-then-sign' 67 ), 68 array( 69 'data 70 more data 71 more data', 72 'data 73 more data 74 more data', 75 'Ensure new lines are untouched' 76 ), 77 array( 78 '<html> this is not html </html>', 79 '<html> this is not html </html>', 80 'Ensure HTML characters are untouched' 81 ), 82 array( 83 'It\'s a miracle', 84 'It\'s a miracle', 85 'Ensure quotes are untouched' 86 ), 87 ); 88 } 89 }