Ticket #4409: 4409c.diff

wp-includes/default-filters.php

@@ -12 +12 @@
 add_filter('the_content', 'wptexturize');
 add_filter('the_excerpt', 'wptexturize');
 add_filter('bloginfo', 'wptexturize');
+add_filter('pre_kses', 'wp_pre_kses_less_than');
 
 // Comments, trackbacks, pingbacks
 add_filter('pre_comment_author_name', 'strip_tags');
@@ -184 +185 @@
 add_action( 'plugins_loaded', 'wp_maybe_load_widgets', 0 );
 add_action( 'shutdown', 'wp_ob_end_flush_all', 1);
 
-?>
- No newline at end of file
+?>

wp-includes/formatting.php

@@ -1195 +1195 @@
         $array = apply_filters( 'wp_parse_str', $array );
 }
 
+// Convert lone less than signs.  KSES already converts lone greater than signs.
+function wp_pre_kses_less_than( $text ) {
+        return preg_replace_callback('%<[^>]*?((?=<)|>|$)%', 'wp_pre_kses_less_than_callback', $text);
+}
+
+function wp_pre_kses_less_than_callback( $matches ) {
+        if ( false === strpos($matches[0], '>') )
+                return wp_specialchars($matches[0]);
+        return $matches[0];
+}
+
 ?>

wp-includes/kses.php

@@ -230 +230 @@
         $string = wp_kses_no_null($string);
         $string = wp_kses_js_entities($string);
         $string = wp_kses_normalize_entities($string);
-        $string = wp_kses_hook($string);
         $allowed_html_fixed = wp_kses_array_lc($allowed_html);
+        $string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
         return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
 } # function wp_kses
 
-function wp_kses_hook($string)
+function wp_kses_hook($string, $allowed_html, $allowed_protocols)
 ###############################################################################
 # You add any kses hooks here.
 ###############################################################################
 {
+        $string = apply_filters( 'pre_kses', $string );
         return $string;
 } # function wp_kses_hook