Changeset 10298 for trunk/wp-includes/compat.php

Timestamp:

01/04/2009 11:37:47 PM (17 years ago)

Author:

azaozz

Message:

Latest version of the patch for refactor filters to avoid potential XSS attacks, props sambauers and DD32, see #8767

File:

• trunk/wp-includes/compat.php (modified) (1 diff)

trunk/wp-includes/compat.php

@@ -99 +99 @@
 if ( !function_exists( 'htmlspecialchars_decode' ) ) {
     // Added in PHP 5.1.0
-    // from php.net (modified by Sam Bauers to deal with some quirks in HTML_SPECIALCHARS constant)
-    function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT ) {
-        $table = array_flip( get_html_translation_table( HTML_SPECIALCHARS, $quote_style ) );
-        $table = array_merge( array( ''' => "'" ), $table, array( '&' => "&", '&' => "&" ) );
-        return strtr( $str, $table );
+    // Error checks from PEAR::PHP_Compat
+    function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT )
+    {
+        if ( !is_scalar( $string ) ) {
+            trigger_error( 'htmlspecialchars_decode() expects parameter 1 to be string, ' . gettype( $string ) . ' given', E_USER_WARNING );
+            return;
+        }
+
+        if ( !is_int( $quote_style ) && $quote_style !== null ) {
+            trigger_error( 'htmlspecialchars_decode() expects parameter 2 to be integer, ' . gettype( $quote_style ) . ' given', E_USER_WARNING );
+            return;
+        }
+
+        return wp_specialchars_decode( $str, $quote_style );
     }
 }