Make WordPress Core


Ignore:
Timestamp:
01/04/2009 11:37:47 PM (15 years ago)
Author:
azaozz
Message:

Latest version of the patch for refactor filters to avoid potential XSS attacks, props sambauers and DD32, see #8767

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/compat.php

    r10297 r10298  
    9999if ( !function_exists( 'htmlspecialchars_decode' ) ) {
    100100    // Added in PHP 5.1.0
    101     // from php.net (modified by Sam Bauers to deal with some quirks in HTML_SPECIALCHARS constant)
    102     function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT ) {
    103         $table = array_flip( get_html_translation_table( HTML_SPECIALCHARS, $quote_style ) );
    104         $table = array_merge( array( ''' => "'" ), $table, array( '&' => "&", '&' => "&" ) );
    105         return strtr( $str, $table );
     101    // Error checks from PEAR::PHP_Compat
     102    function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT )
     103    {
     104        if ( !is_scalar( $string ) ) {
     105            trigger_error( 'htmlspecialchars_decode() expects parameter 1 to be string, ' . gettype( $string ) . ' given', E_USER_WARNING );
     106            return;
     107        }
     108
     109        if ( !is_int( $quote_style ) && $quote_style !== null ) {
     110            trigger_error( 'htmlspecialchars_decode() expects parameter 2 to be integer, ' . gettype( $quote_style ) . ' given', E_USER_WARNING );
     111            return;
     112        }
     113
     114        return wp_specialchars_decode( $str, $quote_style );
    106115    }
    107116}
Note: See TracChangeset for help on using the changeset viewer.