Context Navigation

← Previous Change
Next Change →

formatting.php

Timestamp:

12/29/2010 08:45:37 PM (13 years ago)

Author:

ryan

Message:

Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove

File:

: 1 edited

trunk/wp-includes/formatting.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-includes/formatting.php

-                      r17142
+                      r17171
     // Replace ampersands and single quotes only when displaying.
     if ( 'display' == $_context ) {
+        $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&#038;$1', $url);
+        $url = wp_kses_normalize_entities( $url );
+        $url = str_replace( '&amp;', '&#038;', $url );
         $url = str_replace( "'", '&#039;', $url );
+    }

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 17171 for trunk/wp-includes/formatting.php

Legend:

trunk/wp-includes/formatting.php

Download in other formats: