Make WordPress Core


Ignore:
Timestamp:
12/29/2010 08:45:37 PM (14 years ago)
Author:
ryan
Message:

Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/formatting.php

    r17142 r17171  
    22692269    // Replace ampersands and single quotes only when displaying.
    22702270    if ( 'display' == $_context ) {
    2271         $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
     2271        $url = wp_kses_normalize_entities( $url );
     2272        $url = str_replace( '&', '&', $url );
    22722273        $url = str_replace( "'", ''', $url );
    22732274    }
Note: See TracChangeset for help on using the changeset viewer.