WordPress.org

Make WordPress Core


Ignore:
Timestamp:
12/29/2010 08:49:02 PM (8 years ago)
Author:
ryan
Message:

Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.0/wp-includes/formatting.php

    r15378 r17172  
    22372237    // Replace ampersands and single quotes only when displaying.
    22382238    if ( 'display' == $_context ) {
    2239         $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
     2239        $url = wp_kses_normalize_entities( $url );
     2240        $url = str_replace( '&', '&', $url );
    22402241        $url = str_replace( "'", ''', $url );
    22412242    }
Note: See TracChangeset for help on using the changeset viewer.