WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/10/2014 02:33:16 PM (6 years ago)
Author:
wonderboymusic
Message:

In wptexturize(), ensure that texturization does not corrupt contents of HTML elements, HTML comments, and smartcode attributes.

Adds a variety of unit tests/assertions.

Props miqrogroove.
Fixes #12690, #8912, #27602.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r28726 r28727  
    159159    }
    160160
     161    // If there's nothing to do, just stop.
     162    if ( empty( $text ) ) {
     163        return $text;
     164    }
     165
    161166    // Transform into regexp sub-expression used in _wptexturize_pushpop_element
    162167    // Must do this every time in case plugins use these filters in a context sensitive manner
     
    181186    $no_texturize_shortcodes_stack = array();
    182187
    183     $textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
     188    // Look for shortcodes and HTML elements.
     189
     190    $regex =  '/('          // Capture the entire match.
     191        .   '<'     // Find start of element.
     192        .   '(?(?=!--)' // Is this a comment?
     193        .       '.+?--\s*>' // Find end of comment
     194        .   '|'
     195        .       '.+?>'      // Find end of element
     196        .   ')'
     197        . '|'
     198        .   '\['        // Find start of shortcode.
     199        .   '\[?'       // Shortcodes may begin with [[
     200        .   '[^\[\]<>]+'    // Shortcodes do not contain other shortcodes or HTML elements.
     201        .   '\]'        // Find end of shortcode.
     202        .   '\]?'       // Shortcodes may end with ]]
     203        . ')/s';
     204
     205    $textarr = preg_split( $regex, $text, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY );
    184206
    185207    foreach ( $textarr as &$curl ) {
    186         if ( empty( $curl ) ) {
    187             continue;
    188         }
    189 
    190         // Only call _wptexturize_pushpop_element if first char is correct tag opening
     208        // Only call _wptexturize_pushpop_element if $curl is a delimeter.
    191209        $first = $curl[0];
    192         if ( '<' === $first ) {
    193             _wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
    194         } elseif ( '[' === $first ) {
    195             _wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
     210        if ( '<' === $first && '>' === substr( $curl, -1 ) ) {
     211            // This is an HTML delimeter.
     212
     213            if ( '<!--' !== substr( $curl, 0, 4 ) ) {
     214                _wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>' );
     215            }
     216
     217        } elseif ( '[' === $first && 1 === preg_match( '/^\[[^\[\]<>]+\]$/', $curl ) ) {
     218            // This is a shortcode delimeter.
     219
     220            _wptexturize_pushpop_element( $curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']' );
     221
     222        } elseif ( '[' === $first && 1 === preg_match( '/^\[\[?[^\[\]<>]+\]\]?$/', $curl ) ) {
     223            // This is an escaped shortcode delimeter.
     224
     225            // Do not texturize.
     226            // Do not push to the shortcodes stack.
     227
    196228        } elseif ( empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack) ) {
    197 
    198             // This is not a tag, nor is the texturization disabled static strings
     229            // This is neither a delimeter, nor is this content inside of no_texturize pairs.  Do texturize.
     230
    199231            $curl = str_replace($static_characters, $static_replacements, $curl);
    200 
    201             // regular expressions
    202232            $curl = preg_replace($dynamic_characters, $dynamic_replacements, $curl);
    203233
Note: See TracChangeset for help on using the changeset viewer.