WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/18/2014 07:48:46 PM (7 years ago)
Author:
wonderboymusic
Message:

In wptexturize() + tests:

  • Allow well-formed HTML inside of shortcode attributes
  • Restrict recursion. HTML is allowed but ignored.
  • Do not allow exotic HTML comments in shortcode attributes.
  • Continue to ignore the [ and ] chars if they appear in any HTML attribute.
  • Update related regex patterns.
  • Update unit tests.

Props miqrogroove.
Fixes #28564.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r28765 r28773  
    204204        .   '\['        // Find start of shortcode.
    205205        .   '\[?'       // Shortcodes may begin with [[
    206         .   '[^\[\]<>]+'    // Shortcodes do not contain other shortcodes or HTML elements.
     206        .   '(?:'
     207        .       '[^\[\]<>]' // Shortcodes do not contain other shortcodes.
     208        .   '|'
     209        .       '<.+?>' // HTML elements permitted. Prevents matching ] before >.
     210        .   ')+'
    207211        .   '\]'        // Find end of shortcode.
    208212        .   '\]?'       // Shortcodes may end with ]]
     
    221225            }
    222226
    223         } elseif ( '[' === $first && 1 === preg_match( '/^\[[^\[\]<>]+\]$/', $curl ) ) {
     227        } elseif ( '[' === $first && 1 === preg_match( '/^\[(?:[^\[\]<>]|<.+?>)+\]$/', $curl ) ) {
    224228            // This is a shortcode delimeter.
    225229
    226230            _wptexturize_pushpop_element( $curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']' );
    227231
    228         } elseif ( '[' === $first && 1 === preg_match( '/^\[\[?[^\[\]<>]+\]\]?$/', $curl ) ) {
     232        } elseif ( '[' === $first && 1 === preg_match( '/^\[\[?(?:[^\[\]<>]|<.+?>)+\]\]?$/', $curl ) ) {
    229233            // This is an escaped shortcode delimeter.
    230234
Note: See TracChangeset for help on using the changeset viewer.