Make WordPress Core

Changeset 32850


Ignore:
Timestamp:
06/18/2015 09:59:10 PM (9 years ago)
Author:
wonderboymusic
Message:

Since PHP 5.2.3, the htmlspecialchars() function has an optional $double_encode parameter, which we can now use. This will save us a few expensive kses/html decoding calls.

Adds unit tests.

Props miqrogroove.
Fixes #17780.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r32800 r32850  
    689689    }
    690690
    691     // Handle double encoding ourselves
    692     if ( $double_encode ) {
    693         $string = @htmlspecialchars( $string, $quote_style, $charset );
    694     } else {
    695         // Decode & into &
    696         $string = wp_specialchars_decode( $string, $_quote_style );
    697 
    698         // Guarantee every &entity; is valid or re-encode the &
    699         $string = wp_kses_normalize_entities( $string );
    700 
    701         // Now re-encode everything except &entity;
    702         $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
    703 
    704         for ( $i = 0, $c = count( $string ); $i < $c; $i += 2 ) {
    705             $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
    706         }
    707         $string = implode( '', $string );
    708     }
     691    $string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode );
    709692
    710693    // Backwards compatibility
  • trunk/tests/phpunit/tests/formatting/EscAttr.php

    r25002 r32850  
    2727
    2828    function test_esc_attr_amp() {
    29         $out = esc_attr( 'foo & bar &baz; &apos;' );
    30         $this->assertEquals( "foo &amp; bar &amp;baz; &apos;", $out );
     29        $out = esc_attr( 'foo & bar &baz; &nbsp;' );
     30        $this->assertEquals( "foo &amp; bar &amp;baz; &nbsp;", $out );
    3131    }
    3232}
  • trunk/tests/phpunit/tests/formatting/EscHtml.php

    r25002 r32850  
    3535    function test_ignores_existing_entities() {
    3636        $source = '&#038; &#x00A3; &#x22; &amp;';
    37         $res = '&amp; &#xA3; &quot; &amp;';
     37        $res = '&#038; &#x00A3; &#x22; &amp;';
    3838        $this->assertEquals( $res, esc_html($source) );
    3939    }
  • trunk/tests/phpunit/tests/formatting/JSEscape.php

    r25002 r32850  
    2424
    2525    function test_js_escape_amp() {
    26         $out = esc_js('foo & bar &baz; &apos;');
    27         $this->assertEquals("foo &amp; bar &amp;baz; &apos;", $out);
     26        $out = esc_js('foo & bar &baz; &nbsp;');
     27        $this->assertEquals("foo &amp; bar &amp;baz; &nbsp;", $out);
    2828    }
    2929
    3030    function test_js_escape_quote_entity() {
    3131        $out = esc_js('foo &#x27; bar &#39; baz &#x26;');
    32         $this->assertEquals("foo \\' bar \\' baz &amp;", $out);
     32        $this->assertEquals("foo \\' bar \\' baz &#x26;", $out);
    3333    }
    3434
  • trunk/tests/phpunit/tests/formatting/WPSpecialchars.php

    r25002 r32850  
    1818        // Allowed entities should be unchanged
    1919        foreach ( $allowedentitynames as $ent ) {
     20            if ( 'apos' == $ent ) {
     21                // But for some reason, PHP doesn't allow &apos;
     22                continue;
     23            }
    2024            $ent = '&' . $ent . ';';
    2125            $this->assertEquals( $ent, _wp_specialchars( $ent ) );
     
    4044        $this->assertEquals( $source, _wp_specialchars($source) );
    4145    }
     46
     47    /**
     48     * Check some of the double-encoding features for entity references.
     49     *
     50     * @ticket 17780
     51     * @dataProvider data_double_encoding
     52     */
     53    function test_double_encoding( $input, $output ) {
     54        return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) );
     55    }
     56
     57    function data_double_encoding() {
     58        return array(
     59            array(
     60                'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
     61                'This &amp; that, this &amp;amp; that, &amp;#8212; &amp;quot; &amp;QUOT; &amp;Uacute; &amp;nbsp; &amp;#34; &amp;#034; &amp;#0034; &amp;#x00022; &amp;#x22; &amp;dollar; &amp;times;',
     62            ),
     63            array(
     64                '&& &&amp; &amp;&amp; &amp;;',
     65                '&amp;&amp; &amp;&amp;amp; &amp;amp;&amp;amp; &amp;amp;;',
     66            ),
     67            array(
     68                '&garbage; &***; &aaaa; &0000; &####; &;;',
     69                '&amp;garbage; &amp;***; &amp;aaaa; &amp;0000; &amp;####; &amp;;;',
     70            ),
     71        );
     72    }
     73
     74    /**
     75     * Check some of the double-encoding features for entity references.
     76     *
     77     * @ticket 17780
     78     * @dataProvider data_no_double_encoding
     79     */
     80    function test_no_double_encoding( $input, $output ) {
     81        return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) );
     82    }
     83
     84    function data_no_double_encoding() {
     85        return array(
     86            array(
     87                'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
     88                'This &amp; that, this &amp; that, &#8212; &quot; &amp;QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &amp;dollar; &times;',
     89            ),
     90            array(
     91                '&& &&amp; &amp;&amp; &amp;;',
     92                '&amp;&amp; &amp;&amp; &amp;&amp; &amp;;',
     93            ),
     94            array(
     95                '&garbage; &***; &aaaa; &0000; &####; &;;',
     96                '&amp;garbage; &amp;***; &amp;aaaa; &amp;0000; &amp;####; &amp;;;',
     97            ),
     98        );
     99    }
    42100}
Note: See TracChangeset for help on using the changeset viewer.