Make WordPress Core

Changeset 32851


Ignore:
Timestamp:
06/19/2015 01:52:48 AM (9 years ago)
Author:
azaozz
Message:

Fix using htmlspecialchars() whit the $double_encode parameter. PHP < 5.4 doesn't validate the entities.
Props miqrogroove. Fixes #17780.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r32850 r32851  
    687687    } elseif ( $quote_style === 'single' ) {
    688688        $quote_style = ENT_NOQUOTES;
     689    }
     690
     691    if ( ! $double_encode ) {
     692        // Guarantee every &entity; is valid, convert &garbage; into &amp;garbage;
     693        // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
     694        $string = wp_kses_normalize_entities( $string );
    689695    }
    690696
  • trunk/tests/phpunit/tests/formatting/EscHtml.php

    r32850 r32851  
    3535    function test_ignores_existing_entities() {
    3636        $source = '&#038; &#x00A3; &#x22; &amp;';
    37         $res = '&#038; &#x00A3; &#x22; &amp;';
     37        $res = '&#038; &#xA3; &#x22; &amp;';
    3838        $this->assertEquals( $res, esc_html($source) );
    3939    }
  • trunk/tests/phpunit/tests/formatting/WPSpecialchars.php

    r32850 r32851  
    8686            array(
    8787                'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
    88                 'This &amp; that, this &amp; that, &#8212; &quot; &amp;QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &amp;dollar; &times;',
     88                'This &amp; that, this &amp; that, &#8212; &quot; &amp;QUOT; &Uacute; &nbsp; &#034; &#034; &#034; &#x22; &#x22; &amp;dollar; &times;',
    8989            ),
    9090            array(
Note: See TracChangeset for help on using the changeset viewer.