WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/19/2015 01:52:48 AM (6 years ago)
Author:
azaozz
Message:

Fix using htmlspecialchars() whit the $double_encode parameter. PHP < 5.4 doesn't validate the entities.
Props miqrogroove. Fixes #17780.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r32850 r32851  
    687687    } elseif ( $quote_style === 'single' ) {
    688688        $quote_style = ENT_NOQUOTES;
     689    }
     690
     691    if ( ! $double_encode ) {
     692        // Guarantee every &entity; is valid, convert &garbage; into &amp;garbage;
     693        // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
     694        $string = wp_kses_normalize_entities( $string );
    689695    }
    690696
Note: See TracChangeset for help on using the changeset viewer.