WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/19/2015 06:46:11 PM (7 years ago)
Author:
wonderboymusic
Message:

Don't strip \0 (backslash+zero) from post content for users without "unfiltered_html"

Adds unit tests.

Props miqrogroove.
Fixes #28699.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r32733 r32860  
    522522    if ( empty( $allowed_protocols ) )
    523523        $allowed_protocols = wp_allowed_protocols();
    524     $string = wp_kses_no_null($string);
     524    $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
    525525    $string = wp_kses_js_entities($string);
    526526    $string = wp_kses_normalize_entities($string);
     
    10451045 *
    10461046 * @param string $string
     1047 * @param array $options Set 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'.
    10471048 * @return string
    10481049 */
    1049 function wp_kses_no_null($string) {
    1050     $string = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $string);
    1051     $string = preg_replace('/(\\\\0)+/', '', $string);
     1050function wp_kses_no_null( $string, $options = null ) {
     1051    if ( ! isset( $options['slash_zero'] ) ) {
     1052        $options = array( 'slash_zero' => 'remove' );
     1053    }
     1054
     1055    $string = preg_replace( '/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $string );
     1056    if ( 'remove' == $options['slash_zero'] ) {
     1057        $string = preg_replace( '/\\\\+0+/', '', $string );
     1058    }
    10521059
    10531060    return $string;
Note: See TracChangeset for help on using the changeset viewer.