WordPress.org

Make WordPress Core

Changeset 33148


Ignore:
Timestamp:
07/09/2015 08:55:26 PM (6 years ago)
Author:
wonderboymusic
Message:

Revert [32851] and [32850] for now, tl;dr encoding issues.

See #17780.

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r33064 r33148  
    752752    }
    753753
    754     if ( ! $double_encode ) {
    755         // Guarantee every &entity; is valid, convert &garbage; into &garbage;
    756         // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
     754    // Handle double encoding ourselves
     755    if ( $double_encode ) {
     756        $string = @htmlspecialchars( $string, $quote_style, $charset );
     757    } else {
     758        // Decode &amp; into &
     759        $string = wp_specialchars_decode( $string, $_quote_style );
     760
     761        // Guarantee every &entity; is valid or re-encode the &
    757762        $string = wp_kses_normalize_entities( $string );
    758     }
    759 
    760     $string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode );
     763
     764        // Now re-encode everything except &entity;
     765        $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
     766
     767        for ( $i = 0, $c = count( $string ); $i < $c; $i += 2 ) {
     768            $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
     769        }
     770        $string = implode( '', $string );
     771    }
    761772
    762773    // Backwards compatibility
  • trunk/tests/phpunit/tests/formatting/EscAttr.php

    r32850 r33148  
    2727
    2828    function test_esc_attr_amp() {
    29         $out = esc_attr( 'foo & bar &baz; &nbsp;' );
    30         $this->assertEquals( "foo &amp; bar &amp;baz; &nbsp;", $out );
     29        $out = esc_attr( 'foo & bar &baz; &apos;' );
     30        $this->assertEquals( "foo &amp; bar &amp;baz; &apos;", $out );
    3131    }
    3232}
  • trunk/tests/phpunit/tests/formatting/EscHtml.php

    r32851 r33148  
    3535    function test_ignores_existing_entities() {
    3636        $source = '&#038; &#x00A3; &#x22; &amp;';
    37         $res = '&#038; &#xA3; &#x22; &amp;';
     37        $res = '&amp; &#xA3; &quot; &amp;';
    3838        $this->assertEquals( $res, esc_html($source) );
    3939    }
  • trunk/tests/phpunit/tests/formatting/JSEscape.php

    r32850 r33148  
    2424
    2525    function test_js_escape_amp() {
    26         $out = esc_js('foo & bar &baz; &nbsp;');
    27         $this->assertEquals("foo &amp; bar &amp;baz; &nbsp;", $out);
     26        $out = esc_js('foo & bar &baz; &apos;');
     27        $this->assertEquals("foo &amp; bar &amp;baz; &apos;", $out);
    2828    }
    2929
    3030    function test_js_escape_quote_entity() {
    3131        $out = esc_js('foo &#x27; bar &#39; baz &#x26;');
    32         $this->assertEquals("foo \\' bar \\' baz &#x26;", $out);
     32        $this->assertEquals("foo \\' bar \\' baz &amp;", $out);
    3333    }
    3434
  • trunk/tests/phpunit/tests/formatting/WPSpecialchars.php

    r32851 r33148  
    1818        // Allowed entities should be unchanged
    1919        foreach ( $allowedentitynames as $ent ) {
    20             if ( 'apos' == $ent ) {
    21                 // But for some reason, PHP doesn't allow &apos;
    22                 continue;
    23             }
    2420            $ent = '&' . $ent . ';';
    2521            $this->assertEquals( $ent, _wp_specialchars( $ent ) );
     
    4440        $this->assertEquals( $source, _wp_specialchars($source) );
    4541    }
    46 
    47     /**
    48      * Check some of the double-encoding features for entity references.
    49      *
    50      * @ticket 17780
    51      * @dataProvider data_double_encoding
    52      */
    53     function test_double_encoding( $input, $output ) {
    54         return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) );
    55     }
    56 
    57     function data_double_encoding() {
    58         return array(
    59             array(
    60                 'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
    61                 'This &amp; that, this &amp;amp; that, &amp;#8212; &amp;quot; &amp;QUOT; &amp;Uacute; &amp;nbsp; &amp;#34; &amp;#034; &amp;#0034; &amp;#x00022; &amp;#x22; &amp;dollar; &amp;times;',
    62             ),
    63             array(
    64                 '&& &&amp; &amp;&amp; &amp;;',
    65                 '&amp;&amp; &amp;&amp;amp; &amp;amp;&amp;amp; &amp;amp;;',
    66             ),
    67             array(
    68                 '&garbage; &***; &aaaa; &0000; &####; &;;',
    69                 '&amp;garbage; &amp;***; &amp;aaaa; &amp;0000; &amp;####; &amp;;;',
    70             ),
    71         );
    72     }
    73 
    74     /**
    75      * Check some of the double-encoding features for entity references.
    76      *
    77      * @ticket 17780
    78      * @dataProvider data_no_double_encoding
    79      */
    80     function test_no_double_encoding( $input, $output ) {
    81         return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) );
    82     }
    83 
    84     function data_no_double_encoding() {
    85         return array(
    86             array(
    87                 'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
    88                 'This &amp; that, this &amp; that, &#8212; &quot; &amp;QUOT; &Uacute; &nbsp; &#034; &#034; &#034; &#x22; &#x22; &amp;dollar; &times;',
    89             ),
    90             array(
    91                 '&& &&amp; &amp;&amp; &amp;;',
    92                 '&amp;&amp; &amp;&amp; &amp;&amp; &amp;;',
    93             ),
    94             array(
    95                 '&garbage; &***; &aaaa; &0000; &####; &;;',
    96                 '&amp;garbage; &amp;***; &amp;aaaa; &amp;0000; &amp;####; &amp;;;',
    97             ),
    98         );
    99     }
    10042}
Note: See TracChangeset for help on using the changeset viewer.