Changeset 33148
- Timestamp:
- 07/09/2015 08:55:26 PM (10 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/formatting.php
r33064 r33148 752 752 } 753 753 754 if ( ! $double_encode ) { 755 // Guarantee every &entity; is valid, convert &garbage; into &garbage; 756 // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable. 754 // Handle double encoding ourselves 755 if ( $double_encode ) { 756 $string = @htmlspecialchars( $string, $quote_style, $charset ); 757 } else { 758 // Decode & into & 759 $string = wp_specialchars_decode( $string, $_quote_style ); 760 761 // Guarantee every &entity; is valid or re-encode the & 757 762 $string = wp_kses_normalize_entities( $string ); 758 } 759 760 $string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode ); 763 764 // Now re-encode everything except &entity; 765 $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE ); 766 767 for ( $i = 0, $c = count( $string ); $i < $c; $i += 2 ) { 768 $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset ); 769 } 770 $string = implode( '', $string ); 771 } 761 772 762 773 // Backwards compatibility -
trunk/tests/phpunit/tests/formatting/EscAttr.php
r32850 r33148 27 27 28 28 function test_esc_attr_amp() { 29 $out = esc_attr( 'foo & bar &baz; & nbsp;' );30 $this->assertEquals( "foo & bar &baz; & nbsp;", $out );29 $out = esc_attr( 'foo & bar &baz; '' ); 30 $this->assertEquals( "foo & bar &baz; '", $out ); 31 31 } 32 32 } -
trunk/tests/phpunit/tests/formatting/EscHtml.php
r32851 r33148 35 35 function test_ignores_existing_entities() { 36 36 $source = '& £ " &'; 37 $res = '& #038; £ " &';37 $res = '& £ " &'; 38 38 $this->assertEquals( $res, esc_html($source) ); 39 39 } -
trunk/tests/phpunit/tests/formatting/JSEscape.php
r32850 r33148 24 24 25 25 function test_js_escape_amp() { 26 $out = esc_js('foo & bar &baz; & nbsp;');27 $this->assertEquals("foo & bar &baz; & nbsp;", $out);26 $out = esc_js('foo & bar &baz; ''); 27 $this->assertEquals("foo & bar &baz; '", $out); 28 28 } 29 29 30 30 function test_js_escape_quote_entity() { 31 31 $out = esc_js('foo ' bar ' baz &'); 32 $this->assertEquals("foo \\' bar \\' baz & #x26;", $out);32 $this->assertEquals("foo \\' bar \\' baz &", $out); 33 33 } 34 34 -
trunk/tests/phpunit/tests/formatting/WPSpecialchars.php
r32851 r33148 18 18 // Allowed entities should be unchanged 19 19 foreach ( $allowedentitynames as $ent ) { 20 if ( 'apos' == $ent ) {21 // But for some reason, PHP doesn't allow '22 continue;23 }24 20 $ent = '&' . $ent . ';'; 25 21 $this->assertEquals( $ent, _wp_specialchars( $ent ) ); … … 44 40 $this->assertEquals( $source, _wp_specialchars($source) ); 45 41 } 46 47 /**48 * Check some of the double-encoding features for entity references.49 *50 * @ticket 1778051 * @dataProvider data_double_encoding52 */53 function test_double_encoding( $input, $output ) {54 return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) );55 }56 57 function data_double_encoding() {58 return array(59 array(60 'This & that, this & that, — " " Ú " " " " " $ ×',61 'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',62 ),63 array(64 '&& && && &;',65 '&& &&amp; &amp;&amp; &amp;;',66 ),67 array(68 '&garbage; &***; &aaaa; &0000; &####; &;;',69 '&garbage; &***; &aaaa; &0000; &####; &;;',70 ),71 );72 }73 74 /**75 * Check some of the double-encoding features for entity references.76 *77 * @ticket 1778078 * @dataProvider data_no_double_encoding79 */80 function test_no_double_encoding( $input, $output ) {81 return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) );82 }83 84 function data_no_double_encoding() {85 return array(86 array(87 'This & that, this & that, — " " Ú " " " " " $ ×',88 'This & that, this & that, — " &QUOT; Ú " " " " " &dollar; ×',89 ),90 array(91 '&& && && &;',92 '&& && && &;',93 ),94 array(95 '&garbage; &***; &aaaa; &0000; &####; &;;',96 '&garbage; &***; &aaaa; &0000; &####; &;;',97 ),98 );99 }100 42 }
Note: See TracChangeset
for help on using the changeset viewer.