Make WordPress Core


Ignore:
Timestamp:
09/14/2015 10:48:50 PM (9 years ago)
Author:
nbachiyski
Message:

Shortcodes: don't allow unclosed HTML elements in attributes

Merges [34134] for 3.8 branch

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.8/src/wp-includes/media.php

    r26589 r34149  
    635635            $attr['caption'] = trim( $matches[2] );
    636636        }
     637    } elseif ( strpos( $attr['caption'], '<' ) !== false ) {
     638        $attr['caption'] = wp_kses( $attr['caption'], 'post' );
    637639    }
    638640
Note: See TracChangeset for help on using the changeset viewer.