Changeset 34745 for trunk/src/wp-includes/shortcodes.php

Timestamp:

10/01/2015 05:33:58 PM (10 years ago)

Author:

wonderboymusic

Message:

Shortcodes: prevent registration of invalid shortcode names.

Adds unit tests.

Props miqrogroove.
Fixes #34090.

File:

• trunk/src/wp-includes/shortcodes.php (modified) (1 diff)

trunk/src/wp-includes/shortcodes.php

@@ -89 +89 @@
 function add_shortcode($tag, $func) {
     global $shortcode_tags;
+
+    if ( '' == trim( $tag ) ) {
+        $message = __( 'Invalid shortcode name.  Empty name given.' );
+        _doing_it_wrong( __FUNCTION__, $message, '4.4.0' );
+        return;
+    }
+
+    if ( 0 !== preg_match( '@[<>&/\[\]\x00-\x20]@', $tag ) ) {
+        $message = sprintf( __( 'Invalid shortcode name: %s  Do not use spaces or reserved chars: & / < > [ ]' ), $tag );
+        _doing_it_wrong( __FUNCTION__, $message, '4.4.0' );
+        return;
+    }
+
     $shortcode_tags[ $tag ] = $func;
 }