Changeset 48072
- Timestamp:
- 06/17/2020 03:22:49 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 28 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpcs.xml.dist
r48036 r48072 248 248 <element value="WP_Import_UnitTestCase"/> 249 249 <element value="Tests_Query_Conditionals"/> 250 <element value="WP_Test_XML_TestCase"/> 250 251 251 252 <!-- Mock classes. --> -
trunk/src/wp-includes/canonical.php
r48026 r48072 508 508 if ( ! empty( $addl_path ) ) { 509 509 $redirect['path'] = trailingslashit( $redirect['path'] ) . $addl_path; 510 } 511 512 // Remove trailing slash for sitemaps requests. 513 if ( ! empty( get_query_var( 'sitemap' ) ) ) { 514 $redirect['path'] = untrailingslashit( $redirect['path'] ); 510 515 } 511 516 … … 652 657 } 653 658 659 // Remove trailing slash for sitemaps requests. 660 if ( ! empty( get_query_var( 'sitemap' ) ) || ! empty( get_query_var( 'sitemap-stylesheet' ) ) ) { 661 $redirect['path'] = untrailingslashit( $redirect['path'] ); 662 } 663 654 664 // Strip multiple slashes out of the URL. 655 665 if ( strpos( $redirect['path'], '//' ) > -1 ) { -
trunk/src/wp-includes/default-filters.php
r47947 r48072 457 457 add_action( 'parse_request', 'rest_api_loaded' ); 458 458 459 // Sitemaps actions. 460 add_action( 'init', 'wp_sitemaps_get_server' ); 461 459 462 /** 460 463 * Filters formerly mixed into wp-includes. -
trunk/src/wp-includes/formatting.php
r48048 r48072 936 936 * 937 937 * @since 1.2.2 938 * @since 5.5.0 `$quote_style` also accepts '`ENT_XML1`. 938 939 * @access private 939 940 * … … 943 944 * @param int|string $quote_style Optional. Converts double quotes if set to ENT_COMPAT, 944 945 * both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. 945 * Also compatible with old values; converting single quotes if set to 'single', 946 * Converts single and double quotes, as well as converting HTML 947 * named entities (that are not also XML named entities) to their 948 * code points if set to ENT_XML1. Also compatible with old values; 949 * converting single quotes if set to 'single', 946 950 * double if set to 'double' or both if otherwise set. 947 951 * Default is ENT_NOQUOTES. … … 965 969 if ( empty( $quote_style ) ) { 966 970 $quote_style = ENT_NOQUOTES; 967 } elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { 971 } elseif ( ENT_XML1 === $quote_style ) { 972 $quote_style = ENT_QUOTES | ENT_XML1; 973 } elseif ( ! in_array( $quote_style, array( ENT_NOQUOTES, ENT_COMPAT, ENT_QUOTES, 'single', 'double' ), true ) ) { 968 974 $quote_style = ENT_QUOTES; 969 975 } … … 995 1001 // Guarantee every &entity; is valid, convert &garbage; into &garbage; 996 1002 // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable. 997 $string = wp_kses_normalize_entities( $string );1003 $string = wp_kses_normalize_entities( $string, ( $quote_style & ENT_XML1 ) ? 'xml' : 'html' ); 998 1004 } 999 1005 … … 4538 4544 4539 4545 /** 4546 * Escaping for XML blocks. 4547 * 4548 * @since 5.5.0 4549 * 4550 * @param string $text Text to escape. 4551 * @return string Escaped text. 4552 */ 4553 function esc_xml( $text ) { 4554 $safe_text = wp_check_invalid_utf8( $text ); 4555 4556 $cdata_regex = '\<\!\[CDATA\[.*?\]\]\>'; 4557 $regex = <<<EOF 4558 / 4559 (?=.*?{$cdata_regex}) # lookahead that will match anything followed by a CDATA Section 4560 (?<non_cdata_followed_by_cdata>(.*?)) # the "anything" matched by the lookahead 4561 (?<cdata>({$cdata_regex})) # the CDATA Section matched by the lookahead 4562 4563 | # alternative 4564 4565 (?<non_cdata>(.*)) # non-CDATA Section 4566 /sx 4567 EOF; 4568 4569 $safe_text = (string) preg_replace_callback( 4570 $regex, 4571 static function( $matches ) { 4572 if ( ! $matches[0] ) { 4573 return ''; 4574 } 4575 4576 if ( ! empty( $matches['non_cdata'] ) ) { 4577 // escape HTML entities in the non-CDATA Section. 4578 return _wp_specialchars( $matches['non_cdata'], ENT_XML1 ); 4579 } 4580 4581 // Return the CDATA Section unchanged, escape HTML entities in the rest. 4582 return _wp_specialchars( $matches['non_cdata_followed_by_cdata'], ENT_XML1 ) . $matches['cdata']; 4583 }, 4584 $safe_text 4585 ); 4586 4587 /** 4588 * Filters a string cleaned and escaped for output in XML. 4589 * 4590 * Text passed to esc_xml() is stripped of invalid or special characters 4591 * before output. HTML named character references are converted to their 4592 * equivalent code points. 4593 * 4594 * @since 5.5.0 4595 * 4596 * @param string $safe_text The text after it has been escaped. 4597 * @param string $text The text prior to being escaped. 4598 */ 4599 return apply_filters( 'esc_xml', $safe_text, $text ); 4600 } 4601 4602 /** 4540 4603 * Escape an HTML tag name. 4541 4604 * -
trunk/src/wp-includes/kses.php
r47892 r48072 48 48 // Ensure that these variables are added to the global namespace 49 49 // (e.g. if using namespaces / autoload in the current PHP environment). 50 global $allowedposttags, $allowedtags, $allowedentitynames ;50 global $allowedposttags, $allowedtags, $allowedentitynames, $allowedxmlentitynames; 51 51 52 52 if ( ! CUSTOM_TAGS ) { … … 705 705 ); 706 706 707 /** 708 * @var string[] $allowedxmlentitynames Array of KSES allowed XML entitity names. 709 * @since 5.5.0 710 */ 711 $allowedxmlnamedentities = array( 712 'amp', 713 'lt', 714 'gt', 715 'apos', 716 'quot', 717 ); 718 707 719 $allowedposttags = array_map( '_wp_add_global_attributes', $allowedposttags ); 708 720 } else { … … 1746 1758 * `AT&T`, `:` to `:`, `&#XYZZY;` to `&#XYZZY;` and so on. 1747 1759 * 1760 * When `$context` is set to 'xml', HTML entities are converted to their code points. For 1761 * example, `AT&T…&#XYZZY;` is converted to `AT&T…&#XYZZY;`. 1762 * 1748 1763 * @since 1.0.0 1749 * 1750 * @param string $string Content to normalize entities. 1764 * @since 5.5.0 Added `$context` parameter. 1765 * 1766 * @param string $string Content to normalize entities. 1767 * @param string $context Context for normalization. Can be either 'html' or 'xml'. 1768 * Default 'html'. 1751 1769 * @return string Content with normalized entities. 1752 1770 */ 1753 function wp_kses_normalize_entities( $string ) {1771 function wp_kses_normalize_entities( $string, $context = 'html' ) { 1754 1772 // Disarm all entities by converting & to & 1755 1773 $string = str_replace( '&', '&', $string ); 1756 1774 1757 1775 // Change back the allowed entities in our entity whitelist. 1758 $string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string ); 1776 if ( 'xml' === $context ) { 1777 $string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string ); 1778 } else { 1779 $string = preg_replace_callback( '/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string ); 1780 } 1759 1781 $string = preg_replace_callback( '/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string ); 1760 1782 $string = preg_replace_callback( '/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string ); … … 1785 1807 $i = $matches[1]; 1786 1808 return ( ! in_array( $i, $allowedentitynames, true ) ) ? "&$i;" : "&$i;"; 1809 } 1810 1811 /** 1812 * Callback for `wp_kses_normalize_entities()` regular expression. 1813 * 1814 * This function only accepts valid named entity references, which are finite, 1815 * case-sensitive, and highly scrutinized by XML validators. HTML named entity 1816 * references are converted to their code points. 1817 * 1818 * @since 5.5.0 1819 * 1820 * @global array $allowedentitynames 1821 * @global array $allowedxmlnamedentities 1822 * 1823 * @param array $matches preg_replace_callback() matches array. 1824 * @return string Correctly encoded entity. 1825 */ 1826 function wp_kses_xml_named_entities( $matches ) { 1827 global $allowedentitynames, $allowedxmlnamedentities; 1828 1829 if ( empty( $matches[1] ) ) { 1830 return ''; 1831 } 1832 1833 $i = $matches[1]; 1834 1835 if ( in_array( $i, $allowedxmlnamedentities, true ) ) { 1836 return "&$i;"; 1837 } elseif ( in_array( $i, $allowedentitynames, true ) ) { 1838 return html_entity_decode( "&$i;", ENT_HTML5 ); 1839 } 1840 1841 return "&$i;"; 1787 1842 } 1788 1843 -
trunk/src/wp-settings.php
r47612 r48072 264 264 require ABSPATH . WPINC . '/rest-api/search/class-wp-rest-search-handler.php'; 265 265 require ABSPATH . WPINC . '/rest-api/search/class-wp-rest-post-search-handler.php'; 266 require ABSPATH . WPINC . '/sitemaps.php'; 267 require ABSPATH . WPINC . '/sitemaps/class-wp-sitemaps.php'; 268 require ABSPATH . WPINC . '/sitemaps/class-wp-sitemaps-index.php'; 269 require ABSPATH . WPINC . '/sitemaps/class-wp-sitemaps-provider.php'; 270 require ABSPATH . WPINC . '/sitemaps/class-wp-sitemaps-registry.php'; 271 require ABSPATH . WPINC . '/sitemaps/class-wp-sitemaps-renderer.php'; 272 require ABSPATH . WPINC . '/sitemaps/class-wp-sitemaps-stylesheet.php'; 273 require ABSPATH . WPINC . '/sitemaps/providers/class-wp-sitemaps-posts.php'; 274 require ABSPATH . WPINC . '/sitemaps/providers/class-wp-sitemaps-taxonomies.php'; 275 require ABSPATH . WPINC . '/sitemaps/providers/class-wp-sitemaps-users.php'; 266 276 require ABSPATH . WPINC . '/class-wp-block-type.php'; 267 277 require ABSPATH . WPINC . '/class-wp-block-styles-registry.php'; -
trunk/tests/phpunit/includes/bootstrap.php
r48059 r48072 154 154 require __DIR__ . '/testcase-ajax.php'; 155 155 require __DIR__ . '/testcase-canonical.php'; 156 require __DIR__ . '/testcase-xml.php'; 156 157 require __DIR__ . '/exceptions.php'; 157 158 require __DIR__ . '/utils.php'; … … 160 161 require __DIR__ . '/class-wp-rest-test-configurable-controller.php'; 161 162 require __DIR__ . '/class-wp-fake-block-type.php'; 163 require __DIR__ . '/class-wp-sitemaps-test-provider.php'; 164 require __DIR__ . '/class-wp-sitemaps-empty-test-provider.php'; 162 165 163 166 /**
Note: See TracChangeset
for help on using the changeset viewer.