Index: src/wp-admin/edit-form-advanced.php
===================================================================
--- src/wp-admin/edit-form-advanced.php (revision 33152)
+++ src/wp-admin/edit-form-advanced.php (working copy)
@@ -494,7 +494,7 @@
$title_placeholder = apply_filters( 'enter_title_here', __( 'Enter title here' ), $post );
?>
-
+
assertEquals( "foo & bar &baz; '", $out );
+ $out = esc_attr( 'foo & bar &baz; ' );
+ $this->assertEquals( "foo & bar &baz; ", $out );
}
}
Index: tests/phpunit/tests/formatting/EscHtml.php
===================================================================
--- tests/phpunit/tests/formatting/EscHtml.php (revision 33152)
+++ tests/phpunit/tests/formatting/EscHtml.php (working copy)
@@ -34,7 +34,7 @@
function test_ignores_existing_entities() {
$source = '& £ " &';
- $res = '& £ " &';
+ $res = '& £ " &';
$this->assertEquals( $res, esc_html($source) );
}
}
Index: tests/phpunit/tests/formatting/JSEscape.php
===================================================================
--- tests/phpunit/tests/formatting/JSEscape.php (revision 33152)
+++ tests/phpunit/tests/formatting/JSEscape.php (working copy)
@@ -23,13 +23,13 @@
}
function test_js_escape_amp() {
- $out = esc_js('foo & bar &baz; '');
- $this->assertEquals("foo & bar &baz; '", $out);
+ $out = esc_js('foo & bar &baz; ');
+ $this->assertEquals("foo & bar &baz; ", $out);
}
function test_js_escape_quote_entity() {
$out = esc_js('foo ' bar ' baz &');
- $this->assertEquals("foo \\' bar \\' baz &", $out);
+ $this->assertEquals("foo \\' bar \\' baz &", $out);
}
function test_js_no_carriage_return() {
Index: tests/phpunit/tests/formatting/WPSpecialchars.php
===================================================================
--- tests/phpunit/tests/formatting/WPSpecialchars.php (revision 33152)
+++ tests/phpunit/tests/formatting/WPSpecialchars.php (working copy)
@@ -17,6 +17,10 @@
// Allowed entities should be unchanged
foreach ( $allowedentitynames as $ent ) {
+ if ( 'apos' == $ent ) {
+ // But for some reason, PHP doesn't allow '
+ continue;
+ }
$ent = '&' . $ent . ';';
$this->assertEquals( $ent, _wp_specialchars( $ent ) );
}
@@ -39,4 +43,58 @@
$this->assertEquals( '"'hello!'"', _wp_specialchars($source, true) );
$this->assertEquals( $source, _wp_specialchars($source) );
}
+
+ /**
+ * Check some of the double-encoding features for entity references.
+ *
+ * @ticket 17780
+ * @dataProvider data_double_encoding
+ */
+ function test_double_encoding( $input, $output ) {
+ return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) );
+ }
+
+ function data_double_encoding() {
+ return array(
+ array(
+ 'This & that, this & that, — " " Ú " " " " " $ ×',
+ 'This & that, this & that, — " " Ú " " " " " $ ×',
+ ),
+ array(
+ '&& && && &;',
+ '&& && && &;',
+ ),
+ array(
+ '&garbage; &***; &aaaa; &0000; &####; &;;',
+ '&garbage; &***; &aaaa; &0000; &####; &;;',
+ ),
+ );
+ }
+
+ /**
+ * Check some of the double-encoding features for entity references.
+ *
+ * @ticket 17780
+ * @dataProvider data_no_double_encoding
+ */
+ function test_no_double_encoding( $input, $output ) {
+ return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) );
+ }
+
+ function data_no_double_encoding() {
+ return array(
+ array(
+ 'This & that, this & that, — " " Ú " " " " " $ ×',
+ 'This & that, this & that, — " " Ú " " " " " $ ×',
+ ),
+ array(
+ '&& && && &;',
+ '&& && && &;',
+ ),
+ array(
+ '&garbage; &***; &aaaa; &0000; &####; &;;',
+ '&garbage; &***; &aaaa; &0000; &####; &;;',
+ ),
+ );
+ }
}