Make WordPress Core

Opened 10 years ago

Closed 8 years ago

#20927 closed defect (bug) (invalid)

Ampersand inside HTML comment causes wp_insert_post to loop infinitely

Reported by: jpayette Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.2
Component: General Keywords: close
Focuses: Cc:


I'm encountering an issue with wp_insert_post where, when the post_content contains an HTML comment containing an ampersand (ie, "<!-- & -->"), wp_insert_post seems to be getting stuck in an infinite loop. As far as I can tell, it is endless escaping the & into &amp; over and over.

I've attached a small script that reproduces this error; you need to replace the HTTP_HOST and the path to wp-load.php to reflect your own machine for it to run. I've reproduced this issue on two different machines, both running Ubuntu 12.04, one on Wordpress 3.3.1 and the other on Wordpress 3.3.2.

The most bizarre thing about this issue, to me, is if you move the contents of the includeFiles() function out of the function and into the main body of the script, the issue no longer occurs. Somehow, including wp-load.php from a function is causing the infinite loop.

Attachments (1)

CommentAmpersandLoop.php (209 bytes) - added by jpayette 10 years ago.

Download all attachments as: .zip

Change History (7)

#1 @jpayette
10 years ago

Just tried it on Wordpress 3.4; the issue still occurs.

#2 @nacin
10 years ago

I was surprised to confirm this, but indeed. The loop occurs in wp_kses_named_entities(). The issue is because the global in there is not set, and in_array() spins for eternity.

WordPress is not currently designed to be included from within a function, which is your problem, as it sets an awful number of globals, and does not make an attempt to ensure that a number of them are indeed operating in the global namespace explicitly. If you just include wp-load.php in global scope, everything will be fine.

If you wanted to do this, you can also use something like get_defined_vars() and extract everything into the global namespace on your own.

#3 @jpayette
10 years ago

Thanks for the explanation; what you're saying makes sense. I'll restructure my code to make sure wp-load.php is included from the global scope.

#4 @leewillis77
8 years ago

  • Keywords close added

#5 @leewillis77
8 years ago

I'd recommend that this can be closed since it doesn't seem to be a bug in WP when used in normal use - only when being bootstrapped manually in non-global scope.

#6 @helen
8 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.