WordPress.org

Make WordPress Core

Opened 11 years ago

Closed 10 years ago

#9270 closed enhancement (wontfix)

force_balance_tags() gets mixed up with < and numbers

Reported by: feedr Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.7.1
Component: Formatting Keywords: has-patch needs-review close
Focuses: Cc:
PR Number:

Description

The function mentioned above (in formatting.php) will produce incorrect output when the entered text contains < followed by a number.
If you enter "3 < 5 here may be some text <a href="#">and a link</a> and some more text", the closing </a> will be omitted.
The problem here is the regex <(\/?\w*)\s*([>]*)>. When changed to <(\/?\w+)\s*([>]*)> the output will be as expected.

Attachments (2)

9270.diff (536 bytes) - added by Denis-de-Bernardy 11 years ago.
9270.2.diff (678 bytes) - added by Denis-de-Bernardy 10 years ago.

Download all attachments as: .zip

Change History (15)

#1 @feedr
11 years ago

Edit: WikiFormatting got messed up

Old regex:

<(\/?\w*)\s*([^>]*)>

New regex:

<(\/?\w+)\s*([^>]*)>

#2 @Viper007Bond
11 years ago

  • Component changed from Administration to General
  • Keywords has-patch added

Doesn't have a patch per se, but it does have a fix. :)

#3 @FFEMTcJ
11 years ago

  • Milestone changed from Unassigned to 2.8

#4 @ryan
11 years ago

  • Component changed from General to Formatting
  • Owner anonymous deleted

#5 @Denis-de-Bernardy
11 years ago

  • Keywords needs-testing added

#6 @Denis-de-Bernardy
11 years ago

  • Keywords 2nd-opinion added

Patch should even allow things like foo < bar, provided that a space follows the <.

The "real" issue, however, is not fixed. That < should get turned into (or be written from the onset as) &lt;.

#7 @Denis-de-Bernardy
11 years ago

  • Keywords dev-feedback added

#8 @Denis-de-Bernardy
11 years ago

  • Keywords needs-patch added; has-patch needs-testing dev-feedback removed
  • Milestone changed from 2.8 to Future Release

patching this can potentially introduce issues like foo < script src=evil.js

punting to future.

#9 @Denis-de-Bernardy
11 years ago

  • Milestone changed from Future Release to 2.9

#10 @Denis-de-Bernardy
10 years ago

  • Keywords has-patch needs-review added; needs-patch 2nd-opinion removed

#11 follow-up: @Denis-de-Bernardy
10 years ago

  • Keywords close added

This should probably be closed as wontfix, imo. There's far too much potential to break things here, no matter what the solution we try.

#12 @ryan
10 years ago

  • Milestone changed from 2.9 to 3.0

#13 in reply to: ↑ 11 @scribu
10 years ago

  • Milestone 3.0 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Replying to Denis-de-Bernardy:

This should probably be closed as wontfix, imo. There's far too much potential to break things here, no matter what the solution we try.

Agreed.

What if I want to write 3<5 (without the spaces)?

What if I have a variable 'a' and I need to write 3<a ?

The correct way to write it would be 3&lt;a.

Note: See TracTickets for help on using tickets.