Opened 5 years ago
Closed 5 years ago
#9955 closed defect (bug) (fixed)
Missing preg_quote parameters
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 2.8.1 | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | has-patch commit early |
| Focuses: | Cc: |
Description
Found this while investigating a bug in a plugin.
when the second argument is null, preg_quote() assumes the regexp is wrapped around {}. But WP occasionally uses it with / wrappers.
Attachments (1)
Change History (12)
comment:1
Denis-de-Bernardy
— 5 years ago
- Keywords has-patch needs-testing added
Denis-de-Bernardy
— 5 years ago
comment:2
Denis-de-Bernardy
— 5 years ago
- Keywords early added
- Milestone changed from 2.8 to 2.9
comment:3
Denis-de-Bernardy
— 5 years ago
- Keywords needs-review added; needs-testing removed
still applies clean
comment:4
Denis-de-Bernardy
— 5 years ago
- Keywords commit added; needs-review removed
closed #10144 as dup
comment:5
jdub
— 5 years ago
I'd really urge you to consider this patch as a bugfix for 2.8.1 (I reported the dupe). Thanks.
comment:8
ryan
— 5 years ago
I went ahead and committed the simple cases for 2.8.1. I want to test the shortcodes.php one a bit more.
comment:9
Denis-de-Bernardy
— 5 years ago
cool. the one for shortcodes is unneeded if we change add_shortcode() to use:
if ( is_callable($func) ) $shortcode_tags[$tag] = $func;
to something like:
$tag = sanitize_title($tag); if ( is_callable($func) ) $shortcode_tags[$tag] = $func;
comment:10
azaozz
— 5 years ago
Also the last two in xmlrpc.php L:3303 and L:3325 seem unneeded as preg_quote() escapes | (pipe) by default http://us2.php.net/manual/en/function.preg-quote.php
comment:11
Denis-de-Bernardy
— 5 years ago
- Milestone changed from 2.9 to 2.8.1
- Resolution set to fixed
- Status changed from new to closed
good point. in this case, the one for shortcodes isn't needed either, and we can close as fixed.
I ignored snoopy, presuming it was obsolete anyway.
Patch needs some testing.