sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow usage of angle brackets in a site title or tagline.

Browse Source 
The whole string is escaped with `esc_html()` anyway, so we don't
need to `wp_kses_post()`. This is a better experience for users who
want to use angle brackets in their site title or description.
Does not allow any HTML, adds unit tests.

props BandonRandon, pauldewouters.
fixes #27942.


git-svn-id: https://develop.svn.wordpress.org/trunk@35788 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Konstantin Kovshenin 2015-12-06 20:28:26 +00:00
parent 800971f2fd
commit 1aa7dda524
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/wp-includes/formatting.php
View File

@ -3706,7 +3706,6 @@ function sanitize_option( $option, $value ) {
if ( is_wp_error( $value ) ) { if ( is_wp_error( $value ) ) {
$error = $value->get_error_message(); $error = $value->get_error_message();
} else { } else {
$value = wp_kses_post( $value );
$value = esc_html( $value ); $value = esc_html( $value );
} }
break; break;

39
tests/phpunit/tests/formatting/BlogInfo.php
View File

@ -31,4 +31,43 @@ class Tests_Formatting_BlogInfo extends WP_UnitTestCase {
array( 'pt_PT_ao1990', 'pt-PT-ao1990' ), array( 'pt_PT_ao1990', 'pt-PT-ao1990' ),
); );
} }
/**
* @ticket 27942
*/
function test_bloginfo_sanitize_option() {
$old_values = array(
'blogname' => get_option( 'blogname' ),
'blogdescription' => get_option( 'blogdescription' ),
);
$values = array(
'foo' => 'foo',
'<em>foo</em>' => '&lt;em&gt;foo&lt;/em&gt;',
'<script>foo</script>' => '&lt;script&gt;foo&lt;/script&gt;',
'&lt;foo&gt;' => '&lt;foo&gt;',
'<foo' => '&lt;foo',
);
foreach ( $values as $value => $expected ) {
$sanitized_value = sanitize_option( 'blogname', $value );
update_option( 'blogname', $sanitized_value );
$this->assertEquals( $expected, $sanitized_value );
$this->assertEquals( $expected, get_bloginfo( 'name' ) );
$this->assertEquals( $expected, get_bloginfo( 'name', 'display' ) );
$sanitized_value = sanitize_option( 'blogdescription', $value );
update_option( 'blogdescription', $sanitized_value );
$this->assertEquals( $expected, $sanitized_value );
$this->assertEquals( $expected, get_bloginfo( 'description' ) );
$this->assertEquals( $expected, get_bloginfo( 'description', 'display' ) );
}
// Restore old values.
foreach ( $old_values as $option_name => $value ) {
update_option( $option_name, $value );
}
}
} }