Revert [32851] and [32850] for now, tl;dr encoding issues.
See #17780. git-svn-id: https://develop.svn.wordpress.org/trunk@33148 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor
parent
29e0f5c3b7
commit
a9874b9416
|
|
@ -751,13 +751,24 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals
|
|||
$quote_style = ENT_NOQUOTES;
|
||||
}
|
||||
|
||||
if ( ! $double_encode ) {
|
||||
// Guarantee every &entity; is valid, convert &garbage; into &garbage;
|
||||
// This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
|
||||
$string = wp_kses_normalize_entities( $string );
|
||||
}
|
||||
// Handle double encoding ourselves
|
||||
if ( $double_encode ) {
|
||||
$string = @htmlspecialchars( $string, $quote_style, $charset );
|
||||
} else {
|
||||
// Decode & into &
|
||||
$string = wp_specialchars_decode( $string, $_quote_style );
|
||||
|
||||
$string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode );
|
||||
// Guarantee every &entity; is valid or re-encode the &
|
||||
$string = wp_kses_normalize_entities( $string );
|
||||
|
||||
// Now re-encode everything except &entity;
|
||||
$string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
|
||||
|
||||
for ( $i = 0, $c = count( $string ); $i < $c; $i += 2 ) {
|
||||
$string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
|
||||
}
|
||||
$string = implode( '', $string );
|
||||
}
|
||||
|
||||
// Backwards compatibility
|
||||
if ( 'single' === $_quote_style )
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ class Tests_Formatting_EscAttr extends WP_UnitTestCase {
|
|||
}
|
||||
|
||||
function test_esc_attr_amp() {
|
||||
$out = esc_attr( 'foo & bar &baz; ' );
|
||||
$this->assertEquals( "foo & bar &baz; ", $out );
|
||||
$out = esc_attr( 'foo & bar &baz; '' );
|
||||
$this->assertEquals( "foo & bar &baz; '", $out );
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ class Tests_Formatting_EscHtml extends WP_UnitTestCase {
|
|||
|
||||
function test_ignores_existing_entities() {
|
||||
$source = '& £ " &';
|
||||
$res = '& £ " &';
|
||||
$res = '& £ " &';
|
||||
$this->assertEquals( $res, esc_html($source) );
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,13 +23,13 @@ class Tests_Formatting_JSEscape extends WP_UnitTestCase {
|
|||
}
|
||||
|
||||
function test_js_escape_amp() {
|
||||
$out = esc_js('foo & bar &baz; ');
|
||||
$this->assertEquals("foo & bar &baz; ", $out);
|
||||
$out = esc_js('foo & bar &baz; '');
|
||||
$this->assertEquals("foo & bar &baz; '", $out);
|
||||
}
|
||||
|
||||
function test_js_escape_quote_entity() {
|
||||
$out = esc_js('foo ' bar ' baz &');
|
||||
$this->assertEquals("foo \\' bar \\' baz &", $out);
|
||||
$this->assertEquals("foo \\' bar \\' baz &", $out);
|
||||
}
|
||||
|
||||
function test_js_no_carriage_return() {
|
||||
|
|
|
|||
|
|
@ -17,10 +17,6 @@ class Tests_Formatting_WPSpecialchars extends WP_UnitTestCase {
|
|||
|
||||
// Allowed entities should be unchanged
|
||||
foreach ( $allowedentitynames as $ent ) {
|
||||
if ( 'apos' == $ent ) {
|
||||
// But for some reason, PHP doesn't allow '
|
||||
continue;
|
||||
}
|
||||
$ent = '&' . $ent . ';';
|
||||
$this->assertEquals( $ent, _wp_specialchars( $ent ) );
|
||||
}
|
||||
|
|
@ -43,58 +39,4 @@ class Tests_Formatting_WPSpecialchars extends WP_UnitTestCase {
|
|||
$this->assertEquals( '"'hello!'"', _wp_specialchars($source, true) );
|
||||
$this->assertEquals( $source, _wp_specialchars($source) );
|
||||
}
|
||||
|
||||
/**
|
||||
* Check some of the double-encoding features for entity references.
|
||||
*
|
||||
* @ticket 17780
|
||||
* @dataProvider data_double_encoding
|
||||
*/
|
||||
function test_double_encoding( $input, $output ) {
|
||||
return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) );
|
||||
}
|
||||
|
||||
function data_double_encoding() {
|
||||
return array(
|
||||
array(
|
||||
'This & that, this & that, — " " Ú " " " " " $ ×',
|
||||
'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
|
||||
),
|
||||
array(
|
||||
'&& && && &;',
|
||||
'&& &&amp; &amp;&amp; &amp;;',
|
||||
),
|
||||
array(
|
||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check some of the double-encoding features for entity references.
|
||||
*
|
||||
* @ticket 17780
|
||||
* @dataProvider data_no_double_encoding
|
||||
*/
|
||||
function test_no_double_encoding( $input, $output ) {
|
||||
return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) );
|
||||
}
|
||||
|
||||
function data_no_double_encoding() {
|
||||
return array(
|
||||
array(
|
||||
'This & that, this & that, — " " Ú " " " " " $ ×',
|
||||
'This & that, this & that, — " &QUOT; Ú " " " " " &dollar; ×',
|
||||
),
|
||||
array(
|
||||
'&& && && &;',
|
||||
'&& && && &;',
|
||||
),
|
||||
array(
|
||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
||||
),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue