Revert [32851] and [32850] for now, tl;dr encoding issues.
See #17780. git-svn-id: https://develop.svn.wordpress.org/trunk@33148 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
29e0f5c3b7
commit
a9874b9416
|
@ -751,13 +751,24 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals
|
||||||
$quote_style = ENT_NOQUOTES;
|
$quote_style = ENT_NOQUOTES;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! $double_encode ) {
|
// Handle double encoding ourselves
|
||||||
// Guarantee every &entity; is valid, convert &garbage; into &garbage;
|
if ( $double_encode ) {
|
||||||
// This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
|
$string = @htmlspecialchars( $string, $quote_style, $charset );
|
||||||
$string = wp_kses_normalize_entities( $string );
|
} else {
|
||||||
}
|
// Decode & into &
|
||||||
|
$string = wp_specialchars_decode( $string, $_quote_style );
|
||||||
|
|
||||||
$string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode );
|
// Guarantee every &entity; is valid or re-encode the &
|
||||||
|
$string = wp_kses_normalize_entities( $string );
|
||||||
|
|
||||||
|
// Now re-encode everything except &entity;
|
||||||
|
$string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
|
||||||
|
|
||||||
|
for ( $i = 0, $c = count( $string ); $i < $c; $i += 2 ) {
|
||||||
|
$string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
|
||||||
|
}
|
||||||
|
$string = implode( '', $string );
|
||||||
|
}
|
||||||
|
|
||||||
// Backwards compatibility
|
// Backwards compatibility
|
||||||
if ( 'single' === $_quote_style )
|
if ( 'single' === $_quote_style )
|
||||||
|
|
|
@ -26,7 +26,7 @@ class Tests_Formatting_EscAttr extends WP_UnitTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_esc_attr_amp() {
|
function test_esc_attr_amp() {
|
||||||
$out = esc_attr( 'foo & bar &baz; ' );
|
$out = esc_attr( 'foo & bar &baz; '' );
|
||||||
$this->assertEquals( "foo & bar &baz; ", $out );
|
$this->assertEquals( "foo & bar &baz; '", $out );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,7 @@ class Tests_Formatting_EscHtml extends WP_UnitTestCase {
|
||||||
|
|
||||||
function test_ignores_existing_entities() {
|
function test_ignores_existing_entities() {
|
||||||
$source = '& £ " &';
|
$source = '& £ " &';
|
||||||
$res = '& £ " &';
|
$res = '& £ " &';
|
||||||
$this->assertEquals( $res, esc_html($source) );
|
$this->assertEquals( $res, esc_html($source) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,13 +23,13 @@ class Tests_Formatting_JSEscape extends WP_UnitTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_js_escape_amp() {
|
function test_js_escape_amp() {
|
||||||
$out = esc_js('foo & bar &baz; ');
|
$out = esc_js('foo & bar &baz; '');
|
||||||
$this->assertEquals("foo & bar &baz; ", $out);
|
$this->assertEquals("foo & bar &baz; '", $out);
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_js_escape_quote_entity() {
|
function test_js_escape_quote_entity() {
|
||||||
$out = esc_js('foo ' bar ' baz &');
|
$out = esc_js('foo ' bar ' baz &');
|
||||||
$this->assertEquals("foo \\' bar \\' baz &", $out);
|
$this->assertEquals("foo \\' bar \\' baz &", $out);
|
||||||
}
|
}
|
||||||
|
|
||||||
function test_js_no_carriage_return() {
|
function test_js_no_carriage_return() {
|
||||||
|
|
|
@ -17,10 +17,6 @@ class Tests_Formatting_WPSpecialchars extends WP_UnitTestCase {
|
||||||
|
|
||||||
// Allowed entities should be unchanged
|
// Allowed entities should be unchanged
|
||||||
foreach ( $allowedentitynames as $ent ) {
|
foreach ( $allowedentitynames as $ent ) {
|
||||||
if ( 'apos' == $ent ) {
|
|
||||||
// But for some reason, PHP doesn't allow '
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
$ent = '&' . $ent . ';';
|
$ent = '&' . $ent . ';';
|
||||||
$this->assertEquals( $ent, _wp_specialchars( $ent ) );
|
$this->assertEquals( $ent, _wp_specialchars( $ent ) );
|
||||||
}
|
}
|
||||||
|
@ -43,58 +39,4 @@ class Tests_Formatting_WPSpecialchars extends WP_UnitTestCase {
|
||||||
$this->assertEquals( '"'hello!'"', _wp_specialchars($source, true) );
|
$this->assertEquals( '"'hello!'"', _wp_specialchars($source, true) );
|
||||||
$this->assertEquals( $source, _wp_specialchars($source) );
|
$this->assertEquals( $source, _wp_specialchars($source) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Check some of the double-encoding features for entity references.
|
|
||||||
*
|
|
||||||
* @ticket 17780
|
|
||||||
* @dataProvider data_double_encoding
|
|
||||||
*/
|
|
||||||
function test_double_encoding( $input, $output ) {
|
|
||||||
return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, true ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
function data_double_encoding() {
|
|
||||||
return array(
|
|
||||||
array(
|
|
||||||
'This & that, this & that, — " " Ú " " " " " $ ×',
|
|
||||||
'This & that, this &amp; that, &#8212; &quot; &QUOT; &Uacute; &nbsp; &#34; &#034; &#0034; &#x00022; &#x22; &dollar; &times;',
|
|
||||||
),
|
|
||||||
array(
|
|
||||||
'&& && && &;',
|
|
||||||
'&& &&amp; &amp;&amp; &amp;;',
|
|
||||||
),
|
|
||||||
array(
|
|
||||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
|
||||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
|
||||||
),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check some of the double-encoding features for entity references.
|
|
||||||
*
|
|
||||||
* @ticket 17780
|
|
||||||
* @dataProvider data_no_double_encoding
|
|
||||||
*/
|
|
||||||
function test_no_double_encoding( $input, $output ) {
|
|
||||||
return $this->assertEquals( $output, _wp_specialchars( $input, ENT_NOQUOTES, false, false ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
function data_no_double_encoding() {
|
|
||||||
return array(
|
|
||||||
array(
|
|
||||||
'This & that, this & that, — " " Ú " " " " " $ ×',
|
|
||||||
'This & that, this & that, — " &QUOT; Ú " " " " " &dollar; ×',
|
|
||||||
),
|
|
||||||
array(
|
|
||||||
'&& && && &;',
|
|
||||||
'&& && && &;',
|
|
||||||
),
|
|
||||||
array(
|
|
||||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
|
||||||
'&garbage; &***; &aaaa; &0000; &####; &;;',
|
|
||||||
),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue