From bf8544d9fa40ff7a22c0556392af7718843383ba Mon Sep 17 00:00:00 2001 From: "Drew Jaynes (DrewAPicture)" Date: Wed, 3 Dec 2014 08:46:31 +0000 Subject: [PATCH] Backtick-escape three sets of HTML entities used in DocBlock descriptions in wp-includes/kses.php. Without the escaping, the Code Reference/browser may inadvertently attempt to convert and display entities. Fixes #30473. git-svn-id: https://develop.svn.wordpress.org/trunk@30720 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/kses.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/wp-includes/kses.php b/src/wp-includes/kses.php index bb180438a8..f3881fbbac 100644 --- a/src/wp-includes/kses.php +++ b/src/wp-includes/kses.php @@ -1172,8 +1172,8 @@ function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) { /** * Converts and fixes HTML entities. * - * This function normalizes HTML entities. It will convert "AT&T" to the correct - * "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on. + * This function normalizes HTML entities. It will convert `AT&T` to the correct + * `AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;` and so on. * * @since 1.0.0 * @@ -1218,8 +1218,8 @@ function wp_kses_named_entities($matches) { /** * Callback for wp_kses_normalize_entities() regular expression. * - * This function helps wp_kses_normalize_entities() to only accept 16-bit values - * and nothing more for &#number; entities. + * This function helps {@see wp_kses_normalize_entities()} to only accept 16-bit + * values and nothing more for `&#number;` entities. * * @access private * @since 1.0.0 @@ -1277,9 +1277,9 @@ function valid_unicode($i) { /** * Convert all entities to their character counterparts. * - * This function decodes numeric HTML entities (A and A). It doesn't do - * anything with other entities like ä, but we don't need them in the URL - * protocol whitelisting system anyway. + * This function decodes numeric HTML entities (`A` and `A`). + * It doesn't do anything with other entities like ä, but we don't + * need them in the URL protocol whitelisting system anyway. * * @since 1.0.0 *