From f8a2a5ca31007ac252847bd263ef144c0d275c1b Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Wed, 10 Mar 2010 18:45:28 +0000 Subject: [PATCH] Fix numeric entity logic in kses. Props miqrogroove. see #12284 git-svn-id: https://develop.svn.wordpress.org/trunk@13648 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/kses.php | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/wp-includes/kses.php b/wp-includes/kses.php index c6bf57a847..d0f6d6c523 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -996,8 +996,8 @@ function wp_kses_normalize_entities($string) { # Change back the allowed entities in our entity whitelist $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string); - $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); - $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); + $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string); + $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string); return $string; } @@ -1040,7 +1040,14 @@ function wp_kses_normalize_entities2($matches) { return ''; $i = $matches[1]; - return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); + if (valid_unicode($i)) { + $i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT); + $i = "&#$i;"; + } else { + $i = "&#$i;"; + } + + return $i; } /** @@ -1055,11 +1062,11 @@ function wp_kses_normalize_entities2($matches) { * @return string Correctly encoded entity */ function wp_kses_normalize_entities3($matches) { - if ( empty($matches[2]) ) + if ( empty($matches[1]) ) return ''; - $hexchars = $matches[2]; - return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); + $hexchars = $matches[1]; + return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' ); } /**