Entitize lone less-than characters. Props mdawaffe. fixes #4409

git-svn-id: http://svn.automattic.com/wordpress/trunk@5783 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/default-filters.php

@@ -12,6 +12,7 @@ add_filter('the_title', 'wptexturize');
 add_filter('the_content', 'wptexturize');
 add_filter('the_excerpt', 'wptexturize');
 add_filter('bloginfo', 'wptexturize');
+add_filter('pre_kses', 'wp_pre_kses_less_than');
 
 // Comments, trackbacks, pingbacks
 add_filter('pre_comment_author_name', 'strip_tags');

wp-includes/formatting.php

@@ -1195,4 +1195,15 @@ function wp_parse_str( $string, &$array ) {
 	$array = apply_filters( 'wp_parse_str', $array );
 }
 
+// Convert lone less than signs.  KSES already converts lone greater than signs.
+function wp_pre_kses_less_than( $text ) {
+	return preg_replace_callback('%<[^>]*?((?=<)|>|$)%', 'wp_pre_kses_less_than_callback', $text);
+}
+
+function wp_pre_kses_less_than_callback( $matches ) {
+	if ( false === strpos($matches[0], '>') )
+		return wp_specialchars($matches[0]);
+	return $matches[0];
+}
+
 ?>

wp-includes/kses.php

@@ -230,16 +230,17 @@ function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'ht
 	$string = wp_kses_no_null($string);
 	$string = wp_kses_js_entities($string);
 	$string = wp_kses_normalize_entities($string);
-	$string = wp_kses_hook($string);
 	$allowed_html_fixed = wp_kses_array_lc($allowed_html);
+	$string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
 	return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
 } # function wp_kses
 
-function wp_kses_hook($string)
+function wp_kses_hook($string, $allowed_html, $allowed_protocols)
 ###############################################################################
 # You add any kses hooks here.
 ###############################################################################
 {
+	$string = apply_filters( 'pre_kses', $string );
 	return $string;
 } # function wp_kses_hook