Fix using htmlspecialchars() whit the $double_encode parameter. PHP < 5.4 doesn't validate the entities.

Props miqrogroove. Fixes #17780. Built from https://develop.svn.wordpress.org/trunk@32851 git-svn-id: http://core.svn.wordpress.org/trunk@32822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-06-24 13:54:59 +02:00 · 2015-06-19 01:53:26 +00:00 · 2015-06-19 01:53:26 +00:00 · 503b80be0b
commit 503b80be0b
parent d8c93a081d
2 changed files with 7 additions and 1 deletions
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@ -688,6 +688,12 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals
 		$quote_style = ENT_NOQUOTES;
 	}

+	if ( ! $double_encode ) {
+		// Guarantee every &entity; is valid, convert &garbage; into &amp;garbage;
+		// This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
+		$string = wp_kses_normalize_entities( $string );
+	}
+
 	$string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode );

 	// Backwards compatibility
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -4,7 +4,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '4.3-alpha-32850';
+$wp_version = '4.3-alpha-32851';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.