Fix using htmlspecialchars() whit the $double_encode parameter. PHP < 5.4 doesn't validate the entities.

Props miqrogroove. Fixes #17780.
Built from https://develop.svn.wordpress.org/trunk@32851


git-svn-id: http://core.svn.wordpress.org/trunk@32822 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Ozz 2015-06-19 01:53:26 +00:00
parent d8c93a081d
commit 503b80be0b
2 changed files with 7 additions and 1 deletions

View File

@ -688,6 +688,12 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals
$quote_style = ENT_NOQUOTES;
}
if ( ! $double_encode ) {
// Guarantee every &entity; is valid, convert &garbage; into &amp;garbage;
// This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable.
$string = wp_kses_normalize_entities( $string );
}
$string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode );
// Backwards compatibility

View File

@ -4,7 +4,7 @@
*
* @global string $wp_version
*/
$wp_version = '4.3-alpha-32850';
$wp_version = '4.3-alpha-32851';
/**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.