Fix numeric entity logic in kses. Props miqrogroove. see #12284

git-svn-id: http://svn.automattic.com/wordpress/trunk@13648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-03-10 18:45:28 +00:00
parent fbd13a185a
commit 624731b93f

View File

@ -996,8 +996,8 @@ function wp_kses_normalize_entities($string) {
# Change back the allowed entities in our entity whitelist # Change back the allowed entities in our entity whitelist
$string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string); $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string);
$string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string);
$string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string);
return $string; return $string;
} }
@ -1040,7 +1040,14 @@ function wp_kses_normalize_entities2($matches) {
return ''; return '';
$i = $matches[1]; $i = $matches[1];
return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); if (valid_unicode($i)) {
$i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT);
$i = "&#$i;";
} else {
$i = "&#$i;";
}
return $i;
} }
/** /**
@ -1055,11 +1062,11 @@ function wp_kses_normalize_entities2($matches) {
* @return string Correctly encoded entity * @return string Correctly encoded entity
*/ */
function wp_kses_normalize_entities3($matches) { function wp_kses_normalize_entities3($matches) {
if ( empty($matches[2]) ) if ( empty($matches[1]) )
return ''; return '';
$hexchars = $matches[2]; $hexchars = $matches[1];
return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' );
} }
/** /**