From 788597141a981622112c269d84e8eef6f5a4650b Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Tue, 1 Jul 2014 18:01:17 +0000 Subject: [PATCH] Make wp_kses_no_null() remove any invalid control characters in a string. props mauteri, miqrogroove. fixes #28506. Built from https://develop.svn.wordpress.org/trunk@28942 git-svn-id: http://core.svn.wordpress.org/trunk@28740 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/kses.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 1389be152f..0b552955e2 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -991,7 +991,9 @@ function wp_kses_bad_protocol($string, $allowed_protocols) { } /** - * Removes any null characters in $string. + * Removes any invalid control characters in $string. + * + * Also removes any instance of the '\0' string. * * @since 1.0.0 * @@ -999,7 +1001,7 @@ function wp_kses_bad_protocol($string, $allowed_protocols) { * @return string */ function wp_kses_no_null($string) { - $string = preg_replace('/\0+/', '', $string); + $string = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $string); $string = preg_replace('/(\\\\0)+/', '', $string); return $string;