mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
HTML API: Fix an infinite loop in certain unclosed SCRIPT tags.
When the Tag Processor (or HTML Processor) attempts to parse certain incomplete script tags, the parser enters an infinite loop and will hang indefinitely. The conditions to reach this situation are: - Input HTML ends with an open script tag. - The final character of input is `-` or `<`. The infinite loop was caused by the parser-advancing increment not being called when two `||` OR conditions short-circuited. If the first condition was true, the `$at++` code was never reached. This path resolves the issue. Developed in https://github.com/wordpress/wordpress-develop/pull/7128 Discussed in https://core.trac.wordpress.org/ticket/61810 Follow-up to [55203]. Props: dmsnell, jonsurrell. Fixes #61810. Built from https://develop.svn.wordpress.org/trunk@58845 git-svn-id: http://core.svn.wordpress.org/trunk@58241 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
7a86a5a42f
commit
8d059b9fe2
@ -1431,8 +1431,15 @@ class WP_HTML_Tag_Processor {
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Everything of interest past here starts with "<".
|
if ( $at + 1 >= $doc_length ) {
|
||||||
if ( $at + 1 >= $doc_length || '<' !== $html[ $at++ ] ) {
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Everything of interest past here starts with "<".
|
||||||
|
* Check this character and advance position regardless.
|
||||||
|
*/
|
||||||
|
if ( '<' !== $html[ $at++ ] ) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.7-alpha-58844';
|
$wp_version = '6.7-alpha-58845';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
Loading…
Reference in New Issue
Block a user