From b702c2f95b9ffdd23451bf77a8283ac10d054789 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Mon, 21 Dec 2015 02:46:22 +0000 Subject: [PATCH] Texturize: Transform `&` into `&` in tag attributes. [35709] was overly broad, and stopped transforming `&` characters within tag attributes. So that sites aren't generating invalid HTML, we need to restore this functionality, while continuing to not transform `&` within blocked tags. Merge of [36036] to the 4.4 branch. Fixes #35008. Built from https://develop.svn.wordpress.org/branches/4.4@36037 git-svn-id: http://core.svn.wordpress.org/branches/4.4@36002 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/formatting.php | 4 ++++ wp-includes/version.php | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index ff4167d227..cb8e5ba590 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -233,6 +233,10 @@ function wptexturize( $text, $reset = false ) { continue; } else { // This is an HTML element delimiter. + + // Replace each & with & unless it already looks like an entity. + $curl = preg_replace( '/&(?!#(?:\d+|x[a-f0-9]+);|[a-z1-4]{1,8};)/i', '&', $curl ); + _wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 3d0b0ada41..d016de24cf 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4.1-alpha-36035'; +$wp_version = '4.4.1-alpha-36037'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.