Verify tags used in the gallery shortcode.

git-svn-id: http://core.svn.wordpress.org/trunk@23316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-22 15:36:57 +00:00 · 2013-01-22 15:36:57 +00:00 · bd7b6a52b1
parent b538d6163f
commit bd7b6a52b1
1 changed files with 9 additions and 0 deletions
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@ -735,6 +735,15 @@ function gallery_shortcode($attr) {

 	$itemtag = tag_escape($itemtag);
 	$captiontag = tag_escape($captiontag);
+	$icontag = tag_escape($icontag);
+	$valid_tags = wp_kses_allowed_html( 'post' );
+	if ( ! isset( $valid_tags[ $itemtag ] ) )
+		$itemtag = 'dl';
+	if ( ! isset( $valid_tags[ $captiontag ] ) )
+		$captiontag = 'dd';
+	if ( ! isset( $valid_tags[ $icontag ] ) )
+		$icontag = 'dt';
+
 	$columns = intval($columns);
 	$itemwidth = $columns > 0 ? floor(100/$columns) : 100;
 	$float = is_rtl() ? 'right' : 'left';