In wptexturize() + tests:

* Allow well-formed HTML inside of shortcode attributes
* Restrict recursion. HTML is allowed but ignored.
* Do not allow exotic HTML comments in shortcode attributes.
* Continue to ignore the [ and ] chars if they appear in any HTML attribute.
* Update related regex patterns.
* Update unit tests.

Props miqrogroove.
Fixes #28564.


git-svn-id: https://develop.svn.wordpress.org/trunk@28773 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor
2014-06-18 19:48:46 +00:00
parent 6719d08d2d
commit 0688f9eb49
2 changed files with 13 additions and 5 deletions

View File

@@ -203,7 +203,11 @@ function wptexturize($text, $reset = false) {
. '|'
. '\[' // Find start of shortcode.
. '\[?' // Shortcodes may begin with [[
. '[^\[\]<>]+' // Shortcodes do not contain other shortcodes or HTML elements.
. '(?:'
. '[^\[\]<>]' // Shortcodes do not contain other shortcodes.
. '|'
. '<.+?>' // HTML elements permitted. Prevents matching ] before >.
. ')+'
. '\]' // Find end of shortcode.
. '\]?' // Shortcodes may end with ]]
. ')/s';
@@ -220,12 +224,12 @@ function wptexturize($text, $reset = false) {
_wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>' );
}
} elseif ( '[' === $first && 1 === preg_match( '/^\[[^\[\]<>]+\]$/', $curl ) ) {
} elseif ( '[' === $first && 1 === preg_match( '/^\[(?:[^\[\]<>]|<.+?>)+\]$/', $curl ) ) {
// This is a shortcode delimeter.
_wptexturize_pushpop_element( $curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']' );
} elseif ( '[' === $first && 1 === preg_match( '/^\[\[?[^\[\]<>]+\]\]?$/', $curl ) ) {
} elseif ( '[' === $first && 1 === preg_match( '/^\[\[?(?:[^\[\]<>]|<.+?>)+\]\]?$/', $curl ) ) {
// This is an escaped shortcode delimeter.
// Do not texturize.