Since PHP 5.2.3, the htmlspecialchars() function has an optional $double_encode parameter, which we can now use. This will save us a few expensive kses/html decoding calls.

Adds unit tests.

Props miqrogroove.
Fixes #17780.


git-svn-id: https://develop.svn.wordpress.org/trunk@32850 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Scott Taylor
2015-06-18 21:59:10 +00:00
parent b8180d3d14
commit 4d8c4295f3
5 changed files with 65 additions and 24 deletions

View File

@@ -688,24 +688,7 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals
$quote_style = ENT_NOQUOTES;
}
// Handle double encoding ourselves
if ( $double_encode ) {
$string = @htmlspecialchars( $string, $quote_style, $charset );
} else {
// Decode & into &
$string = wp_specialchars_decode( $string, $_quote_style );
// Guarantee every &entity; is valid or re-encode the &
$string = wp_kses_normalize_entities( $string );
// Now re-encode everything except &entity;
$string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
for ( $i = 0, $c = count( $string ); $i < $c; $i += 2 ) {
$string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
}
$string = implode( '', $string );
}
$string = @htmlspecialchars( $string, $quote_style, $charset, $double_encode );
// Backwards compatibility
if ( 'single' === $_quote_style )