From 59b8f0da7c8c3a0b031af3f826798ff6cbd73868 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Mon, 21 Dec 2015 02:42:30 +0000
Subject: [PATCH] Texturize: Transform `&` into `&#038;` in tag attributes.

[35709] was overly broad, and stopped transforming `&` characters within tag attributes. So that sites aren't generating invalid HTML, we need to restore this functionality, while continuing to not transform `&` within blocked tags.

Fixes #35008 for trunk.



git-svn-id: https://develop.svn.wordpress.org/trunk@36036 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/formatting.php                |  4 ++++
 .../phpunit/tests/formatting/WPTexturize.php  | 22 +++++++++++--------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/wp-includes/formatting.php b/src/wp-includes/formatting.php
index 91690d8f4b..659db978d8 100644
--- a/src/wp-includes/formatting.php
+++ b/src/wp-includes/formatting.php
@@ -233,6 +233,10 @@ function wptexturize( $text, $reset = false ) {
 				continue;
 			} else {
 				// This is an HTML element delimiter.
+
+				// Replace each & with &#038; unless it already looks like an entity.
+				$curl = preg_replace( '/&(?!#(?:\d+|x[a-f0-9]+);|[a-z1-4]{1,8};)/i', '&#038;', $curl );
+
 				_wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags );
 			}
 
diff --git a/tests/phpunit/tests/formatting/WPTexturize.php b/tests/phpunit/tests/formatting/WPTexturize.php
index 475a4755fc..4d7caf3d06 100644
--- a/tests/phpunit/tests/formatting/WPTexturize.php
+++ b/tests/phpunit/tests/formatting/WPTexturize.php
@@ -10,14 +10,14 @@ class Tests_Formatting_WPTexturize extends WP_UnitTestCase {
 	}
 
 	function test_disable() {
-		$this->assertEquals('<pre>---</pre>', wptexturize('<pre>---</pre>'));
-		$this->assertEquals('<pre><code></code>--</pre>', wptexturize('<pre><code></code>--</pre>'));
+		$this->assertEquals('<pre>---&</pre>', wptexturize('<pre>---&</pre>'));
+		$this->assertEquals('<pre><code></code>--&</pre>', wptexturize('<pre><code></code>--&</pre>'));
 
-		$this->assertEquals( '<code>---</code>',     wptexturize( '<code>---</code>'     ) );
-		$this->assertEquals( '<kbd>---</kbd>',       wptexturize( '<kbd>---</kbd>'       ) );
-		$this->assertEquals( '<style>---</style>',   wptexturize( '<style>---</style>'   ) );
-		$this->assertEquals( '<script>---</script>', wptexturize( '<script>---</script>' ) );
-		$this->assertEquals( '<tt>---</tt>',         wptexturize( '<tt>---</tt>'         ) );
+		$this->assertEquals( '<code>---&</code>',     wptexturize( '<code>---&</code>'     ) );
+		$this->assertEquals( '<kbd>---&</kbd>',       wptexturize( '<kbd>---&</kbd>'       ) );
+		$this->assertEquals( '<style>---&</style>',   wptexturize( '<style>---&</style>'   ) );
+		$this->assertEquals( '<script>---&</script>', wptexturize( '<script>---&</script>' ) );
+		$this->assertEquals( '<tt>---&</tt>',         wptexturize( '<tt>---&</tt>'         ) );
 
 		$this->assertEquals('<code>href="baba"</code> &#8220;baba&#8221;', wptexturize('<code>href="baba"</code> "baba"'));
 
@@ -1268,11 +1268,15 @@ class Tests_Formatting_WPTexturize extends WP_UnitTestCase {
 			),
 			array(
 				'[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy & that guy </a> ]',
-				'[ photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy &#038; that guy </a> ]',
+				'[ photos by <a href="http://example.com/?a[]=1&#038;a[]=2"> this guy &#038; that guy </a> ]',
 			),
 			array(
 				'[photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy & that guy </a>]',
-				'[photos by <a href="http://example.com/?a[]=1&a[]=2"> this guy &#038; that guy </a>]',
+				'[photos by <a href="http://example.com/?a[]=1&#038;a[]=2"> this guy &#038; that guy </a>]',
+			),
+			array(
+				'& <script>&&</script>',
+				'&#038; <script>&&</script>'
 			),
 			array(
 				'[gallery ...]',