vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 22:30:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Shortcodes: don't allow unclosed HTML elements in attributes

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@34134 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Nikolay Bachiyski
2015-09-14 22:35:22 +00:00
parent 1541d43033
commit c430a82236
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/wp-includes/shortcodes.php
View File

@@ -462,6 +462,15 @@ function shortcode_parse_atts($text) {
elseif (isset($m[8]))
$atts[] = stripcslashes($m[8]);
}
// Reject any unclosed HTML elements
foreach( $atts as &$value ) {
if ( false !== strpos( $value, '<' ) ) {
if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
$value = '';
}
}
}
} else {
$atts = ltrim($text);
}