Security: Clean up user inputs before using.

git-svn-id: https://develop.svn.wordpress.org/trunk@1727 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2004-10-02 00:46:30 +00:00
parent ebbf002430
commit d2ed07b4bf
2 changed files with 16 additions and 8 deletions
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -1716,4 +1716,12 @@ function get_template_directory() {
 	return $template;
 }

+// Borrowed from the PHP Manual user notes. Convert entities, while
+// preserving already-encoded entities:
+function htmlentities2($myHTML) {
+	$translation_table=get_html_translation_table (HTML_ENTITIES,ENT_QUOTES);
+	$translation_table[chr(38)] = '&';
+	return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&amp;" , strtr($myHTML, $translation_table));
+}
+
 ?>