mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-06-28 22:30:04 +00:00
Refactor filters to avoid potential XSS attacks, props sambauers and DD32, see #8767
git-svn-id: https://develop.svn.wordpress.org/trunk@10297 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -96,11 +96,14 @@ function _mb_strcut( $str, $start, $length=null, $encoding=null ) {
|
||||
return implode( '', $chars );
|
||||
}
|
||||
|
||||
// from php.net
|
||||
if ( !function_exists('htmlspecialchars_decode') ) {
|
||||
if ( !function_exists( 'htmlspecialchars_decode' ) ) {
|
||||
// Added in PHP 5.1.0
|
||||
// from php.net (modified by Sam Bauers to deal with some quirks in HTML_SPECIALCHARS constant)
|
||||
function htmlspecialchars_decode( $str, $quote_style = ENT_COMPAT ) {
|
||||
return strtr( $str, array_flip( get_html_translation_table(HTML_SPECIALCHARS, $quote_style) ) );
|
||||
}
|
||||
$table = array_flip( get_html_translation_table( HTML_SPECIALCHARS, $quote_style ) );
|
||||
$table = array_merge( array( ''' => "'" ), $table, array( '&' => "&", '&' => "&" ) );
|
||||
return strtr( $str, $table );
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user