Skip to content

Commit

Permalink
Shortcodes: don't allow unclosed HTML elements in attributes
Browse files Browse the repository at this point in the history 
Merges [34134] for 4.3 branch

Built from https://develop.svn.wordpress.org/branches/4.3@34144


git-svn-id: http://core.svn.wordpress.org/branches/4.3@34112 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information
@nb
nb committed Sep 14, 2015
1 parent f91a5fd commit f72b21a
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
2 changes: 2 additions & 0 deletions wp-includes/media.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -863,6 +863,8 @@ function img_caption_shortcode( $attr, $content = null ) {
$content = $matches[1];
$attr['caption'] = trim( $matches[2] );
}
} elseif ( strpos( $attr['caption'], '<' ) !== false ) {
$attr['caption'] = wp_kses( $attr['caption'], 'post' );
}

/**
Expand Down
9 changes: 9 additions & 0 deletions wp-includes/shortcodes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -462,6 +462,15 @@ function shortcode_parse_atts($text) {
elseif (isset($m[8]))
$atts[] = stripcslashes($m[8]);
}

// Reject any unclosed HTML elements
foreach( $atts as &$value ) {
if ( false !== strpos( $value, '<' ) ) {
if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
$value = '';
}
}
}
} else {
$atts = ltrim($text);
}
Expand Down

0 comments on commit f72b21a

Please sign in to comment.