From 3778cae8ec2881923c3f7d8b9b8763cd275a0dcf Mon Sep 17 00:00:00 2001 From: Nikolay Bachiyski Date: Mon, 14 Sep 2015 22:36:24 +0000 Subject: [PATCH] Shortcodes: don't allow unclosed HTML elements in attributes Built from https://develop.svn.wordpress.org/trunk@34134 git-svn-id: http://core.svn.wordpress.org/trunk@34102 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/media.php | 2 ++ wp-includes/shortcodes.php | 9 +++++++++ wp-includes/version.php | 2 +- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/wp-includes/media.php b/wp-includes/media.php index 7a58329c82..2e8d7a3010 100644 --- a/wp-includes/media.php +++ b/wp-includes/media.php @@ -870,6 +870,8 @@ function img_caption_shortcode( $attr, $content = null ) { $content = $matches[1]; $attr['caption'] = trim( $matches[2] ); } + } elseif ( strpos( $attr['caption'], '<' ) !== false ) { + $attr['caption'] = wp_kses( $attr['caption'], 'post' ); } /** diff --git a/wp-includes/shortcodes.php b/wp-includes/shortcodes.php index 45df890e3e..e28e2b52f7 100644 --- a/wp-includes/shortcodes.php +++ b/wp-includes/shortcodes.php @@ -462,6 +462,15 @@ function shortcode_parse_atts($text) { elseif (isset($m[8])) $atts[] = stripcslashes($m[8]); } + + // Reject any unclosed HTML elements + foreach( $atts as &$value ) { + if ( false !== strpos( $value, '<' ) ) { + if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) { + $value = ''; + } + } + } } else { $atts = ltrim($text); } diff --git a/wp-includes/version.php b/wp-includes/version.php index dbd247d3d1..dd7fe851c8 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-alpha-34133'; +$wp_version = '4.4-alpha-34134'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.