[wp-testers] RE: wp_kses kills <!--more--> tags from xmlrpc posted
entries
Toby Simmons
toby at simmonsconsulting.com
Tue Dec 27 20:13:14 GMT 2005
Woot! The following fix handles XML-RPC posts with extended entries just
perfectly. Plus, it even handled the comment <!-- I do know that 3 > 2 -->
I've proposed it as a patch in http://trac.wordpress.org/ticket/2130
Thanks, guys.
Index: wp-includes/kses.php
===================================================================
--- wp-includes/kses.php (revision 3332)
+++ wp-includes/kses.php (working copy)
@@ -77,7 +77,7 @@
# matches stray ">" characters.
############################################################################
###
{
- return preg_replace('%(<'.# EITHER: <
+ return preg_replace('%(<!--.*-->)|(<'.# EITHER: <
'[^>]*'.# things that aren't >
'(>|$)'.# > or end of string
'|>)%e', # OR: just a >
@@ -98,6 +98,10 @@
return '>';
# It matched a ">" character
+ if (preg_match('%^<!--.*-->$%', $string))
+ return $string;
+ # Allow HTML comments
+
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string,
$matches))
return '';
# It's seriously malformed
>Andy Skelton wrote:
>> On 12/22/05, Toby Simmons <toby at simmonsconsulting.com> wrote:
>>
>>>+ if (preg_match('%^<!--[^>-]+-->$%', $string))
>>
>>
>> This will not match comments such as this:
>> <!--my-awesome-comment-->
>
>Even worse, it won't match comments like this:
><!-- my-awesome-comment > your-awesome-comment -->
>
>Because the > in the middle of the comment causes wp_kses_split() to
>send only "<!--my-awesome-comment >" on to wp_kses_split2(). Yuck.
>
>Better to replace the regex in wp_kses_split() to handle comments
correctly:
>
>(<!--.*?-->)|(<[^>]*(>|$)|>)
>
>Note that the order of these match groups is important, because it
>should attempt to match comments first before erroneously matching
>greater-thans inside the comment.
>
>After that, change Toby's regex to properly check for comments with
>anything inside:
>
>^<!--.*-->$
>
>I didn't test any of this in code, but it runs well in my regex checker.
> Toby, try refactoring with these changes and see if that works better.
> (Regexes provided here are without delimiters or escaping, if required.)
>
>Owen
>
More information about the wp-testers
mailing list