[wp-trac] [WordPress Trac] #5644: wp_kses_normalize_entities regular
expression does not use callback
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 11 05:50:32 GMT 2008
#5644: wp_kses_normalize_entities regular expression does not use callback
------------------------+---------------------------------------------------
Reporter: darkdragon | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: Security | Version:
Severity: normal | Keywords:
------------------------+---------------------------------------------------
In {{{wp_kses_normalize_entities()}}}, the second preg_replace uses the
'e' or eval instead of using the preg_replace_callback() function that has
been in PHP since 4.0.5.
Recommendation:
Change
{{{
$string = preg_replace('/&#0*([0-9]{1,5});/e',
'wp_kses_normalize_entities2("\\1")', $string);
}}}
To:
{{{
$string = preg_replace_callback('/&#0*([0-9]{1,5});/',
'wp_kses_normalize_entities2', $string);
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/5644>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list