[wp-trac] [WordPress Trac] #5644: wp_kses_normalize_entities regular expression does not use callback

WordPress Trac wp-trac at lists.automattic.com
Fri Jan 11 05:50:32 GMT 2008


#5644: wp_kses_normalize_entities regular expression does not use callback
------------------------+---------------------------------------------------
 Reporter:  darkdragon  |       Owner:  anonymous
     Type:  defect      |      Status:  new      
 Priority:  normal      |   Milestone:  2.6      
Component:  Security    |     Version:           
 Severity:  normal      |    Keywords:           
------------------------+---------------------------------------------------
 In {{{wp_kses_normalize_entities()}}}, the second preg_replace uses the
 'e' or eval instead of using the preg_replace_callback() function that has
 been in PHP since 4.0.5.

 Recommendation:

 Change
 {{{
 $string = preg_replace('/&#0*([0-9]{1,5});/e',
 'wp_kses_normalize_entities2("\\1")', $string);
 }}}

 To:

 {{{
 $string = preg_replace_callback('/&#0*([0-9]{1,5});/',
 'wp_kses_normalize_entities2', $string);
 }}}

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5644>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list