From 21e45219f5b395edd3f987b3ae9fc49a741b4596 Mon Sep 17 00:00:00 2001 From: Andrew Ozz Date: Thu, 31 Dec 2009 04:57:54 +0000 Subject: [PATCH] Fix Press This entity encoding, props noel, fixes #11390 git-svn-id: https://develop.svn.wordpress.org/trunk@12592 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/press-this.php | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 0a1f37b24a..59a2ae6ebc 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -13,23 +13,6 @@ header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('b if ( ! current_user_can('edit_posts') ) wp_die( __( 'Cheatin’ uh?' ) ); -/** - * Convert characters. - * - * @package WordPress - * @subpackage Press_This - * @since 2.6.0 - * - * @param string $text - * @return string - */ -function aposfix($text) { - $translation_table[chr(34)] = '"'; - $translation_table[chr(38)] = '&'; - $translation_table[chr(39)] = '''; - return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($text, $translation_table)); -} - /** * Press It form handler. * @@ -92,11 +75,17 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { } // Set Variables -$title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : ''; -$selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : ''; +$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; + +$selection = ''; +if ( !empty($_GET['s']) ) { + $selection = str_replace(''', "'", stripslashes($_GET['s'])); + $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); +} + if ( ! empty($selection) ) { $selection = preg_replace('/(\r?\n|\r)/', '

', $selection); - $selection = '

'.str_replace('

', '', $selection).'

'; + $selection = '

' . str_replace('

', '', $selection) . '

'; } $url = isset($_GET['u']) ? esc_url($_GET['u']) : '';