Backtick-escape three sets of HTML entities used in DocBlock descriptions in wp-includes/kses.php.

Without the escaping, the Code Reference/browser may inadvertently attempt to convert and display entities. Fixes #30473. git-svn-id: https://develop.svn.wordpress.org/trunk@30720 602fd350-edb4-49c9-b593-d223f7449a82
2025-02-24 08:33:35 +01:00 · 2014-12-03 08:46:31 +00:00 · 2014-12-03 08:46:31 +00:00 · bf8544d9fa
commit bf8544d9fa
parent 6213bb9689
1 changed files with 7 additions and 7 deletions
--- a/src/wp-includes/kses.php
+++ b/src/wp-includes/kses.php
@ -1172,8 +1172,8 @@ function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) {
 /**
 * Converts and fixes HTML entities.
 *
- * This function normalizes HTML entities. It will convert "AT&T" to the correct
+ * This function normalizes HTML entities. It will convert `AT&T` to the correct
- * "AT&amp;T", "&#00058;" to "&#58;", "&#XYZZY;" to "&amp;#XYZZY;" and so on.
+ * `AT&amp;T", "&#00058;" to "&#58;", "&#XYZZY;" to "&amp;#XYZZY;` and so on.
 *
 * @since 1.0.0
 *
@ -1218,8 +1218,8 @@ function wp_kses_named_entities($matches) {
 /**
 * Callback for wp_kses_normalize_entities() regular expression.
 *
- * This function helps wp_kses_normalize_entities() to only accept 16-bit values
+ * This function helps {@see wp_kses_normalize_entities()} to only accept 16-bit
- * and nothing more for &#number; entities.
+ * values and nothing more for `&#number;` entities.
 *
 * @access private
 * @since 1.0.0
@ -1277,9 +1277,9 @@ function valid_unicode($i) {
 /**
 * Convert all entities to their character counterparts.
 *
- * This function decodes numeric HTML entities (&#65; and &#x41;). It doesn't do
+ * This function decodes numeric HTML entities (`&#65;` and `&#x41;`).
- * anything with other entities like &auml;, but we don't need them in the URL
+ * It doesn't do anything with other entities like &auml;, but we don't
- * protocol whitelisting system anyway.
+ * need them in the URL protocol whitelisting system anyway.
 *
 * @since 1.0.0
 *