KSES: Use correct global in wp_kses_xml_named_entities().

This fixes a discrepancy where the the global name used in the function did not match the one declared at the beginning of `kses.php`, and ensures that the function gets the correct array of allowed XML entity names.

Includes unit tests.

Follow-up to [48072].

Props ovidiul, costdev, peterwilsoncc, SergeyBiryukov.
Fixes #54060.

git-svn-id: https://develop.svn.wordpress.org/trunk@52229 602fd350-edb4-49c9-b593-d223f7449a82

src/wp-includes/kses.php

@@ -459,7 +459,7 @@ if ( ! CUSTOM_TAGS ) {
 	);
 
 	/**
-	 * @var string[] $allowedentitynames Array of KSES allowed HTML entitity names.
+	 * @var string[] $allowedentitynames Array of KSES allowed HTML entity names.
 	 * @since 1.0.0
 	 */
 	$allowedentitynames = array(
@@ -719,10 +719,10 @@ if ( ! CUSTOM_TAGS ) {
 	);
 
 	/**
-	 * @var string[] $allowedxmlentitynames Array of KSES allowed XML entitity names.
+	 * @var string[] $allowedxmlentitynames Array of KSES allowed XML entity names.
 	 * @since 5.5.0
 	 */
-	$allowedxmlnamedentities = array(
+	$allowedxmlentitynames = array(
 		'amp',
 		'lt',
 		'gt',
@@ -1906,7 +1906,7 @@ function wp_kses_named_entities( $matches ) {
  * @return string Correctly encoded entity.
  */
 function wp_kses_xml_named_entities( $matches ) {
-	global $allowedentitynames, $allowedxmlnamedentities;
+	global $allowedentitynames, $allowedxmlentitynames;
 
 	if ( empty( $matches[1] ) ) {
 		return '';
@@ -1914,7 +1914,7 @@ function wp_kses_xml_named_entities( $matches ) {
 
 	$i = $matches[1];
 
-	if ( in_array( $i, $allowedxmlnamedentities, true ) ) {
+	if ( in_array( $i, $allowedxmlentitynames, true ) ) {
 		return "&$i;";
 	} elseif ( in_array( $i, $allowedentitynames, true ) ) {
 		return html_entity_decode( "&$i;", ENT_HTML5 );

tests/phpunit/tests/kses.php

@@ -1790,4 +1790,110 @@ HTML;
 
 		return $return_data;
 	}
+
+	/**
+	 * Test that XML named entities are encoded correctly.
+	 *
+	 * @dataProvider data_wp_kses_xml_named_entities
+	 *
+	 * @ticket 54060
+	 * @covers ::wp_kses_xml_named_entities
+	 *
+	 * @param array  $input    The input to wp_kses_xml_named_entities().
+	 * @param string $expected The expected output.
+	 */
+	public function test_wp_kses_xml_named_entities( $input, $expected ) {
+		$this->assertSame( $expected, wp_kses_xml_named_entities( $input ) );
+	}
+
+	/**
+	 * Data provider for test_wp_kses_xml_named_entities().
+	 *
+	 * @return array Nested array of input, expected pairs.
+	 */
+	public function data_wp_kses_xml_named_entities() {
+		return array(
+			// Empty string value testing.
+			'empty string'       => array(
+				'input'    => '',
+				'expected' => '',
+			),
+
+			// Empty string array value testing.
+			'empty string array' => array(
+				'input'    => array( '', '' ),
+				'expected' => '',
+			),
+
+			// $allowedxmlentitynames values testing.
+			'amp'                => array(
+				'input'    => array( '', 'amp' ),
+				'expected' => '&',
+			),
+			'lt'                 => array(
+				'input'    => array( '', 'lt' ),
+				'expected' => '<',
+			),
+			'gt'                 => array(
+				'input'    => array( '', 'gt' ),
+				'expected' => '>',
+			),
+
+			// $allowedentitynames values testing.
+			'nbsp'               => array(
+				'input'    => array( '', 'nbsp' ),
+				'expected' => utf8_encode( chr( 160 ) ),
+			),
+			'iexcl'              => array(
+				'input'    => array( '', 'iexcl' ),
+				'expected' => '¡',
+			),
+			'cent'               => array(
+				'input'    => array( '', 'cent' ),
+				'expected' => '¢',
+			),
+
+			// Some other value testing.
+			'test'               => array(
+				'input'    => array( '', 'test' ),
+				'expected' => '&test;',
+			),
+
+		);
+	}
+
+	/**
+	 * Test that KSES globals are defined.
+	 *
+	 * @dataProvider data_kses_globals_are_defined
+	 *
+	 * @ticket 54060
+	 *
+	 * @param string $global The name of the global variable.
+	 */
+	public function test_kses_globals_are_defined( $global ) {
+		$this->assertArrayHasKey( $global, $GLOBALS );
+	}
+
+	/**
+	 * Data provider for test_kses_globals_are_defined().
+	 *
+	 * @return array
+	 */
+	public function data_kses_globals_are_defined() {
+		return array(
+			'allowedposttags'       => array(
+				'global' => 'allowedposttags',
+			),
+			'allowedtags'           => array(
+				'global' => 'allowedtags',
+			),
+			'allowedentitynames'    => array(
+				'global' => 'allowedentitynames',
+			),
+			'allowedxmlentitynames' => array(
+				'global' => 'allowedxmlentitynames',
+			),
+		);
+	}
 }