From 8e5543da5339965a38812a2803abc0d7abc71ce9 Mon Sep 17 00:00:00 2001 From: Drew Jaynes Date: Wed, 3 Dec 2014 08:47:22 +0000 Subject: [PATCH] Backtick-escape three sets of HTML entities used in DocBlock descriptions in wp-includes/kses.php. Without the escaping, the Code Reference/browser may inadvertently attempt to convert and display entities. Fixes #30473. Built from https://develop.svn.wordpress.org/trunk@30720 git-svn-id: http://core.svn.wordpress.org/trunk@30710 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/kses.php | 14 +++++++------- wp-includes/version.php | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/wp-includes/kses.php b/wp-includes/kses.php index bb180438a8..f3881fbbac 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -1172,8 +1172,8 @@ function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) { /** * Converts and fixes HTML entities. * - * This function normalizes HTML entities. It will convert "AT&T" to the correct - * "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on. + * This function normalizes HTML entities. It will convert `AT&T` to the correct + * `AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;` and so on. * * @since 1.0.0 * @@ -1218,8 +1218,8 @@ function wp_kses_named_entities($matches) { /** * Callback for wp_kses_normalize_entities() regular expression. * - * This function helps wp_kses_normalize_entities() to only accept 16-bit values - * and nothing more for &#number; entities. + * This function helps {@see wp_kses_normalize_entities()} to only accept 16-bit + * values and nothing more for `&#number;` entities. * * @access private * @since 1.0.0 @@ -1277,9 +1277,9 @@ function valid_unicode($i) { /** * Convert all entities to their character counterparts. * - * This function decodes numeric HTML entities (A and A). It doesn't do - * anything with other entities like ä, but we don't need them in the URL - * protocol whitelisting system anyway. + * This function decodes numeric HTML entities (`A` and `A`). + * It doesn't do anything with other entities like ä, but we don't + * need them in the URL protocol whitelisting system anyway. * * @since 1.0.0 * diff --git a/wp-includes/version.php b/wp-includes/version.php index c0647a9f54..a1084757fc 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.1-beta2-30719'; +$wp_version = '4.1-beta2-30720'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.