syntaxhighlighter
Opened 18 years ago
Closed 18 years ago
#703 closed defect (fixed)
Encoding can get messed up due to KSES
| Reported by: | mdawaffe | Owned by: | Viper007Bond |
|---|---|---|---|
| Priority: | normal | Severity: | normal |
| Plugin: | syntaxhighlighter | Keywords: | |
| Cc: |
Description
Write the following in a new post as a contributor (or anyone without the unfiltered_html capability).
[sourcecode language="php"]
function boo( $go ) {
var_dump("hello & goodbye" && true);
}
[/sourcecode]
You'll end up with the following displayed in your browser.
[sourcecode language="php"]
function boo( $go ) {
var_dump("hello & goodbye" && true);
}
[/sourcecode]
This is because KSES is being helpful and is normalizing entities in wp_kses_normalize_entities().
Attached is a patch.
- If the content is going to hit KSES, the contents of [sourcecode] tags is double encoded. It is subsequently unencoded after going through KSES.
- Does that for posts, comments (if turned on), and widget text.
- Preserves
&and&in the code.
Posts and comments are straightforward. Widgets are not since they lack any decent filters. The patch works via a few hacks documented in the code.
The way I check to see if KSES is going to be applied is to manually look at the $wp_filters global. It might not work with older versions of WP since the structure of that global has changed recently. Needs testing. That method is more robust than checking to see if current_user_can( 'unfiltered_html' ) since other plugins could mess around caps and filters.
Fixed in 1.1.0. Well done.