WordPress.org

Plugin Directory

syntaxhighlighter

Opened 6 years ago

Closed 6 years ago

#703 closed defect (fixed)

Encoding can get messed up due to KSES

Reported by: mdawaffe Owned by: Viper007Bond
Priority: normal Severity: normal
Plugin: syntaxhighlighter Keywords:
Cc:

Description

Write the following in a new post as a contributor (or anyone without the unfiltered_html capability).

[sourcecode language="php"]
function boo( $go ) {
var_dump("hello & goodbye" && true);
}
[/sourcecode]

You'll end up with the following displayed in your browser.

[sourcecode language="php"]
function boo( $go ) {
var_dump("hello & goodbye" && true);
}
[/sourcecode]

This is because KSES is being helpful and is normalizing entities in wp_kses_normalize_entities().

Attached is a patch.

  1. If the content is going to hit KSES, the contents of [sourcecode] tags is double encoded. It is subsequently unencoded after going through KSES.
  2. Does that for posts, comments (if turned on), and widget text.
  3. Preserves & and & in the code.

Posts and comments are straightforward. Widgets are not since they lack any decent filters. The patch works via a few hacks documented in the code.

The way I check to see if KSES is going to be applied is to manually look at the $wp_filters global. It might not work with older versions of WP since the structure of that global has changed recently. Needs testing. That method is more robust than checking to see if current_user_can( 'unfiltered_html' ) since other plugins could mess around caps and filters.

Attachments (1)

kses.diff (6.4 KB) - added by mdawaffe 6 years ago.

Download all attachments as: .zip

Change History (2)

mdawaffe6 years ago

comment:1 Viper007Bond6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in 1.1.0. Well done.

Note: See TracTickets for help on using tickets.