[wp-trac] [WordPress Trac] #29557: PHP ≤ 5.4.8 Crashes on '[' Character in Posts

WordPress Trac noreply at wordpress.org
Wed Oct 8 06:39:44 UTC 2014 

#29557: PHP ≤ 5.4.8 Crashes on '[' Character in Posts
-----------------------------------+--------------------
 Reporter:  MrBobDobolina          |       Owner:
     Type:  defect (bug)           |      Status:  new
 Priority:  highest omg bbq        |   Milestone:  4.0.1
Component:  Formatting             |     Version:  4.0
 Severity:  blocker                |  Resolution:
 Keywords:  wptexturize has-patch  |     Focuses:
-----------------------------------+--------------------

Comment (by kovshenin):

 To clarify, I'm not proposing a simplified pattern or algorithm for 4.0.1.
 I'm proposing to restore 3.9 behavior to stop breaking people's installs,
 while we take a bit more time to figure things out. The main issue in this
 ticket is fairly unlikely, but things like #29608, #28564 and possibly
 others seem pretty critical. Not sure why they were closed as duplicates
 of this backtracking/segfaults issue.

 My concern is that r29748 and r29781 seem a bit radical for a point
 release. We removed matching `<[^>]+>` inside the shortcodes regex,
 allowing `<` and `>` alone to match, while we explicitly prohibited that
 in r28727 and then allowed only "well-formed" HTML in r28773. I guess this
 was done to fix #29608 but I feel like there may be side-effects. Haven't
 seen an actual report but a `[` in a shortcode attribute also worked
 pre-4.0 and now it doesn't, and if we remove the rest of `[^\[\]]` we're
 pretty much back at square one :)

 Re. Jetpack and other plugins that register shortcodes "just in time",
 obviously not in a point release, but can we look into extending the
 original shortcode to "support" them? Or maybe we can add a generic
 shortcode handler in texturize and issue a `_doing_it_wrong()`? The idea
 here is that if we're dealing with a shortcode, it's best to handle it in
 a consistent way across the whole codebase.

 @kitchin would love to see the code for your simplified algorithm.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/29557#comment:90>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list