[wp-trac] [WordPress Trac] #29557: PHP ≤ 5.4.8 Crashes on '[' Character in Posts

WordPress Trac noreply at wordpress.org
Wed Sep 24 22:47:47 UTC 2014


#29557: PHP ≤ 5.4.8 Crashes on '[' Character in Posts
------------------------------------------------------+--------------------
 Reporter:  MrBobDobolina                             |       Owner:
     Type:  defect (bug)                              |      Status:  new
 Priority:  highest omg bbq                           |   Milestone:  4.0.1
Component:  Formatting                                |     Version:  4.0
 Severity:  blocker                                   |  Resolution:
 Keywords:  wptexturize has-patch commit fixed-major  |     Focuses:
------------------------------------------------------+--------------------

Comment (by miqrogroove):

 Per IRC discussion, we will not be able to resolve the crash by breaking
 non-registered shortcodes.  :(

 In miqro-29557.6.patch:
 * Revert parts of miqro-29557.5.patch.
 * Revert [28773] and remove 'attribute filter' from [28727].
 * Make the shortcode pattern quantifier possessive to avoid backtracks.
 * Security regression: HTML filter avoidance may be possible again per
 #12690.
 * Does not break unregistered shortcodes.
 * Does not break HTML comments or performance gains from 4.0.
 * Tested PHP 5.2.4, 5.2.13, 5.4.32, and 5.5.8.
 * No crashes or large backtrack counts found in any version.
 * Unit tests updated to show new outputs.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/29557#comment:67>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list