[wp-trac] [WordPress Trac] #29557: PHP ≤ 5.4.8 Crashes on '[' Character in Posts

WordPress Trac noreply at wordpress.org
Sun Sep 28 11:45:33 UTC 2014


#29557: PHP ≤ 5.4.8 Crashes on '[' Character in Posts
-----------------------------------+--------------------
 Reporter:  MrBobDobolina          |       Owner:
     Type:  defect (bug)           |      Status:  new
 Priority:  highest omg bbq        |   Milestone:  4.0.1
Component:  Formatting             |     Version:  4.0
 Severity:  blocker                |  Resolution:
 Keywords:  wptexturize has-patch  |     Focuses:
-----------------------------------+--------------------

Comment (by kitchin):

 The comment parsing could be simplified. Gecko, Webkit and Trident all
 (apparently) use this:

 `(<!--.+?-->|<!--+>)`

 even in exotic doctypes like xml and 4.01 strict. Despite the W3C, `\s*>`
 is not allowed in 4.01 strict. And embedded `--` are ignored, since sgml
 legacy is not as important as easily commenting out html (or xml). There's
 probably some scenario I missed, but this regex is much simpler than the
 one in the latest patch. I separated the clauses completely with `|` to
 avoid any issues combining the greedy and non-greedy parts.

 Test strings:

 Shows 'ab':
 {{{
 a<!-->b
 a<!--->b
 a<!---->b
 a<!----->b
 a<!-- c --->b
 a<!-- c -- d -->b
 }}}
 Does not show 'ab':
 {{{
 a<!-- c -- >b<!-- close -->
 a<!-- >b<!-- close -->
 a<!---- >b<!-- close -->
 a<!-- <!-- c --> -->b<!-- close -->
 }}}

 The regex would be a change from current WP because it disallows
 whitespace before closing `>`. But that's how the browser renders it
 anyway.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/29557#comment:72>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list