WordPress 4.3.1

[autoinstalls/wordpress.git] / wp-includes / shortcodes.php

diff --git a/wp-includes/shortcodes.php b/wp-includes/shortcodes.php
index c63958b12f5e78c4bf7368b0fd1448ff8818b3db..86976a21ce34ced40d4cfa4e14617bf74693625d 100644 (file)
--- a/wp-includes/shortcodes.php
+++ b/wp-includes/shortcodes.php
@@ -462,6 +462,15 @@ function shortcode_parse_atts($text) {
                        elseif (isset($m[8]))
                                $atts[] = stripcslashes($m[8]);
                }
+
+               // Reject any unclosed HTML elements
+               foreach( $atts as &$value ) {
+                       if ( false !== strpos( $value, '<' ) ) {
+                               if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
+                                       $value = '';
+                               }
+                       }
+               }
        } else {
                $atts = ltrim($text);
        }