WordPress 4.2.5

[autoinstalls/wordpress.git] / wp-includes / shortcodes.php

diff --git a/wp-includes/shortcodes.php b/wp-includes/shortcodes.php
index 531a1fa18650c84db60df2ec55016c29be7807e1..810db20076918d7fad44bc848ff0ff0a28ede7d4 100644 (file)
--- a/wp-includes/shortcodes.php
+++ b/wp-includes/shortcodes.php
@@ -457,6 +457,15 @@ function shortcode_parse_atts($text) {
                        elseif (isset($m[8]))
                                $atts[] = stripcslashes($m[8]);
                }
                        elseif (isset($m[8]))
                                $atts[] = stripcslashes($m[8]);
                }

+
+               // Reject any unclosed HTML elements
+               foreach( $atts as &$value ) {
+                       if ( false !== strpos( $value, '<' ) ) {
+                               if ( 1 !== preg_match( '/^[^<]*+(?:<[^>]*+>[^<]*+)*+$/', $value ) ) {
+                                       $value = '';
+                               }
+                       }
+               }

        } else {
                $atts = ltrim($text);
        }
        } else {
                $atts = ltrim($text);
        }