Skip to content

Commit ebeb870

Browse files
dmsnelldmsnell
committed
Correct unchecked indexing, feedback
Props to @costdev for noting the unchecked indices.
1 parent 5f170ee commit ebeb870

2 files changed

Lines changed: 35 additions & 5 deletions

File tree

src/wp-includes/html-api/class-wp-html-tag-processor.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1055,19 +1055,19 @@ private function parse_next_tag() {
10551055
*
10561056
* See https://html.spec.whatwg.org/#parse-error-incorrectly-closed-comment
10571057
*/
1058-
$closer_at--; // Pre-increment inside condition avoids risk of infinite looping.
1058+
$closer_at--; // Pre-increment inside condition below reduces risk of accidental infinite looping.
10591059
while ( ++$closer_at < strlen( $html ) ) {
10601060
$closer_at = strpos( $html, '--', $closer_at );
10611061
if ( false === $closer_at ) {
10621062
return false;
10631063
}
10641064

1065-
if ( '>' === $html[ $closer_at + 2 ] ) {
1065+
if ( $closer_at + 2 < strlen( $html ) && '>' === $html[ $closer_at + 2 ] ) {
10661066
$at = $closer_at + 3;
10671067
continue 2;
10681068
}
10691069

1070-
if ( '!' === $html[ $closer_at + 2 ] && '>' === $html[ $closer_at + 3 ] ) {
1070+
if ( $closer_at + 3 < strlen( $html ) && '!' === $html[ $closer_at + 2 ] && '>' === $html[ $closer_at + 3 ] ) {
10711071
$at = $closer_at + 4;
10721072
continue 2;
10731073
}

tests/phpunit/tests/html-api/wpHtmlTagProcessor.php

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1827,10 +1827,42 @@ public function test_allows_incorrectly_closed_comments() {
18271827
$this->assertSame( 'final', $p->get_attribute( 'id' ), 'Did not skip over unopened comment-closer.' );
18281828
}
18291829

1830+
/**
1831+
* Ensures that unclosed and invalid comments don't trigger warnings or errors.
1832+
*
1833+
* @ticket 58007
1834+
*
1835+
* @covers WP_HTML_Tag_Processor::next_tag
1836+
* @dataProvider data_html_with_unclosed_comments
1837+
*
1838+
* @param string $html_ending_before_comment_close HTML with opened comments that aren't closed
1839+
*/
1840+
public function test_documents_may_end_with_unclosed_comment( $html_ending_before_comment_close ) {
1841+
$p = new WP_HTML_Tag_Processor( $html_ending_before_comment_close );
1842+
1843+
$this->assertFalse( $p->next_tag() );
1844+
}
1845+
1846+
/**
1847+
* Data provider.
1848+
*
1849+
* @return array[]
1850+
*/
1851+
public function data_html_with_unclosed_comments() {
1852+
return array(
1853+
'Basic truncated comment' => array( '<!-- this ends --' ),
1854+
'Comment with closer look-alike' => array( '<!-- this ends --x' ),
1855+
'Comment with closer look-alike 2' => array( '<!-- this ends --!x' ),
1856+
'Invalid tag-closer comment' => array( '</(when will this madness end?)' ),
1857+
'Invalid tag-closer comment 2' => array( '</(when will this madness end?)--' )
1858+
);
1859+
}
1860+
18301861
/**
18311862
* Ensures that abruptly-closed empty comments are properly closed.
18321863
*
18331864
* @ticket 58007
1865+
*
18341866
* @covers WP_HTML_Tag_Processor::next_tag
18351867
* @dataProvider data_abruptly_closed_empty_comments
18361868
*
@@ -1847,8 +1879,6 @@ public function test_closes_abrupt_closing_of_empty_comment( $html_with_after_ma
18471879
/**
18481880
* Data provider.
18491881
*
1850-
* @ticket 58007
1851-
*
18521882
* @return array[]
18531883
*/
18541884
public function data_abruptly_closed_empty_comments() {

0 commit comments

Comments
 (0)