HTML API: Fix CDATA lookalike matching invalid CDATA

When `next_token()` was introduced to the HTML Tag Processor, it started
classifying comments that look like they were intended to be CDATA sections.
In one of the changes made during development, however, a typo slipped
through code review that treated comments as CDATA even if they only
ended in `]>` and not the required `]]>`.

The consequences of this defect were minor because in all cases these are
treated as HTML comments from invalid syntax, but this patch adds the
missing check to ensure the proper reporting of CDATA-lookalikes.

Follow-up to [57348]

Props jonsurrell
Fixes #60406


Built from https://develop.svn.wordpress.org/trunk@57506


git-svn-id: http://core.svn.wordpress.org/trunk@57007 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/html-api/class-wp-html-tag-processor.php

@@ -1762,7 +1762,8 @@ class WP_HTML_Tag_Processor {
 					'T' === $html[ $this->token_starts_at + 6 ] &&
 					'A' === $html[ $this->token_starts_at + 7 ] &&
 					'[' === $html[ $this->token_starts_at + 8 ] &&
-					']' === $html[ $closer_at - 1 ]
+					']' === $html[ $closer_at - 1 ] &&
+					']' === $html[ $closer_at - 2 ]
 				) {
 					$this->parser_state    = self::STATE_COMMENT;
 					$this->comment_type    = self::COMMENT_AS_CDATA_LOOKALIKE;

wp-includes/version.php

@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.5-alpha-57505';
+$wp_version = '6.5-alpha-57506';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.