From cb8cc5ffb6b814a3b918bcbaeb1862265818e0c6 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 17 Nov 2009 19:25:01 +0000 Subject: [PATCH] Use preg_replace_callback to eliminate eval. Props BenBE1987. fixes #10896 git-svn-id: http://svn.automattic.com/wordpress/trunk@12198 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/post.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index 75dee30fe5..7dc3c2a2e9 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -713,6 +713,7 @@ function update_meta( $meta_id, $meta_key, $meta_value ) { * @return unknown */ function _fix_attachment_links( $post_ID ) { + global $_fix_attachment_link_id; $post = & get_post( $post_ID, ARRAY_A ); @@ -740,7 +741,8 @@ function _fix_attachment_links( $post_ID ) { } $post_search[$i] = $anchor; - $post_replace[$i] = preg_replace( "#href=(\"|')[^'\"]*\\1#e", "stripslashes( 'href=\\1' ).get_attachment_link( $id ).stripslashes( '\\1' )", $anchor ); + $_fix_attachment_link_id = $id; + $post_replace[$i] = preg_replace_callback( "#href=(\"|')[^'\"]*\\1#", '_fix_attachment_links_replace_cb', $anchor ); ++$i; } @@ -752,6 +754,11 @@ function _fix_attachment_links( $post_ID ) { return wp_update_post( $post); } +function _fix_attachment_links_replace_cb($match) { + global $_fix_attachment_link_id; + return stripslashes( 'href='.$m[1] ).get_attachment_link( $_fix_attachment_link_id ).stripslashes( $m[1] ); +} + /** * Move child posts to a new parent. *