From d8179a2a1fedc81c097b5eb1bc7b619ecc50de59 Mon Sep 17 00:00:00 2001
From: Scott Taylor <scott.c.taylor@mac.com>
Date: Thu, 1 Oct 2015 17:34:24 +0000
Subject: [PATCH] Shortcodes: prevent registration of invalid shortcode names.

Adds unit tests.

Props miqrogroove.
Fixes #34090.

Built from https://develop.svn.wordpress.org/trunk@34745


git-svn-id: http://core.svn.wordpress.org/trunk@34710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/shortcodes.php | 13 +++++++++++++
 wp-includes/version.php    |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/wp-includes/shortcodes.php b/wp-includes/shortcodes.php
index 10b3e19a2e..6657ef3b26 100644
--- a/wp-includes/shortcodes.php
+++ b/wp-includes/shortcodes.php
@@ -88,6 +88,19 @@ $shortcode_tags = array();
  */
 function add_shortcode($tag, $func) {
 	global $shortcode_tags;
+
+	if ( '' == trim( $tag ) ) {
+		$message = __( 'Invalid shortcode name.  Empty name given.' );
+		_doing_it_wrong( __FUNCTION__, $message, '4.4.0' );
+		return;
+	}
+
+	if ( 0 !== preg_match( '@[<>&/\[\]\x00-\x20]@', $tag ) ) {
+		$message = sprintf( __( 'Invalid shortcode name: %s  Do not use spaces or reserved chars: & / < > [ ]' ), $tag );
+		_doing_it_wrong( __FUNCTION__, $message, '4.4.0' );
+		return;
+	}
+
 	$shortcode_tags[ $tag ] = $func;
 }
 
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 40323dc5cf..fa5c28b58d 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.4-alpha-34744';
+$wp_version = '4.4-alpha-34745';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.