Because the single closed tag regex will match on <script>, <object>, and <embed>, the 'tag pairs' regex will never be executed. this causes hanging close tags on any element that is removed. reordering them fixes the problem nicely. NOTE: I've added the i flag in the fix below as a service to anyone using this message as a patch. this fixes the other issue with differently cased tags passing through the filter.

Fix:

Change

// find single, closed tags
$input = preg_replace_callback('@<(embed|object|script)([^>]*)/?>?@s', 'embedfilter_process', $input, 5);

// find open tag/close tag pairs.
$input = preg_replace_callback('@<(embed|object|script)([^>]*)>(.*?)@si', 'embedfilter_process', $input, 5);

To:
// find open tag/close tag pairs.
$input = preg_replace_callback('@<(embed|object|script)([^>]*)>(.*?)@si', 'embedfilter_process', $input, 5);

// find single, closed tags
$input = preg_replace_callback('@<(embed|object|script)([^>]*)/?>?@s', 'embedfilter_process', $input, 5);

Comments

steven jones’s picture

Status: Active » Fixed

Patched

Anonymous’s picture

Status: Fixed » Closed (fixed)