From 6ea46c5024db00d16b7789159f6fcb05cba09663 Mon Sep 17 00:00:00 2001
From: Alex Kirk <akirk@users.noreply.github.com>
Date: Fri, 27 Jan 2023 16:59:15 +0100
Subject: [PATCH] Protect cdata

---
 includes/class-hashtag.php               | 25 ++++++++++++------------
 includes/class-mention.php               | 25 ++++++++++++------------
 tests/test-class-activitypub-hashtag.php |  2 +-
 3 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/includes/class-hashtag.php b/includes/class-hashtag.php
index cbdb7df..9ce8b34 100644
--- a/includes/class-hashtag.php
+++ b/includes/class-hashtag.php
@@ -44,24 +44,25 @@ class Hashtag {
 	 */
 	public static function the_content( $the_content ) {
 		$protected_tags = array();
+		$protect = function( $m ) use ( &$protected_tags ) {
+			$c = count( $protected_tags );
+			$protect = '!#!#PROTECT' . $c . '#!#!';
+			$protected_tags[ $protect ] = $m[0];
+			return $protect;
+		};
+		$the_content = preg_replace_callback(
+			'#<![CDATA[.*?]]>#is',
+			$protect,
+			$the_content
+		);
 		$the_content = preg_replace_callback(
 			'#<(pre|code|textarea|style)\b[^>]*>.*?</\1[^>]*>#is',
-			function( $m ) use ( &$protected_tags ) {
-				$c = count( $protected_tags );
-				$protect = '!#!#PROTECT' . $c . '#!#!';
-				$protected_tags[ $protect ] = $m[0];
-				return $protect;
-			},
+			$protect,
 			$the_content
 		);
 		$the_content = preg_replace_callback(
 			'#<[^>]+>#i',
-			function( $m ) use ( &$protected_tags ) {
-				$c = count( $protected_tags );
-				$protect = '!#!#PROTECT' . $c . '#!#!';
-				$protected_tags[ $protect ] = $m[0];
-				return $protect;
-			},
+			$protect,
 			$the_content
 		);
 
diff --git a/includes/class-mention.php b/includes/class-mention.php
index 1912dfa..7012e40 100644
--- a/includes/class-mention.php
+++ b/includes/class-mention.php
@@ -24,24 +24,25 @@ class Mention {
 	 */
 	public static function the_content( $the_content ) {
 		$protected_tags = array();
+		$protect = function( $m ) use ( &$protected_tags ) {
+			$c = count( $protected_tags );
+			$protect = '!#!#PROTECT' . $c . '#!#!';
+			$protected_tags[ $protect ] = $m[0];
+			return $protect;
+		};
+		$the_content = preg_replace_callback(
+			'#<![CDATA[.*?]]>#is',
+			$protect,
+			$the_content
+		);
 		$the_content = preg_replace_callback(
 			'#<(pre|code|textarea|style)\b[^>]*>.*?</\1[^>]*>#is',
-			function( $m ) use ( &$protected_tags ) {
-				$c = count( $protected_tags );
-				$protect = '!#!#PROTECT' . $c . '#!#!';
-				$protected_tags[ $protect ] = $m[0];
-				return $protect;
-			},
+			$protect,
 			$the_content
 		);
 		$the_content = preg_replace_callback(
 			'#<a.*?href=[^>]+>.*?</a>#i',
-			function( $m ) use ( &$protected_tags ) {
-				$c = count( $protected_tags );
-				$protect = '!#!#PROTECT' . $c . '#!#!';
-				$protected_tags[ $protect ] = $m[0];
-				return $protect;
-			},
+			$protect,
 			$the_content
 		);
 
diff --git a/tests/test-class-activitypub-hashtag.php b/tests/test-class-activitypub-hashtag.php
index 319b47d..51a532c 100644
--- a/tests/test-class-activitypub-hashtag.php
+++ b/tests/test-class-activitypub-hashtag.php
@@ -19,7 +19,7 @@ class Test_Activitypub_Hashtag extends WP_UnitTestCase {
 		$code = '<code>text with some #object and <a> tag inside</code>';
 		$style = <<<ENDSTYLE
 <style type="text/css">
-<![[
+<![CDATA[
 color: #ccc;
 ]]>
 </style>