Ticket #5917: 5917.diff
| File 5917.diff, 1.9 KB (added by ryan, 5 years ago) |
|---|
-
wp-includes/kses.php
551 551 $attrarr = array (); 552 552 $mode = 0; 553 553 $attrname = ''; 554 $uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action'); 554 555 555 556 # Loop through the whole attribute list 556 557 … … 595 596 if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) 596 597 # "value" 597 598 { 598 $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols); 599 $thisval = $match[1]; 600 if ( in_array($attrname, $uris) ) 601 $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); 599 602 600 603 if(FALSE === array_key_exists($attrname, $attrarr)) { 601 604 $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n'); … … 609 612 if (preg_match("/^'([^']*)'(\s+|$)/", $attr, $match)) 610 613 # 'value' 611 614 { 612 $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols); 615 $thisval = $match[1]; 616 if ( in_array($attrname, $uris) ) 617 $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); 613 618 614 619 if(FALSE === array_key_exists($attrname, $attrarr)) { 615 620 $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n'); … … 623 628 if (preg_match("%^([^\s\"']+)(\s+|$)%", $attr, $match)) 624 629 # value 625 630 { 626 $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols); 631 $thisval = $match[1]; 632 if ( in_array($attrname, $uris) ) 633 $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); 627 634 628 635 if(FALSE === array_key_exists($attrname, $attrarr)) { 629 636 $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
