Ticket #11971: 11971.000.kses.patch
| File 11971.000.kses.patch, 16.1 KB (added by hakre, 4 years ago) |
|---|
-
wordpress/wp-includes/kses.php
42 42 * @since 2.0.0 43 43 */ 44 44 $allowedposttags = array( 45 'address' => array(),46 'a' => array(47 'class' => array(),48 'href' => array(),49 'id' => array(),50 'title' => array(),51 'rel' => array(),52 'rev' => array(),53 'name' => array(),54 'target'=> array()),55 'abbr' => array(56 'class' => array(),57 'title' => array()),58 'acronym' => array(59 'title' => array()),60 'b' => array(),61 'big' => array(),62 'blockquote' => array(63 'id' => array(),64 'cite' => array(),65 'class'=> array(),66 'lang'=> array(),67 68 'br' => array(69 'class' => array()),70 'button' => array(71 'disabled' => array(),72 'name' => array(),73 'type' => array(),74 'value' => array()),75 'caption' => array(76 'align' => array(),77 'class' => array()),78 'cite' => array(79 'class'=> array(),80 'dir'=> array(),81 'lang'=> array(),82 'title' => array()),83 'code' => array(84 'style'=> array()),85 'col' => array(86 'align' => array(),87 'char' => array(),88 'charoff' => array(),89 'span' => array(),90 'dir'=> array(),91 'style' => array(),92 'valign' => array(),93 'width' => array()),94 'del' => array(95 'datetime' => array()),96 'dd' => array(),97 'div' => array(98 'align' => array(),99 'class' => array(),100 'dir' => array(),101 'lang'=> array(),102 'style' => array(),103 104 'dl' => array(),105 'dt' => array(),106 'em' => array(),107 'fieldset' => array(),108 'font' => array(109 'color' => array(),110 'face' => array(),111 'size' => array()),112 'form' => array(113 'action' => array(),114 'accept' => array(),115 'accept-charset' => array(),116 'enctype' => array(),117 'method' => array(),118 'name' => array(),119 'target' => array()),120 'h1' => array(121 'align' => array(),122 'class' => array(),123 'id' => array(),124 'style' => array()),125 'h2' => array(126 'align' => array(),127 'class' => array(),128 'id' => array(),129 'style' => array()),130 'h3' => array(131 'align' => array(),132 'class' => array(),133 'id' => array(),134 'style' => array()),135 'h4' => array(136 'align' => array(),137 'class' => array(),138 'id' => array(),139 'style' => array()),140 'h5' => array(141 'align' => array(),142 'class' => array(),143 'id' => array(),144 'style' => array()),145 'h6' => array(146 'align' => array(),147 'class' => array(),148 'id' => array(),149 'style' => array()),150 'hr' => array(151 'align' => array(),152 'class' => array(),153 'noshade' => array(),154 'size' => array(),155 'width' => array()),156 'i' => array(),157 'img' => array(158 'alt' => array(),159 'align' => array(),160 'border' => array(),161 'class' => array(),162 'height' => array(),163 'hspace' => array(),164 'longdesc' => array(),165 'vspace' => array(),166 'src' => array(),167 'style' => array(),168 'width' => array()),169 'ins' => array(170 'datetime' => array(),171 'cite' => array()),172 'kbd' => array(),173 'label' => array(174 'for' => array()),175 'legend' => array(176 'align' => array()),177 'li' => array(178 'align' => array(),179 'class' => array()),180 'p' => array(181 'class' => array(),182 'align' => array(),183 'dir'=> array(),184 'lang'=> array(),185 'style' => array(),186 187 'pre' => array(188 'style'=> array(),189 'width' => array()),190 'q' => array(191 'cite' => array()),192 's' => array(),193 'span' => array(194 'class' => array(),195 'dir' => array(),196 'align' => array(),197 'lang' => array(),198 'style' => array(),199 'title' => array(),200 201 'strike' => array(),202 'strong' => array(),203 'sub' => array(),204 'sup' => array(),205 'table' => array(206 'align' => array(),207 'bgcolor' => array(),208 'border' => array(),209 'cellpadding' => array(),210 'cellspacing' => array(),211 'class' => array(),212 'dir'=> array(),213 'id'=> array(),214 'rules' => array(),215 'style' => array(),216 'summary' => array(),217 'width' => array()),218 'tbody' => array(219 'align' => array(),220 'char' => array(),221 'charoff' => array(),222 'valign' => array()),223 'td' => array(224 'abbr' => array(),225 'align' => array(),226 'axis' => array(),227 'bgcolor' => array(),228 'char' => array(),229 'charoff' => array(),230 'class' => array(),231 'colspan' => array(),232 'dir'=> array(),233 'headers' => array(),234 'height' => array(),235 'nowrap' => array(),236 'rowspan' => array(),237 'scope' => array(),238 'style' => array(),239 'valign' => array(),240 'width' => array()),241 'textarea' => array(242 'cols' => array(),243 'rows' => array(),244 'disabled' => array(),245 'name' => array(),246 'readonly' => array()),247 'tfoot' => array(248 'align' => array(),249 'char' => array(),250 'class' => array(),251 'charoff' => array(),252 'valign' => array()),253 'th' => array(254 'abbr' => array(),255 'align' => array(),256 'axis' => array(),257 'bgcolor' => array(),258 'char' => array(),259 'charoff' => array(),260 'class' => array(),261 'colspan' => array(),262 'headers' => array(),263 'height' => array(),264 'nowrap' => array(),265 'rowspan' => array(),266 'scope' => array(),267 'valign' => array(),268 'width' => array()),269 'thead' => array(270 'align' => array(),271 'char' => array(),272 'charoff' => array(),273 'class' => array(),274 'valign' => array()),275 'title' => array(),276 'tr' => array(277 'align' => array(),278 'bgcolor' => array(),279 'char' => array(),280 'charoff' => array(),281 'class' => array(),282 'style' => array(),283 'valign' => array()),284 'tt' => array(),285 'u' => array(),286 'ul' => array(287 'class' => array(),288 'style' => array(),289 'type' => array()),290 'ol' => array(291 'class' => array(),292 'start' => array(),293 'style' => array(),294 'type' => array()),295 'var' => array());45 'address' => array(), 46 'a' => array( 47 'class' => array(), 48 'href' => array(), 49 'id' => array(), 50 'title' => array(), 51 'rel' => array(), 52 'rev' => array(), 53 'name' => array(), 54 'target' => array()), 55 'abbr' => array( 56 'class' => array(), 57 'title' => array()), 58 'acronym' => array( 59 'title' => array()), 60 'b' => array(), 61 'big' => array(), 62 'blockquote' => array( 63 'id' => array(), 64 'cite' => array(), 65 'class' => array(), 66 'lang' => array(), 67 'xml:lang' => array()), 68 'br' => array( 69 'class' => array()), 70 'button' => array( 71 'disabled' => array(), 72 'name' => array(), 73 'type' => array(), 74 'value' => array()), 75 'caption' => array( 76 'align' => array(), 77 'class' => array()), 78 'cite' => array( 79 'class' => array(), 80 'dir' => array(), 81 'lang' => array(), 82 'title' => array()), 83 'code' => array( 84 'style' => array()), 85 'col' => array( 86 'align' => array(), 87 'char' => array(), 88 'charoff' => array(), 89 'span' => array(), 90 'dir' => array(), 91 'style' => array(), 92 'valign' => array(), 93 'width' => array()), 94 'del' => array( 95 'datetime' => array()), 96 'dd' => array(), 97 'div' => array( 98 'align' => array(), 99 'class' => array(), 100 'dir' => array(), 101 'lang' => array(), 102 'style' => array(), 103 'xml:lang' => array()), 104 'dl' => array(), 105 'dt' => array(), 106 'em' => array(), 107 'fieldset' => array(), 108 'font' => array( 109 'color' => array(), 110 'face' => array(), 111 'size' => array()), 112 'form' => array( 113 'action' => array(), 114 'accept' => array(), 115 'accept-charset' => array(), 116 'enctype' => array(), 117 'method' => array(), 118 'name' => array(), 119 'target' => array()), 120 'h1' => array( 121 'align' => array(), 122 'class' => array(), 123 'id' => array(), 124 'style' => array()), 125 'h2' => array( 126 'align' => array(), 127 'class' => array(), 128 'id' => array(), 129 'style' => array()), 130 'h3' => array( 131 'align' => array(), 132 'class' => array(), 133 'id' => array(), 134 'style' => array()), 135 'h4' => array( 136 'align' => array(), 137 'class' => array(), 138 'id' => array(), 139 'style' => array()), 140 'h5' => array( 141 'align' => array(), 142 'class' => array(), 143 'id' => array(), 144 'style' => array()), 145 'h6' => array( 146 'align' => array(), 147 'class' => array(), 148 'id' => array(), 149 'style' => array()), 150 'hr' => array( 151 'align' => array(), 152 'class' => array(), 153 'noshade' => array(), 154 'size' => array(), 155 'width' => array()), 156 'i' => array(), 157 'img' => array( 158 'alt' => array(), 159 'align' => array(), 160 'border' => array(), 161 'class' => array(), 162 'height' => array(), 163 'hspace' => array(), 164 'longdesc' => array(), 165 'vspace' => array(), 166 'src' => array(), 167 'style' => array(), 168 'width' => array()), 169 'ins' => array( 170 'datetime' => array(), 171 'cite' => array()), 172 'kbd' => array(), 173 'label' => array( 174 'for' => array()), 175 'legend' => array( 176 'align' => array()), 177 'li' => array( 178 'align' => array(), 179 'class' => array()), 180 'p' => array( 181 'class' => array(), 182 'align' => array(), 183 'dir' => array(), 184 'lang' => array(), 185 'style' => array(), 186 'xml:lang' => array()), 187 'pre' => array( 188 'style' => array(), 189 'width' => array()), 190 'q' => array( 191 'cite' => array()), 192 's' => array(), 193 'span' => array( 194 'class' => array(), 195 'dir' => array(), 196 'align' => array(), 197 'lang' => array(), 198 'style' => array(), 199 'title' => array(), 200 'xml:lang' => array()), 201 'strike' => array(), 202 'strong' => array(), 203 'sub' => array(), 204 'sup' => array(), 205 'table' => array( 206 'align' => array(), 207 'bgcolor' => array(), 208 'border' => array(), 209 'cellpadding' => array(), 210 'cellspacing' => array(), 211 'class' => array(), 212 'dir' => array(), 213 'id' => array(), 214 'rules' => array(), 215 'style' => array(), 216 'summary' => array(), 217 'width' => array()), 218 'tbody' => array( 219 'align' => array(), 220 'char' => array(), 221 'charoff' => array(), 222 'valign' => array()), 223 'td' => array( 224 'abbr' => array(), 225 'align' => array(), 226 'axis' => array(), 227 'bgcolor' => array(), 228 'char' => array(), 229 'charoff' => array(), 230 'class' => array(), 231 'colspan' => array(), 232 'dir' => array(), 233 'headers' => array(), 234 'height' => array(), 235 'nowrap' => array(), 236 'rowspan' => array(), 237 'scope' => array(), 238 'style' => array(), 239 'valign' => array(), 240 'width' => array()), 241 'textarea' => array( 242 'cols' => array(), 243 'rows' => array(), 244 'disabled' => array(), 245 'name' => array(), 246 'readonly' => array()), 247 'tfoot' => array( 248 'align' => array(), 249 'char' => array(), 250 'class' => array(), 251 'charoff' => array(), 252 'valign' => array()), 253 'th' => array( 254 'abbr' => array(), 255 'align' => array(), 256 'axis' => array(), 257 'bgcolor' => array(), 258 'char' => array(), 259 'charoff' => array(), 260 'class' => array(), 261 'colspan' => array(), 262 'headers' => array(), 263 'height' => array(), 264 'nowrap' => array(), 265 'rowspan' => array(), 266 'scope' => array(), 267 'valign' => array(), 268 'width' => array()), 269 'thead' => array( 270 'align' => array(), 271 'char' => array(), 272 'charoff' => array(), 273 'class' => array(), 274 'valign' => array()), 275 'title' => array(), 276 'tr' => array( 277 'align' => array(), 278 'bgcolor' => array(), 279 'char' => array(), 280 'charoff' => array(), 281 'class' => array(), 282 'style' => array(), 283 'valign' => array()), 284 'tt' => array(), 285 'u' => array(), 286 'ul' => array( 287 'class' => array(), 288 'style' => array(), 289 'type' => array()), 290 'ol' => array( 291 'class' => array(), 292 'start' => array(), 293 'style' => array(), 294 'type' => array()), 295 'var' => array()); 296 296 297 297 /** 298 298 * Kses allowed HTML elements. … … 301 301 * @since 1.0.0 302 302 */ 303 303 $allowedtags = array( 304 'a' => array( 305 'href' => array (), 306 'title' => array ()), 307 'abbr' => array( 308 'title' => array ()), 309 'acronym' => array( 310 'title' => array ()), 311 'b' => array(), 312 'blockquote' => array( 313 'cite' => array ()), 314 // 'br' => array(), 315 'cite' => array (), 316 'code' => array(), 317 'del' => array( 318 'datetime' => array ()), 319 // 'dd' => array(), 320 // 'dl' => array(), 321 // 'dt' => array(), 322 'em' => array (), 'i' => array (), 323 // 'ins' => array('datetime' => array(), 'cite' => array()), 324 // 'li' => array(), 325 // 'ol' => array(), 326 // 'p' => array(), 327 'q' => array( 328 'cite' => array ()), 329 'strike' => array(), 330 'strong' => array(), 331 // 'sub' => array(), 332 // 'sup' => array(), 333 // 'u' => array(), 334 // 'ul' => array(), 304 'a' => array( 305 'href' => array(), 306 'title' => array()), 307 'abbr' => array( 308 'title' => array()), 309 'acronym' => array( 310 'title' => array()), 311 'b' => array(), 312 'blockquote' => array( 313 'cite' => array()), 314 'cite' => array(), 315 'code' => array(), 316 'del' => array( 317 'datetime' => array()), 318 'em' => array(), 319 'i' => array(), 320 'q' => array( 321 'cite' => array()), 322 'strike' => array(), 323 'strong' => array(), 335 324 ); 336 325 } 337 326 … … 355 344 * @param array $allowed_protocols Optional. Allowed protocol in links. 356 345 * @return string Filtered content with only allowed HTML elements 357 346 */ 358 function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) {347 function wp_kses($string, $allowed_html, $allowed_protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet') ) { 359 348 $string = wp_kses_no_null($string); 360 349 $string = wp_kses_js_entities($string); 361 350 $string = wp_kses_normalize_entities($string); … … 972 961 * @return string Correctly encoded entity 973 962 */ 974 963 function wp_kses_normalize_entities2($matches) { 975 if ( ! isset($matches[1]) ||empty($matches[1]) )964 if ( empty($matches[1]) ) 976 965 return ''; 977 966 978 967 $i = $matches[1]; … … 991 980 * @return string Correctly encoded entity 992 981 */ 993 982 function wp_kses_normalize_entities3($matches) { 994 if ( ! isset($matches[2]) ||empty($matches[2]) )983 if ( empty($matches[2]) ) 995 984 return ''; 996 985 997 986 $hexchars = $matches[2];
