WordPress.org

Make WordPress Core

Ticket #24251: 24251.2.diff

File 24251.2.diff, 15.0 KB (added by lukecavanagh, 7 months ago)

Patch refresh

  • src/wp-includes/functions.php

     
    24092409        'bmp' => 'image/bmp', 
    24102410        'tiff|tif' => 'image/tiff', 
    24112411        'ico' => 'image/x-icon', 
     2412        'svg' => 'image/svg+xml', 
    24122413        // Video formats. 
    24132414        'asf|asx' => 'video/x-ms-asf', 
    24142415        'wmv' => 'video/x-ms-wmv', 
  • src/wp-includes/kses.php

     
    498498        ); 
    499499 
    500500        $allowedposttags = array_map( '_wp_add_global_attributes', $allowedposttags ); 
     501 
     502        /** 
     503         * Kses global for default allowable SVG tags. 
     504         * 
     505         * Can be override by using CUSTOM_TAGS constant. 
     506         * 
     507         * @global array $allowedsvgtags 
     508         * @since 2.0.0 
     509         */ 
     510        $allowedsvgtags = array( 
     511                'a' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'id' => array(), 'mask' => array(), 'opacity' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array(), 'href' => array(), 'xlink:href' => array(), 'xlink:title' => array() ), 
     512                'circle' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'cx' => array(), 'cy' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'id' => array(), 'mask' => array(), 'opacity' => array(), 'r' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array() ), 
     513                'clippath' => array( 'class' => array(), 'clippathunits' => array(), 'id' => array() ), 
     514                'defs' => array(), 
     515            'style' => array( 'type' => array() ), 
     516                'desc' => array(), 
     517                'ellipse' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'cx' => array(), 'cy' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'id' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'rx' => array(), 'ry' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array() ), 
     518                'fegaussianblur' => array( 'class' => array(), 'color-interpolation-filters' => array(), 'id' => array(), 'requiredfeatures' => array(), 'stddeviation' => array() ), 
     519                'filter' => array( 'class' => array(), 'color-interpolation-filters' => array(), 'filterres' => array(), 'filterunits' => array(), 'height' => array(), 'id' => array(), 'primitiveunits' => array(), 'requiredfeatures' => array(), 'width' => array(), 'x' => array(), 'xlink:href' => array(), 'y' => array() ), 
     520                'foreignobject' => array( 'class' => array(), 'font-size' => array(), 'height' => array(), 'id' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'style' => array(), 'transform' => array(), 'width' => array(), 'x' => array(), 'y' => array() ), 
     521                'g' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'id' => array(), 'display' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array(), 'font-family' => array(), 'font-size' => array(), 'font-style' => array(), 'font-weight' => array(), 'text-anchor' => array() ), 
     522                'image' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'filter' => array(), 'height' => array(), 'id' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array(), 'width' => array(), 'x' => array(), 'xlink:href' => array(), 'xlink:title' => array(), 'y' => array() ), 
     523                'line' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'id' => array(), 'marker-end' => array(), 'marker-mid' => array(), 'marker-start' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array(), 'x1' => array(), 'x2' => array(), 'y1' => array(), 'y2' => array() ), 
     524                'lineargradient' => array( 'class' => array(), 'id' => array(), 'gradienttransform' => array(), 'gradientunits' => array(), 'requiredfeatures' => array(), 'spreadmethod' => array(), 'systemlanguage' => array(), 'x1' => array(), 'x2' => array(), 'xlink:href' => array(), 'y1' => array(), 'y2' => array() ), 
     525                'marker' => array( 'id' => array(), 'class' => array(), 'markerheight' => array(), 'markerunits' => array(), 'markerwidth' => array(), 'orient' => array(), 'preserveaspectratio' => array(), 'refx' => array(), 'refy' => array(), 'systemlanguage' => array(), 'viewbox' => array() ), 
     526                'mask' => array( 'class' => array(), 'height' => array(), 'id' => array(), 'maskcontentunits' => array(), 'maskunits' => array(), 'width' => array(), 'x' => array(), 'y' => array() ), 
     527                'metadata' => array( 'class' => array(), 'id' => array() ), 
     528                'path' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'd' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'id' => array(), 'marker-end' => array(), 'marker-mid' => array(), 'marker-start' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array() ), 
     529                'pattern' => array('class' => array(), 'height' => array(), 'id' => array(), 'patterncontentunits' => array(), 'patterntransform' => array(), 'patternunits' => array(), 'requiredfeatures' => array(), 'style' => array(), 'systemlanguage' => array(), 'viewbox' => array(), 'width' => array(), 'x' => array(), 'xlink:href' => array(), 'y' => array() ), 
     530                'polygon' => array('class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'id' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'id' => array(), 'class' => array(), 'marker-end' => array(), 'marker-mid' => array(), 'marker-start' => array(), 'mask' => array(), 'opacity' => array(), 'points' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array() ), 
     531                'polyline' => array('class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'id' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'marker-end' => array(), 'marker-mid' => array(), 'marker-start' => array(), 'mask' => array(), 'opacity' => array(), 'points' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array() ), 
     532                'radialgradient' => array('class' => array(), 'cx' => array(), 'cy' => array(), 'fx' => array(), 'fy' => array(), 'gradienttransform' => array(), 'gradientunits' => array(), 'id' => array(), 'r' => array(), 'requiredfeatures' => array(), 'spreadmethod' => array(), 'systemlanguage' => array(), 'xlink:href' => array() ), 
     533                'rect' => array('class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'height' => array(), 'id' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'rx' => array(), 'ry' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array(), 'width' => array(), 'x' => array(), 'y' => array() ), 
     534                'stop' => array('class' => array(), 'id' => array(), 'offset' => array(), 'requiredfeatures' => array(), 'stop-color' => array(), 'stop-opacity' => array(), 'style' => array(), 'systemlanguage' => array() ), 
     535                'svg' => array('class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'filter' => array(), 'id' => array(), 'height' => array(), 'mask' => array(), 'preserveaspectratio' => array(), 'requiredfeatures' => array(), 'style' => array(), 'systemlanguage' => array(), 'viewbox' => array(), 'width' => array(), 'x' => array(), 'xmlns' => array(), 'xmlns:se' => array(), 'xmlns:xlink' => array(), 'y' => array() ), 
     536                'switch' => array('class' => array(), 'id' => array(), 'requiredfeatures' => array(), 'systemlanguage' => array() ), 
     537                'symbol' => array('class' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'font-family' => array(), 'font-size' => array(), 'font-style' => array(), 'font-weight' => array(), 'id' => array(), 'opacity' => array(), 'preserveaspectratio' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array(), 'viewbox' => array() ), 
     538                'text' => array('class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'font-family' => array(), 'font-size' => array(), 'font-style' => array(), 'font-weight' => array(), 'id' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'text-anchor' => array(), 'transform' => array(), 'x' => array(), 'xml:space' => array(), 'y' => array() ), 
     539                'textpath' => array('class' => array(), 'id' => array(), 'method' => array(), 'requiredfeatures' => array(), 'spacing' => array(), 'startoffset' => array(), 'style' => array(), 'systemlanguage' => array(), 'transform' => array(), 'xlink:href' => array() ), 
     540                'title' => array(), 
     541                'tspan' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'dx' => array(), 'dy' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'font-family' => array(), 'font-size' => array(), 'font-style' => array(), 'font-weight' => array(), 'id' => array(), 'mask' => array(), 'opacity' => array(), 'requiredfeatures' => array(), 'rotate' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'systemlanguage' => array(), 'text-anchor' => array(), 'textlength' => array(), 'transform' => array(), 'x' => array(), 'xml:space' => array(), 'y' => array() ), 
     542                'use' => array( 'class' => array(), 'clip-path' => array(), 'clip-rule' => array(), 'fill' => array(), 'fill-opacity' => array(), 'fill-rule' => array(), 'filter' => array(), 'height' => array(), 'id' => array(), 'mask' => array(), 'stroke' => array(), 'stroke-dasharray' => array(), 'stroke-dashoffset' => array(), 'stroke-linecap' => array(), 'stroke-linejoin' => array(), 'stroke-miterlimit' => array(), 'stroke-opacity' => array(), 'stroke-width' => array(), 'style' => array(), 'transform' => array(), 'width' => array(), 'x' => array(), 'xlink:href' => array(), 'y' => array() ), 
     543        ); 
     544 
    501545} else { 
    502546        $allowedtags = wp_kses_array_lc( $allowedtags ); 
    503547        $allowedposttags = wp_kses_array_lc( $allowedposttags ); 
     548        $allowedsvgtags = wp_kses_array_lc( $allowedsvgtags ); 
    504549} 
    505550 
    506551/** 
     
    664709} 
    665710 
    666711/** 
     712 * Return a list of allowed xml tags and attributes for a given context. 
     713 * 
     714 * @params string $context The context for which to retrieve tags. Allowed values are 
     715 *  svg 
     716 * @return array List of allowed xml tags and their allowed attributes. 
     717 */ 
     718function wp_kses_allowed_xml( $context = '' ){ 
     719        global $allowedsvgtags; 
     720 
     721        if ( is_array( $context ) ) 
     722                return apply_filters( 'wp_kses_allowed_xml', $context, 'explicit' ); 
     723 
     724        switch ( $context ) { 
     725                case 'svg': 
     726                case 'image/svg+xml': 
     727                        return apply_filters( 'wp_kses_allowed_xml', $allowedsvgtags, $context ); 
     728                        break; 
     729                default: 
     730                        return apply_filters( 'wp_kses_allowed_xml', array(), $context ); 
     731        } 
     732} 
     733 
     734/** 
    667735 * You add any kses hooks here. 
    668736 * 
    669737 * There is currently only one kses WordPress hook, {@see 'pre_kses'}, and it is called here. 
  • src/wp-admin/includes/file.php

     
    12941294        </div> 
    12951295        <?php 
    12961296} 
     1297 
     1298function wp_validate_upload( $params, $type ){ 
     1299        if ( preg_match( '#\bxml\b#', $params[ 'type' ] ) ) { 
     1300                $content = file_get_contents( $params[ 'file' ] ); 
     1301                $filtered_content = wp_kses( $content, wp_kses_allowed_xml( $params[ 'type' ] ), array() ); 
     1302                file_put_contents( $params[ 'file' ], $filtered_content ); 
     1303        } 
     1304        return $params; 
     1305} 
     1306add_filter( 'wp_handle_upload', 'wp_validate_upload', 10, 2 );