Ticket #37248: 37248.patch
| File 37248.patch, 3.4 KB (added by , 9 years ago) |
|---|
-
wp-includes/kses.php
551 551 $allowed_protocols = wp_allowed_protocols(); 552 552 $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) ); 553 553 $string = wp_kses_js_entities( $string ); 554 554 555 555 // Preserve leading and trailing whitespace. 556 556 $matches = array(); 557 557 preg_match('/^\s*/', $string, $matches); … … 563 563 } else { 564 564 $string = substr( $string, strlen( $lead ), -strlen( $trail ) ); 565 565 } 566 566 567 567 // Parse attribute name and value from input. 568 568 $split = preg_split( '/\s*=\s*/', $string, 2 ); 569 569 $name = $split[0]; … … 600 600 $value = ''; 601 601 $vless = 'y'; 602 602 } 603 603 604 604 // Sanitize attribute by name. 605 605 wp_kses_attr_check( $name, $value, $string, $vless, $element, $allowed_html ); 606 606 … … 1063 1063 } else { 1064 1064 $xhtml_slash = ''; 1065 1065 } 1066 1066 1067 1067 // Split it 1068 1068 $attrarr = wp_kses_hair_parse( $attr ); 1069 1069 if ( false === $attrarr ) { … … 1073 1073 // Make sure all input is returned by adding front and back matter. 1074 1074 array_unshift( $attrarr, $begin . $slash . $elname ); 1075 1075 array_push( $attrarr, $xhtml_slash . $end ); 1076 1076 1077 1077 return $attrarr; 1078 1078 } 1079 1079 … … 1714 1714 * @param array $attr List of allowed CSS attributes. 1715 1715 */ 1716 1716 $allowed_attr = apply_filters( 'safe_style_css', array( 1717 '-moz-box-flex', 1718 '-moz-box-ordinal-group', 1719 '-ms-flex', 1720 '-ms-flex-order', 1721 '-webkit-box-flex', 1722 '-webkit-box-ordinal-group', 1723 '-webkit-flex', 1724 '-webkit-order', 1725 'align-content', 1726 'align-items', 1727 'align-self', 1717 1728 'background', 1718 1729 'background-color', 1719 1720 1730 'border', 1721 'border-width',1722 'border-color',1723 'border-style',1724 'border-right',1725 'border-right-color',1726 'border-right-style',1727 'border-right-width',1728 1731 'border-bottom', 1729 1732 'border-bottom-color', 1730 1733 'border-bottom-style', 1731 1734 'border-bottom-width', 1735 'border-collapse', 1736 'border-color', 1732 1737 'border-left', 1733 1738 'border-left-color', 1734 1739 'border-left-style', 1735 1740 'border-left-width', 1741 'border-right', 1742 'border-right-color', 1743 'border-right-style', 1744 'border-right-width', 1745 'border-spacing', 1746 'border-style', 1736 1747 'border-top', 1737 1748 'border-top-color', 1738 1749 'border-top-style', 1739 1750 'border-top-width', 1740 1741 'border-spacing', 1742 'border-collapse', 1751 'border-width', 1743 1752 'caption-side', 1744 1753 'clear', 1745 1754 'color', 1755 'cursor', 1756 'direction', 1757 'display', 1758 'flex', 1759 'flex', 1760 'flex-basis', 1761 'flex-direction', 1762 'flex-flow', 1763 'flex-grow', 1764 'flex-shrink', 1765 'flex-wrap', 1766 'float', 1746 1767 'font', 1747 1768 'font-family', 1748 1769 'font-size', … … 1749 1770 'font-style', 1750 1771 'font-variant', 1751 1772 'font-weight', 1773 'height', 1774 'justify-content', 1752 1775 'letter-spacing', 1753 1776 'line-height', 1754 'text-decoration', 1755 'text-indent', 1756 'text-align', 1757 1758 'height', 1759 'min-height', 1760 'max-height', 1761 1762 'width', 1763 'min-width', 1764 'max-width', 1765 1777 'list-style-type', 1766 1778 'margin', 1767 'margin-right',1768 1779 'margin-bottom', 1769 1780 'margin-left', 1781 'margin-right', 1770 1782 'margin-top', 1771 1783 'max-height', 1784 'max-width', 1785 'min-height', 1786 'min-width', 1787 'order', 1788 'overflow', 1772 1789 'padding', 1773 'padding-right',1774 1790 'padding-bottom', 1775 1791 'padding-left', 1792 'padding-right', 1776 1793 'padding-top', 1777 1778 'clear', 1779 'cursor', 1780 'direction', 1781 'float', 1782 'overflow', 1794 'text-align', 1795 'text-decoration', 1796 'text-indent', 1783 1797 'vertical-align', 1784 ' list-style-type',1798 'width', 1785 1799 ) ); 1786 1800 1787 1801 if ( empty($allowed_attr) )