Ticket #40575: 40575.patch
| File 40575.patch, 1.6 KB (added by , 9 years ago) |
|---|
-
src/wp-includes/kses.php
549 549 $allowed_html = wp_kses_allowed_html( 'post' ); 550 550 $allowed_protocols = wp_allowed_protocols(); 551 551 $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) ); 552 552 553 553 // Preserve leading and trailing whitespace. 554 554 $matches = array(); 555 555 preg_match('/^\s*/', $string, $matches); … … 561 561 } else { 562 562 $string = substr( $string, strlen( $lead ), -strlen( $trail ) ); 563 563 } 564 564 565 565 // Parse attribute name and value from input. 566 566 $split = preg_split( '/\s*=\s*/', $string, 2 ); 567 567 $name = $split[0]; … … 598 598 $value = ''; 599 599 $vless = 'y'; 600 600 } 601 601 602 602 // Sanitize attribute by name. 603 603 wp_kses_attr_check( $name, $value, $string, $vless, $element, $allowed_html ); 604 604 … … 633 633 * @param string $context Context to judge allowed tags by. Allowed values are 'post', 634 634 * 'data', 'strip', 'entities', 'explicit', or the name of a filter. 635 635 */ 636 return apply_filters( 'wp_kses_allowed_html', $ context, 'explicit' );636 return apply_filters( 'wp_kses_allowed_html', $tags, 'explicit' ); 637 637 } 638 638 639 639 switch ( $context ) { … … 1061 1061 } else { 1062 1062 $xhtml_slash = ''; 1063 1063 } 1064 1064 1065 1065 // Split it 1066 1066 $attrarr = wp_kses_hair_parse( $attr ); 1067 1067 if ( false === $attrarr ) { … … 1071 1071 // Make sure all input is returned by adding front and back matter. 1072 1072 array_unshift( $attrarr, $begin . $slash . $elname ); 1073 1073 array_push( $attrarr, $xhtml_slash . $end ); 1074 1074 1075 1075 return $attrarr; 1076 1076 } 1077 1077