Ticket #4409: 4409.diff
| File 4409.diff, 1.1 KB (added by , 19 years ago) |
|---|
-
wp-includes/kses.php
257 257 # matches stray ">" characters. 258 258 ############################################################################### 259 259 { 260 return preg_replace('%((<!--.*?(-->|$))|(<[^ >]*(>|$)|>))%e',260 return preg_replace('%((<!--.*?(-->|$))|(<[^<>]*(>|$)|>))%e', 261 261 "wp_kses_split2('\\1', \$allowed_html, ".'$allowed_protocols)', $string); 262 262 } # function wp_kses_split 263 263 … … 289 289 return ''; 290 290 # It's seriously malformed 291 291 292 // Turns 'foo < br' into 'foo < br'; 293 // if ( false === strpos($string, '>') ) 294 // return str_replace( '<', '<', $string ); 295 292 296 $slash = trim($matches[1]); 293 297 $elem = $matches[2]; 294 298 $attrlist = $matches[3]; 295 299 296 if (!@isset($allowed_html[strtolower($elem)])) 300 if (!@isset($allowed_html[strtolower($elem)])) { 301 // Turns 'foo < br' into 'foo <br>' like kses did originally 302 if ( false === strpos($string, '>') ) 303 return str_replace( '<', '<', $string ); 297 304 return ''; 305 } 298 306 # They are using a not allowed HTML element 299 307 300 308 if ($slash != '')