diff --git wp-includes/kses.php wp-includes/kses.php
index d84fb6f837..dbfebcbb00 100644
|
|
|
function wp_kses_hair( $attr, $allowed_protocols ) { |
| 1248 | 1248 | |
| 1249 | 1249 | switch ( $mode ) { |
| 1250 | 1250 | case 0: |
| 1251 | | if ( preg_match( '/^([-a-zA-Z:]+)/', $attr, $match ) ) { |
| | 1251 | if ( preg_match( '/^([_a-zA-Z][-_a-zA-Z0-9:.]*)/', $attr, $match ) ) { |
| 1252 | 1252 | $attrname = $match[1]; |
| 1253 | 1253 | $working = 1; |
| 1254 | 1254 | $mode = 1; |
| 1255 | | $attr = preg_replace( '/^[-a-zA-Z:]+/', '', $attr ); |
| | 1255 | $attr = preg_replace( '/^[_a-zA-Z][-_a-zA-Z0-9:.]*/', '', $attr ); |
| 1256 | 1256 | } |
| 1257 | 1257 | |
| 1258 | 1258 | break; |
| … |
… |
function wp_kses_hair_parse( $attr ) { |
| 1439 | 1439 | // phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation |
| 1440 | 1440 | $regex = |
| 1441 | 1441 | '(?:' |
| 1442 | | . '[-a-zA-Z:]+' // Attribute name. |
| | 1442 | . '[_a-zA-Z][-_a-zA-Z0-9:.]*' // Attribute name. |
| 1443 | 1443 | . '|' |
| 1444 | 1444 | . '\[\[?[^\[\]]+\]\]?' // Shortcode in the name position implies unfiltered_html. |
| 1445 | 1445 | . ')' |