Ticket #6602: bug6602.patch
File bug6602.patch, 3.0 KB (added by , 17 years ago) |
---|
-
kses.php
531 531 * input. It will add quotes around attribute values that don't have any quotes 532 532 * or apostrophes around them, to make it easier to produce HTML code that will 533 533 * conform to W3C's HTML specification. It will also remove bad URL protocols 534 * from attribute values. 534 * from attribute values. It also reduces duplicate attributes by using the 535 * attribute defined first (foo='bar' foo='baz' will result in foo='bar'). 535 536 * 536 537 * @since 1.0.0 537 538 * … … 574 575 { 575 576 $working = 1; 576 577 $mode = 0; 577 $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y'); 578 if(FALSE === array_key_exists($attrname, $attrarr)) { 579 $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y'); 580 } 578 581 $attr = preg_replace('/^\s+/', '', $attr); 579 582 } 580 583 … … 587 590 { 588 591 $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols); 589 592 590 $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n'); 593 if(FALSE === array_key_exists($attrname, $attrarr)) { 594 $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n'); 595 } 591 596 $working = 1; 592 597 $mode = 0; 593 598 $attr = preg_replace('/^"[^"]*"(\s+|$)/', '', $attr); … … 599 604 { 600 605 $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols); 601 606 602 $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n'); 607 if(FALSE === array_key_exists($attrname, $attrarr)) { 608 $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n'); 609 } 603 610 $working = 1; 604 611 $mode = 0; 605 612 $attr = preg_replace("/^'[^']*'(\s+|$)/", '', $attr); … … 611 618 { 612 619 $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols); 613 620 614 $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n'); 621 if(FALSE === array_key_exists($attrname, $attrarr)) { 622 $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n'); 623 } 615 624 # We add quotes to conform to W3C's HTML spec. 616 625 $working = 1; 617 626 $mode = 0; … … 628 637 } 629 638 } # while 630 639 631 if ($mode == 1 )640 if ($mode == 1 && FALSE === array_key_exists($attrname, $attrarr)) { 632 641 # special case, for when the attribute list ends with a valueless 633 642 # attribute like "selected" 634 $attrarr[ ] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');643 $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y'); 635 644 636 645 return $attrarr; 637 646 }