WordPress.org

Make WordPress Core

Ticket #7363: 7363_2.patch

File 7363_2.patch, 4.7 KB (added by azaozz, 10 years ago)

Reverts most of the previous changes and adds helper functions used as callbacks instead of create_function()

  • wp-includes/kses.php

     
    850850 
    851851        $string2 = preg_split('/:|:|:/i', $string, 2); 
    852852        if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) ) 
    853                 $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]); 
     853                $string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]); 
    854854        else 
    855                 $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string); 
     855                $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'call_wp_kses_bad_protocol_once2', $string); 
    856856 
    857857        return $string; 
    858858} 
    859859 
     860// Helper function used instead of create_function() for preg_replace_callback() in wp_kses_bad_protocol_once() 
     861function call_wp_kses_bad_protocol_once2( $matches ) { 
     862        global $_kses_allowed_protocols; 
     863 
     864        if ( ! isset($matches[1]) || empty($matches[1]) ) 
     865                return ''; 
     866 
     867        return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols); 
     868} 
     869 
    860870/** 
    861871 * wp_kses_bad_protocol_once2() - Callback for wp_kses_bad_protocol_once() regular expression. 
    862872 * 
     
    865875 * 
    866876 * @since 1.0.0 
    867877 * 
    868  * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols 
     878 * @param string $string Content to check for bad protocols 
     879 * @param array $allowed_protocols Allowed protocols 
    869880 * @return string Sanitized content 
    870881 */ 
    871 function wp_kses_bad_protocol_once2($matches) { 
    872         global $_kses_allowed_protocols; 
    873  
    874         if ( is_array($matches) ) { 
    875                 if ( ! isset($matches[1]) || empty($matches[1]) ) 
    876                         return ''; 
    877  
    878                 $string = $matches[1]; 
    879         } else { 
    880                 $string = $matches; 
    881         } 
    882  
     882function wp_kses_bad_protocol_once2($string, $allowed_protocols) { 
    883883        $string2 = wp_kses_decode_entities($string); 
    884884        $string2 = preg_replace('/\s/', '', $string2); 
    885885        $string2 = wp_kses_no_null($string2); 
     
    888888        $string2 = strtolower($string2); 
    889889 
    890890        $allowed = false; 
    891         foreach ( (array) $_kses_allowed_protocols as $one_protocol) 
     891        foreach ($allowed_protocols as $one_protocol) 
    892892                if (strtolower($one_protocol) == $string2) { 
    893893                        $allowed = true; 
    894894                        break; 
     
    920920        # Change back the allowed entities in our entity whitelist 
    921921 
    922922        $string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string); 
    923         $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); 
    924         $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); 
     923        $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'call_wp_kses_normalize_entities2', $string); 
     924        $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'call_wp_kses_normalize_entities3', $string); 
    925925 
    926926        return $string; 
    927927} 
    928928 
     929// Helper function used instead of create_function() for preg_replace_callback() in wp_kses_normalize_entities()  
     930function call_wp_kses_normalize_entities2($matches) { 
     931        if ( ! isset($matches[1]) || empty($matches[1]) ) 
     932                return ''; 
     933 
     934        return wp_kses_normalize_entities2($matches[1]); 
     935} 
     936 
    929937/** 
    930938 * wp_kses_normalize_entities2() - Callback for wp_kses_normalize_entities() regular expression 
    931939 * 
     
    934942 * 
    935943 * @since 1.0.0 
    936944 * 
    937  * @param array $matches preg_replace_callback() matches array 
     945 * @param int $i Number encoded entity 
    938946 * @return string Correctly encoded entity 
    939947 */ 
    940 function wp_kses_normalize_entities2($matches) { 
    941         if ( ! isset($matches[1]) || empty($matches[1]) ) 
     948function wp_kses_normalize_entities2($i) { 
     949        return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;"); 
     950} 
     951 
     952// Helper function used instead of create_function() for preg_replace_callback() in wp_kses_normalize_entities()  
     953function call_wp_kses_normalize_entities3($matches) { 
     954        if ( ! isset($matches[2]) || empty($matches[2]) ) 
    942955                return ''; 
    943956 
    944         $i = $matches[1]; 
    945         return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); 
     957        return wp_kses_normalize_entities3($matches[2]); 
    946958} 
    947959 
    948960/** 
     
    951963 * This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities 
    952964 * in hex form. 
    953965 * 
    954  * @param array $matches preg_replace_callback() matches array 
     966 * @param string $h Hex string of encoded entity 
    955967 * @return string Correctly encoded entity 
    956968 */ 
    957 function wp_kses_normalize_entities3($matches) { 
    958         if ( ! isset($matches[2]) || empty($matches[2]) ) 
    959                 return ''; 
    960  
    961         $hexchars = $matches[2]; 
    962         return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); 
     969function wp_kses_normalize_entities3($hexchars) { 
     970        return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;"); 
    963971} 
    964972 
    965973/**