Ticket #7363: 7363_2.patch
File 7363_2.patch, 4.7 KB (added by , 16 years ago) |
---|
-
wp-includes/kses.php
850 850 851 851 $string2 = preg_split('/:|:|:/i', $string, 2); 852 852 if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) ) 853 $string = wp_kses_bad_protocol_once2($string2[0] ) . trim($string2[1]);853 $string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]); 854 854 else 855 $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', ' wp_kses_bad_protocol_once2', $string);855 $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'call_wp_kses_bad_protocol_once2', $string); 856 856 857 857 return $string; 858 858 } 859 859 860 // Helper function used instead of create_function() for preg_replace_callback() in wp_kses_bad_protocol_once() 861 function call_wp_kses_bad_protocol_once2( $matches ) { 862 global $_kses_allowed_protocols; 863 864 if ( ! isset($matches[1]) || empty($matches[1]) ) 865 return ''; 866 867 return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols); 868 } 869 860 870 /** 861 871 * wp_kses_bad_protocol_once2() - Callback for wp_kses_bad_protocol_once() regular expression. 862 872 * … … 865 875 * 866 876 * @since 1.0.0 867 877 * 868 * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols 878 * @param string $string Content to check for bad protocols 879 * @param array $allowed_protocols Allowed protocols 869 880 * @return string Sanitized content 870 881 */ 871 function wp_kses_bad_protocol_once2($matches) { 872 global $_kses_allowed_protocols; 873 874 if ( is_array($matches) ) { 875 if ( ! isset($matches[1]) || empty($matches[1]) ) 876 return ''; 877 878 $string = $matches[1]; 879 } else { 880 $string = $matches; 881 } 882 882 function wp_kses_bad_protocol_once2($string, $allowed_protocols) { 883 883 $string2 = wp_kses_decode_entities($string); 884 884 $string2 = preg_replace('/\s/', '', $string2); 885 885 $string2 = wp_kses_no_null($string2); … … 888 888 $string2 = strtolower($string2); 889 889 890 890 $allowed = false; 891 foreach ( (array) $_kses_allowed_protocols as $one_protocol)891 foreach ($allowed_protocols as $one_protocol) 892 892 if (strtolower($one_protocol) == $string2) { 893 893 $allowed = true; 894 894 break; … … 920 920 # Change back the allowed entities in our entity whitelist 921 921 922 922 $string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string); 923 $string = preg_replace_callback('/&#0*([0-9]{1,5});/', ' wp_kses_normalize_entities2', $string);924 $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', ' wp_kses_normalize_entities3', $string);923 $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'call_wp_kses_normalize_entities2', $string); 924 $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'call_wp_kses_normalize_entities3', $string); 925 925 926 926 return $string; 927 927 } 928 928 929 // Helper function used instead of create_function() for preg_replace_callback() in wp_kses_normalize_entities() 930 function call_wp_kses_normalize_entities2($matches) { 931 if ( ! isset($matches[1]) || empty($matches[1]) ) 932 return ''; 933 934 return wp_kses_normalize_entities2($matches[1]); 935 } 936 929 937 /** 930 938 * wp_kses_normalize_entities2() - Callback for wp_kses_normalize_entities() regular expression 931 939 * … … 934 942 * 935 943 * @since 1.0.0 936 944 * 937 * @param array $matches preg_replace_callback() matches array945 * @param int $i Number encoded entity 938 946 * @return string Correctly encoded entity 939 947 */ 940 function wp_kses_normalize_entities2($matches) { 941 if ( ! isset($matches[1]) || empty($matches[1]) ) 948 function wp_kses_normalize_entities2($i) { 949 return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;"); 950 } 951 952 // Helper function used instead of create_function() for preg_replace_callback() in wp_kses_normalize_entities() 953 function call_wp_kses_normalize_entities3($matches) { 954 if ( ! isset($matches[2]) || empty($matches[2]) ) 942 955 return ''; 943 956 944 $i = $matches[1]; 945 return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); 957 return wp_kses_normalize_entities3($matches[2]); 946 958 } 947 959 948 960 /** … … 951 963 * This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities 952 964 * in hex form. 953 965 * 954 * @param array $matches preg_replace_callback() matches array966 * @param string $h Hex string of encoded entity 955 967 * @return string Correctly encoded entity 956 968 */ 957 function wp_kses_normalize_entities3($matches) { 958 if ( ! isset($matches[2]) || empty($matches[2]) ) 959 return ''; 960 961 $hexchars = $matches[2]; 962 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); 969 function wp_kses_normalize_entities3($hexchars) { 970 return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;"); 963 971 } 964 972 965 973 /**