Ticket #7363: kses-create_function.patch
File kses-create_function.patch, 3.8 KB (added by , 16 years ago) |
---|
-
wp-includes/kses.php
850 850 851 851 $string2 = preg_split('/:|:|:/i', $string, 2); 852 852 if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) ) 853 $string = wp_kses_bad_protocol_once2($string2[0] , $allowed_protocols) . trim($string2[1]);853 $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]); 854 854 else 855 $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string);855 $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string); 856 856 857 857 return $string; 858 858 } … … 865 865 * 866 866 * @since 1.0.0 867 867 * 868 * @param string $string Content to check for bad protocols 869 * @param array $allowed_protocols Allowed protocols 868 * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols 870 869 * @return string Sanitized content 871 870 */ 872 function wp_kses_bad_protocol_once2($string, $allowed_protocols) { 871 function wp_kses_bad_protocol_once2($matches) { 872 global $_kses_allowed_protocols; 873 874 if ( is_array($matches) ) { 875 if ( ! isset($matches[1]) || empty($matches[1]) ) 876 return ''; 877 878 $string = $matches[1]; 879 } else { 880 $string = $matches; 881 } 882 873 883 $string2 = wp_kses_decode_entities($string); 874 884 $string2 = preg_replace('/\s/', '', $string2); 875 885 $string2 = wp_kses_no_null($string2); … … 878 888 $string2 = strtolower($string2); 879 889 880 890 $allowed = false; 881 foreach ( $allowed_protocols as $one_protocol)891 foreach ( (array) $_kses_allowed_protocols as $one_protocol) 882 892 if (strtolower($one_protocol) == $string2) { 883 893 $allowed = true; 884 894 break; … … 910 920 # Change back the allowed entities in our entity whitelist 911 921 912 922 $string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string); 913 $string = preg_replace_callback('/&#0*([0-9]{1,5});/', create_function('$matches', 'return wp_kses_normalize_entities2($matches[1]);'), $string);914 $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', create_function('$matches', 'return wp_kses_normalize_entities3($matches[2]);'), $string);923 $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); 924 $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); 915 925 916 926 return $string; 917 927 } … … 924 934 * 925 935 * @since 1.0.0 926 936 * 927 * @param int $i Number encoded entity937 * @param array $matches preg_replace_callback() matches array 928 938 * @return string Correctly encoded entity 929 939 */ 930 function wp_kses_normalize_entities2($i) { 931 return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;"); 940 function wp_kses_normalize_entities2($matches) { 941 if ( ! isset($matches[1]) || empty($matches[1]) ) 942 return ''; 943 944 $i = $matches[1]; 945 return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); 932 946 } 933 947 934 948 /** … … 937 951 * This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities 938 952 * in hex form. 939 953 * 940 * @param string $h Hex string of encoded entity954 * @param array $matches preg_replace_callback() matches array 941 955 * @return string Correctly encoded entity 942 956 */ 943 function wp_kses_normalize_entities3($hexchars) { 944 return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;"); 957 function wp_kses_normalize_entities3($matches) { 958 if ( ! isset($matches[2]) || empty($matches[2]) ) 959 return ''; 960 961 $hexchars = $matches[2]; 962 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); 945 963 } 946 964 947 965 /**