Make WordPress Core

Ticket #7363: kses-create_function.patch

File kses-create_function.patch, 3.8 KB (added by azaozz, 16 years ago)
  • wp-includes/kses.php

     
    850850
    851851        $string2 = preg_split('/:|:|:/i', $string, 2);
    852852        if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) )
    853                 $string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]);
     853                $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]);
    854854        else
    855                 $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string);
     855                $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string);
    856856
    857857        return $string;
    858858}
     
    865865 *
    866866 * @since 1.0.0
    867867 *
    868  * @param string $string Content to check for bad protocols
    869  * @param array $allowed_protocols Allowed protocols
     868 * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols
    870869 * @return string Sanitized content
    871870 */
    872 function wp_kses_bad_protocol_once2($string, $allowed_protocols) {
     871function wp_kses_bad_protocol_once2($matches) {
     872        global $_kses_allowed_protocols;
     873
     874        if ( is_array($matches) ) {
     875                if ( ! isset($matches[1]) || empty($matches[1]) )
     876                        return '';
     877
     878                $string = $matches[1];
     879        } else {
     880                $string = $matches;
     881        }
     882
    873883        $string2 = wp_kses_decode_entities($string);
    874884        $string2 = preg_replace('/\s/', '', $string2);
    875885        $string2 = wp_kses_no_null($string2);
     
    878888        $string2 = strtolower($string2);
    879889
    880890        $allowed = false;
    881         foreach ($allowed_protocols as $one_protocol)
     891        foreach ( (array) $_kses_allowed_protocols as $one_protocol)
    882892                if (strtolower($one_protocol) == $string2) {
    883893                        $allowed = true;
    884894                        break;
     
    910920        # Change back the allowed entities in our entity whitelist
    911921
    912922        $string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string);
    913         $string = preg_replace_callback('/&#0*([0-9]{1,5});/', create_function('$matches', 'return wp_kses_normalize_entities2($matches[1]);'), $string);
    914         $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', create_function('$matches', 'return wp_kses_normalize_entities3($matches[2]);'), $string);
     923        $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);
     924        $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);
    915925
    916926        return $string;
    917927}
     
    924934 *
    925935 * @since 1.0.0
    926936 *
    927  * @param int $i Number encoded entity
     937 * @param array $matches preg_replace_callback() matches array
    928938 * @return string Correctly encoded entity
    929939 */
    930 function wp_kses_normalize_entities2($i) {
    931         return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;");
     940function wp_kses_normalize_entities2($matches) {
     941        if ( ! isset($matches[1]) || empty($matches[1]) )
     942                return '';
     943
     944        $i = $matches[1];
     945        return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" );
    932946}
    933947
    934948/**
     
    937951 * This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities
    938952 * in hex form.
    939953 *
    940  * @param string $h Hex string of encoded entity
     954 * @param array $matches preg_replace_callback() matches array
    941955 * @return string Correctly encoded entity
    942956 */
    943 function wp_kses_normalize_entities3($hexchars) {
    944         return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;");
     957function wp_kses_normalize_entities3($matches) {
     958        if ( ! isset($matches[2]) || empty($matches[2]) )
     959                return '';
     960
     961        $hexchars = $matches[2];
     962        return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" );
    945963}
    946964
    947965/**