Changes from branches/2.8/wp-includes/kses.php at r11698 to trunk/wp-includes/kses.php at r11212
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/kses.php
r11698 r11212 120 120 'h1' => array( 121 121 'align' => array (), 122 'class' => array (), 123 'id' => array (), 124 'style' => array ()), 125 'h2' => array ( 126 'align' => array (), 127 'class' => array (), 128 'id' => array (), 129 'style' => array ()), 130 'h3' => array ( 131 'align' => array (), 132 'class' => array (), 133 'id' => array (), 134 'style' => array ()), 135 'h4' => array ( 136 'align' => array (), 137 'class' => array (), 138 'id' => array (), 139 'style' => array ()), 140 'h5' => array ( 141 'align' => array (), 142 'class' => array (), 143 'id' => array (), 144 'style' => array ()), 145 'h6' => array ( 146 'align' => array (), 147 'class' => array (), 148 'id' => array (), 149 'style' => array ()), 150 'hr' => array ( 122 'class' => array ()), 123 'h2' => array( 124 'align' => array (), 125 'class' => array ()), 126 'h3' => array( 127 'align' => array (), 128 'class' => array ()), 129 'h4' => array( 130 'align' => array (), 131 'class' => array ()), 132 'h5' => array( 133 'align' => array (), 134 'class' => array ()), 135 'h6' => array( 136 'align' => array (), 137 'class' => array ()), 138 'hr' => array( 151 139 'align' => array (), 152 140 'class' => array (), … … 534 522 } 535 523 536 if ( $arreach['name'] == 'style' ) {537 $orig_value = $arreach['value'];538 539 $value = safecss_filter_attr($orig_value);540 541 if ( empty($value) )542 continue;543 544 $arreach['value'] = $value;545 546 $arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']);547 }548 549 524 if ($ok) 550 525 $attr2 .= ' '.$arreach['whole']; # it passed them … … 1148 1123 add_action('init', 'kses_init'); 1149 1124 add_action('set_current_user', 'kses_init'); 1150 1151 function safecss_filter_attr( $css, $deprecated = '' ) { 1152 $css = wp_kses_no_null($css); 1153 $css = str_replace(array("\n","\r","\t"), '', $css); 1154 1155 if ( preg_match( '%[\\(&]|/\*%', $css ) ) // remove any inline css containing \ ( & or comments 1156 return ''; 1157 1158 $css_array = split( ';', trim( $css ) ); 1159 $allowed_attr = apply_filters( 'safe_style_css', array( 'text-align', 'margin', 'color', 'float', 1160 'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', 1161 'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left', 1162 'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', 1163 'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', 1164 'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', 1165 'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', 1166 'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', 1167 'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', 1168 'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', 1169 'width' ) ); 1170 1171 if ( empty($allowed_attr) ) 1172 return $css; 1173 1174 $css = ''; 1175 foreach ( $css_array as $css_item ) { 1176 if ( $css_item == '' ) 1177 continue; 1178 $css_item = trim( $css_item ); 1179 $found = false; 1180 if ( strpos( $css_item, ':' ) === false ) { 1181 $found = true; 1182 } else { 1183 $parts = split( ':', $css_item ); 1184 if ( in_array( trim( $parts[0] ), $allowed_attr ) ) 1185 $found = true; 1186 } 1187 if ( $found ) { 1188 if( $css != '' ) 1189 $css .= ';'; 1190 $css .= $css_item; 1191 } 1192 } 1193 1194 return $css; 1195 } 1125 ?>
Note: See TracChangeset
for help on using the changeset viewer.