Make WordPress Core

Changeset 12125


Ignore:
Timestamp:
10/29/2009 05:15:58 PM (15 years ago)
Author:
ryan
Message:

Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data. Fixes slashing of displayed fields. fixes #10949

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/default-filters.php

    r12120 r12125  
    2727}
    2828
    29 // Kses only for textarea saves and displays
    30 foreach ( array( 'pre_term_description', 'term_description', 'pre_link_description', 'link_description', 'pre_link_notes', 'link_notes', 'pre_user_description', 'user_description' ) as $filter ) {
     29// Kses only for textarea saves
     30foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
    3131    add_filter( $filter, 'wp_filter_kses' );
     32}
     33
     34// Kses only for textarea saves displays
     35foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
     36    add_filter( $filter, 'wp_kses_data' );
    3237}
    3338
  • trunk/wp-includes/kses.php

    r11930 r12125  
    10601060 * @uses $allowedtags
    10611061 *
    1062  * @param string $data Content to filter
     1062 * @param string $data Content to filter, expected to be escaped with slashes
    10631063 * @return string Filtered content
    10641064 */
     
    10691069
    10701070/**
     1071 * Sanitize content with allowed HTML Kses rules.
     1072 *
     1073 * @since 2.9.0
     1074 * @uses $allowedtags
     1075 *
     1076 * @param string $data Content to filter, expected to not be escaped
     1077 * @return string Filtered content
     1078 */
     1079function wp_kses_data($data) {
     1080    global $allowedtags;
     1081    return wp_kses( $data , $allowedtags );
     1082}
     1083
     1084/**
    10711085 * Sanitize content for allowed HTML tags for post content.
    10721086 *
     
    10771091 * @uses $allowedposttags
    10781092 *
    1079  * @param string $data Post content to filter
     1093 * @param string $data Post content to filter, expected to be escaped with slashes
    10801094 * @return string Filtered post content with allowed HTML tags and attributes intact.
    10811095 */
     
    10831097    global $allowedposttags;
    10841098    return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
     1099}
     1100
     1101/**
     1102 * Sanitize content for allowed HTML tags for post content.
     1103 *
     1104 * Post content refers to the page contents of the 'post' type and not $_POST
     1105 * data from forms.
     1106 *
     1107 * @since 2.9.0
     1108 * @uses $allowedposttags
     1109 *
     1110 * @param string $data Post content to filter
     1111 * @return string Filtered post content with allowed HTML tags and attributes intact.
     1112 */
     1113function wp_kses_post($data) {
     1114    global $allowedposttags;
     1115    return wp_kses( $data , $allowedposttags );
    10851116}
    10861117
Note: See TracChangeset for help on using the changeset viewer.