Changeset 13358
 Timestamp:
 02/24/2010 05:37:20 AM (13 years ago)
 Location:
 trunk/wpincludes
 Files:

 2 edited
Legend:
 Unmodified
 Added
 Removed

trunk/wpincludes/formatting.php
r13299 r13358 335 335 if ( !$double_encode ) { 336 336 $string = wp_specialchars_decode( $string, $_quote_style ); 337 338 /* Critical */ 339 // The previous line decodes &phrase; into &phrase; We must guarantee that &phrase; is valid before proceeding. 340 $string = wp_kses_normalize_entities($string); 341 342 // Now proceed with custom doubleencoding silliness 337 343 $string = preg_replace( '/&(#?x?[09az]+);/i', 'wp_entity$1/wp_entity', $string ); 338 344 } 
trunk/wpincludes/kses.php
r12680 r13358 334 334 // 'ul' => array(), 335 335 ); 336 337 $allowedentitynames = array( 338 'nbsp', 339 'iexcl', 340 'cent', 341 'pound', 342 'curren', 343 'yen', 344 'brvbar', 345 'sect', 346 'uml', 347 'copy', 348 'ordf', 349 'laquo', 350 'not', 351 'shy', 352 'reg', 353 'macr', 354 'deg', 355 'plusmn', 356 'acute', 357 'micro', 358 'para', 359 'middot', 360 'cedil', 361 'ordm', 362 'raquo', 363 'iquest', 364 'Agrave', 365 'Aacute', 366 'Acirc', 367 'Atilde', 368 'Auml', 369 'Aring', 370 'AElig', 371 'Ccedil', 372 'Egrave', 373 'Eacute', 374 'Ecirc', 375 'Euml', 376 'Igrave', 377 'Iacute', 378 'Icirc', 379 'Iuml', 380 'ETH', 381 'Ntilde', 382 'Ograve', 383 'Oacute', 384 'Ocirc', 385 'Otilde', 386 'Ouml', 387 'times', 388 'Oslash', 389 'Ugrave', 390 'Uacute', 391 'Ucirc', 392 'Uuml', 393 'Yacute', 394 'THORN', 395 'szlig', 396 'agrave', 397 'aacute', 398 'acirc', 399 'atilde', 400 'auml', 401 'aring', 402 'aelig', 403 'ccedil', 404 'egrave', 405 'eacute', 406 'ecirc', 407 'euml', 408 'igrave', 409 'iacute', 410 'icirc', 411 'iuml', 412 'eth', 413 'ntilde', 414 'ograve', 415 'oacute', 416 'ocirc', 417 'otilde', 418 'ouml', 419 'divide', 420 'oslash', 421 'ugrave', 422 'uacute', 423 'ucirc', 424 'uuml', 425 'yacute', 426 'thorn', 427 'yuml', 428 'quot', 429 'amp', 430 'lt', 431 'gt', 432 'apos', 433 'OElig', 434 'oelig', 435 'Scaron', 436 'scaron', 437 'Yuml', 438 'circ', 439 'tilde', 440 'ensp', 441 'emsp', 442 'thinsp', 443 'zwnj', 444 'zwj', 445 'lrm', 446 'rlm', 447 'ndash', 448 'mdash', 449 'lsquo', 450 'rsquo', 451 'sbquo', 452 'ldquo', 453 'rdquo', 454 'bdquo', 455 'dagger', 456 'Dagger', 457 'permil', 458 'lsaquo', 459 'rsaquo', 460 'euro', 461 'fnof', 462 'Alpha', 463 'Beta', 464 'Gamma', 465 'Delta', 466 'Epsilon', 467 'Zeta', 468 'Eta', 469 'Theta', 470 'Iota', 471 'Kappa', 472 'Lambda', 473 'Mu', 474 'Nu', 475 'Xi', 476 'Omicron', 477 'Pi', 478 'Rho', 479 'Sigma', 480 'Tau', 481 'Upsilon', 482 'Phi', 483 'Chi', 484 'Psi', 485 'Omega', 486 'alpha', 487 'beta', 488 'gamma', 489 'delta', 490 'epsilon', 491 'zeta', 492 'eta', 493 'theta', 494 'iota', 495 'kappa', 496 'lambda', 497 'mu', 498 'nu', 499 'xi', 500 'omicron', 501 'pi', 502 'rho', 503 'sigmaf', 504 'sigma', 505 'tau', 506 'upsilon', 507 'phi', 508 'chi', 509 'psi', 510 'omega', 511 'thetasym', 512 'upsih', 513 'piv', 514 'bull', 515 'hellip', 516 'prime', 517 'Prime', 518 'oline', 519 'frasl', 520 'weierp', 521 'image', 522 'real', 523 'trade', 524 'alefsym', 525 'larr', 526 'uarr', 527 'rarr', 528 'darr', 529 'harr', 530 'crarr', 531 'lArr', 532 'uArr', 533 'rArr', 534 'dArr', 535 'hArr', 536 'forall', 537 'part', 538 'exist', 539 'empty', 540 'nabla', 541 'isin', 542 'notin', 543 'ni', 544 'prod', 545 'sum', 546 'minus', 547 'lowast', 548 'radic', 549 'prop', 550 'infin', 551 'ang', 552 'and', 553 'or', 554 'cap', 555 'cup', 556 'int', 557 'sim', 558 'cong', 559 'asymp', 560 'ne', 561 'equiv', 562 'le', 563 'ge', 564 'sub', 565 'sup', 566 'nsub', 567 'sube', 568 'supe', 569 'oplus', 570 'otimes', 571 'perp', 572 'sdot', 573 'lceil', 574 'rceil', 575 'lfloor', 576 'rfloor', 577 'lang', 578 'rang', 579 'loz', 580 'spades', 581 'clubs', 582 'hearts', 583 'diams' 584 ); 336 585 } 337 586 … … 953 1202 # Change back the allowed entities in our entity whitelist 954 1203 955 $string = preg_replace ('/&([AZaz][AZaz09]{0,19});/', '&\\1;', $string);1204 $string = preg_replace_callback('/&([AZaz]{2,8});/', 'wp_kses_named_entities', $string); 956 1205 $string = preg_replace_callback('/&#0*([09]{1,5});/', 'wp_kses_normalize_entities2', $string); 957 1206 $string = preg_replace_callback('/&#([Xx])0*(([09AFaf]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); … … 963 1212 * Callback for wp_kses_normalize_entities() regular expression. 964 1213 * 1214 * This function only accepts valid named entity references, which are finite, 1215 * casesensitive, and highly scrutinized by HTML and XML validators. 1216 * 1217 * @since 3.0.0 1218 * 1219 * @param array $matches preg_replace_callback() matches array 1220 * @return string Correctly encoded entity 1221 */ 1222 function wp_kses_named_entities($matches) { 1223 global $allowedentitynames; 1224 1225 if ( empty($matches[1]) ) 1226 return ''; 1227 1228 $i = $matches[1]; 1229 return ( ( ! in_array($i, $allowedentitynames) ) ? "&$i;" : "&$i;" ); 1230 } 1231 1232 /** 1233 * Callback for wp_kses_normalize_entities() regular expression. 1234 * 965 1235 * This function helps wp_kses_normalize_entities() to only accept 16 bit values 966 1236 * and nothing more for &#number; entities. … … 973 1243 */ 974 1244 function wp_kses_normalize_entities2($matches) { 975 if ( ! isset($matches[1]) empty($matches[1]) )1245 if ( empty($matches[1]) ) 976 1246 return ''; 977 1247 … … 992 1262 */ 993 1263 function wp_kses_normalize_entities3($matches) { 994 if ( ! isset($matches[2]) empty($matches[2]) )1264 if ( empty($matches[2]) ) 995 1265 return ''; 996 1266
Note: See TracChangeset
for help on using the changeset viewer.