Changeset 17119 for trunk/wp-includes/kses.php
- Timestamp:
- 12/23/2010 03:26:49 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/kses.php
r16313 r17119 681 681 } 682 682 683 if ( $arreach['name']== 'style' ) {683 if ( strtolower($arreach['name']) == 'style' ) { 684 684 $orig_value = $arreach['value']; 685 685 … … 773 773 { 774 774 $thisval = $match[1]; 775 if ( in_array( $attrname, $uris) )775 if ( in_array(strtolower($attrname), $uris) ) 776 776 $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); 777 777 … … 789 789 { 790 790 $thisval = $match[1]; 791 if ( in_array( $attrname, $uris) )791 if ( in_array(strtolower($attrname), $uris) ) 792 792 $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); 793 793 … … 805 805 { 806 806 $thisval = $match[1]; 807 if ( in_array( $attrname, $uris) )807 if ( in_array(strtolower($attrname), $uris) ) 808 808 $thisval = wp_kses_bad_protocol($thisval, $allowed_protocols); 809 809 … … 1099 1099 1100 1100 # Change back the allowed entities in our entity whitelist 1101 1102 1101 $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string); 1103 $string = preg_replace_callback('/&# (0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string);1104 $string = preg_replace_callback('/&#[Xx] (0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string);1102 $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); 1103 $string = preg_replace_callback('/&#[Xx]0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); 1105 1104 1106 1105 return $string; … … 1145 1144 1146 1145 $i = $matches[1]; 1147 if (valid_unicode($i)) { 1148 $i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT); 1149 $i = "&#$i;"; 1150 } else { 1151 $i = "&#$i;"; 1152 } 1153 1154 return $i; 1146 return ( ($i > 65535 || ! valid_unicode($i)) ? "&#$i;" : "&#$i;" ); 1155 1147 } 1156 1148 … … 1171 1163 1172 1164 $hexchars = $matches[1]; 1173 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';');1165 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); 1174 1166 } 1175 1167
Note: See TracChangeset
for help on using the changeset viewer.