Changeset 17171
- Timestamp:
- 12/29/2010 08:45:37 PM (14 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/formatting.php
r17142 r17171 2269 2269 // Replace ampersands and single quotes only when displaying. 2270 2270 if ( 'display' == $_context ) { 2271 $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url); 2271 $url = wp_kses_normalize_entities( $url ); 2272 $url = str_replace( '&', '&', $url ); 2272 2273 $url = str_replace( "'", ''', $url ); 2273 2274 } -
trunk/wp-includes/kses.php
r17119 r17171 1028 1028 */ 1029 1029 function wp_kses_bad_protocol_once($string, $allowed_protocols) { 1030 global $_kses_allowed_protocols; 1031 $_kses_allowed_protocols = $allowed_protocols; 1032 1033 $string2 = preg_split('/:|:|:/i', $string, 2); 1034 if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) ) 1035 $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]); 1036 else 1037 $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string); 1030 $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 ); 1031 if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) 1032 $string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] ); 1038 1033 1039 1034 return $string; … … 1049 1044 * @since 1.0.0 1050 1045 * 1051 * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols 1046 * @param string $string URI scheme to check against the whitelist 1047 * @param string $allowed_protocols Allowed protocols 1052 1048 * @return string Sanitized content 1053 1049 */ 1054 function wp_kses_bad_protocol_once2($matches) { 1055 global $_kses_allowed_protocols; 1056 1057 if ( is_array($matches) ) { 1058 if ( empty($matches[1]) ) 1059 return ''; 1060 1061 $string = $matches[1]; 1062 } else { 1063 $string = $matches; 1064 } 1065 1050 function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) { 1066 1051 $string2 = wp_kses_decode_entities($string); 1067 1052 $string2 = preg_replace('/\s/', '', $string2); … … 1070 1055 1071 1056 $allowed = false; 1072 foreach ( (array) $ _kses_allowed_protocols as $one_protocol)1073 if ( strtolower($one_protocol) == $string2) {1057 foreach ( (array) $allowed_protocols as $one_protocol ) 1058 if ( strtolower($one_protocol) == $string2 ) { 1074 1059 $allowed = true; 1075 1060 break; … … 1099 1084 1100 1085 # Change back the allowed entities in our entity whitelist 1086 1101 1087 $string = preg_replace_callback('/&([A-Za-z]{2,8});/', 'wp_kses_named_entities', $string); 1102 $string = preg_replace_callback('/&# 0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);1103 $string = preg_replace_callback('/&#[Xx] 0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);1088 $string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string); 1089 $string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string); 1104 1090 1105 1091 return $string; … … 1144 1130 1145 1131 $i = $matches[1]; 1146 return ( ($i > 65535 || ! valid_unicode($i)) ? "&#$i;" : "&#$i;" ); 1132 if (valid_unicode($i)) { 1133 $i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT); 1134 $i = "&#$i;"; 1135 } else { 1136 $i = "&#$i;"; 1137 } 1138 1139 return $i; 1147 1140 } 1148 1141 … … 1163 1156 1164 1157 $hexchars = $matches[1]; 1165 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;");1158 return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' ); 1166 1159 } 1167 1160
Note: See TracChangeset
for help on using the changeset viewer.