Changes in trunk/wp-includes/kses.php [17228:18208]
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/kses.php
r17228 r18208 16 16 * You should have received a copy of the GNU General Public License along 17 17 * with this program; if not, write to the Free Software Foundation, Inc., 18 * 5 9 Temple Place, Suite 330, Boston, MA 02111-1307 USA or visit18 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 19 19 * http://www.gnu.org/licenses/gpl.html 20 20 * … … 514 514 * 515 515 * There is currently only one kses WordPress hook and it is called here. All 516 * parameters are passed to the hooks and expected to rec ieve a string.516 * parameters are passed to the hooks and expected to receive a string. 517 517 * 518 518 * @since 1.0.0 … … 555 555 $pass_allowed_html = $allowed_html; 556 556 $pass_allowed_protocols = $allowed_protocols; 557 return preg_replace_callback( '%( (<!--.*?(-->|$))|(<[^>]*(>|$)|>))%', '_wp_kses_split_callback', $string );557 return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string ); 558 558 } 559 559 … … 566 566 function _wp_kses_split_callback( $match ) { 567 567 global $pass_allowed_html, $pass_allowed_protocols; 568 return wp_kses_split2( $match[ 1], $pass_allowed_html, $pass_allowed_protocols );568 return wp_kses_split2( $match[0], $pass_allowed_html, $pass_allowed_protocols ); 569 569 } 570 570 … … 597 597 # It matched a ">" character 598 598 599 if ( preg_match('%^<!--(.*?)(-->)?$%', $string, $matches)) {600 $string = str_replace( array('<!--', '-->'), '', $matches[1]);601 while ( $string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols) )599 if ( '<!--' == substr( $string, 0, 4 ) ) { 600 $string = str_replace( array('<!--', '-->'), '', $string ); 601 while ( $string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols)) ) 602 602 $string = $newstring; 603 603 if ( $string == '' ) … … 619 619 $attrlist = $matches[3]; 620 620 621 if ( !@isset($allowed_html[strtolower($elem)]))621 if ( ! isset($allowed_html[strtolower($elem)]) ) 622 622 return ''; 623 623 # They are using a not allowed HTML element 624 624 625 625 if ($slash != '') 626 return "< $slash$elem>";626 return "</$elem>"; 627 627 # No attributes are allowed for closing elements 628 628 629 return wp_kses_attr( "$slash$elem", $attrlist, $allowed_html, $allowed_protocols);629 return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols ); 630 630 } 631 631 … … 655 655 656 656 # Are any attributes allowed at all for this element? 657 658 if (@ count($allowed_html[strtolower($element)]) == 0) 657 if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 ) 659 658 return "<$element$xhtml_slash>"; 660 659 661 660 # Split it 662 663 661 $attrarr = wp_kses_hair($attr, $allowed_protocols); 664 662 665 663 # Go through $attrarr, and save the allowed attributes for this element 666 664 # in $attr2 667 668 665 $attr2 = ''; 669 666 667 $allowed_attr = $allowed_html[strtolower($element)]; 670 668 foreach ($attrarr as $arreach) { 671 if ( !@ isset ($allowed_html[strtolower($element)][strtolower($arreach['name'])]))669 if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) ) 672 670 continue; # the attribute is not allowed 673 671 674 $current = $allowed_ html[strtolower($element)][strtolower($arreach['name'])];675 if ( $current == '')672 $current = $allowed_attr[strtolower($arreach['name'])]; 673 if ( $current == '' ) 676 674 continue; # the attribute is not allowed 677 675 678 if ( !is_array($current))676 if ( ! is_array($current) ) { 679 677 $attr2 .= ' '.$arreach['whole']; 680 678 # there are no checks 681 679 682 else {680 } else { 683 681 # there are some checks 684 682 $ok = true; 685 foreach ($current as $currkey => $currval) 686 if ( !wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval)) {683 foreach ($current as $currkey => $currval) { 684 if ( ! wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval) ) { 687 685 $ok = false; 688 686 break; 689 687 } 688 } 690 689 691 690 if ( strtolower($arreach['name']) == 'style' ) { 692 691 $orig_value = $arreach['value']; 693 694 692 $value = safecss_filter_attr($orig_value); 695 693 … … 698 696 699 697 $arreach['value'] = $value; 700 701 698 $arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']); 702 699 } … … 708 705 709 706 # Remove any "<" or ">" characters 710 711 707 $attr2 = preg_replace('/[<>]/', '', $attr2); 712 708
Note: See TracChangeset
for help on using the changeset viewer.