WordPress.org

Make WordPress Core

Changeset 20540


Ignore:
Timestamp:
04/19/2012 09:48:12 PM (6 years ago)
Author:
nacin
Message:

Handle multiple feed: schemes.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/kses.php

    r19976 r20540  
    976976function wp_kses_bad_protocol($string, $allowed_protocols) {
    977977    $string = wp_kses_no_null($string);
    978     $string2 = $string.'a';
    979 
    980     while ($string != $string2) {
    981         $string2 = $string;
     978    $iterations = 0;
     979
     980    do {
     981        $original_string = $string;
    982982        $string = wp_kses_bad_protocol_once($string, $allowed_protocols);
    983     } # while
     983    } while ( $original_string != $string && ++$iterations < 6 );
     984
     985    if ( $original_string != $string )
     986        return '';
    984987
    985988    return $string;
     
    10801083 * @return string Sanitized content
    10811084 */
    1082 function wp_kses_bad_protocol_once($string, $allowed_protocols) {
     1085function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
    10831086    $string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );
    1084     if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) )
    1085         $string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] );
     1087    if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
     1088        $string = trim( $string2[1] );
     1089        $protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
     1090        if ( 'feed:' == $protocol ) {
     1091            if ( $count > 2 )
     1092                return '';
     1093            $string = wp_kses_bad_protocol_once( $string, $allowed_protocols, ++$count );
     1094            if ( empty( $string ) )
     1095                return $string;
     1096        }
     1097        $string = $protocol . $string;
     1098    }
    10861099
    10871100    return $string;
Note: See TracChangeset for help on using the changeset viewer.