Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/3.3/wp-includes/kses.php

    r18856 r20541  
    928928function wp_kses_bad_protocol($string, $allowed_protocols) {
    929929    $string = wp_kses_no_null($string);
    930     $string2 = $string.'a';
    931 
    932     while ($string != $string2) {
    933         $string2 = $string;
     930    $iterations = 0;
     931
     932    do {
     933        $original_string = $string;
    934934        $string = wp_kses_bad_protocol_once($string, $allowed_protocols);
    935     } # while
     935    } while ( $original_string != $string && ++$iterations < 6 );
     936
     937    if ( $original_string != $string )
     938        return '';
    936939
    937940    return $string;
     
    10321035 * @return string Sanitized content
    10331036 */
    1034 function wp_kses_bad_protocol_once($string, $allowed_protocols) {
     1037function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
    10351038    $string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );
    1036     if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) )
    1037         $string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] );
     1039    if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
     1040        $string = trim( $string2[1] );
     1041        $protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
     1042        if ( 'feed:' == $protocol ) {
     1043            if ( $count > 2 )
     1044                return '';
     1045            $string = wp_kses_bad_protocol_once( $string, $allowed_protocols, ++$count );
     1046            if ( empty( $string ) )
     1047                return $string;
     1048        }
     1049        $string = $protocol . $string;
     1050    }
    10381051
    10391052    return $string;
Note: See TracChangeset for help on using the changeset viewer.