Changeset 22811
- Timestamp:
- 11/22/2012 07:23:43 AM (12 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/class-feed.php
r22599 r22811 93 93 } 94 94 } 95 96 /** 97 * WordPress SimplePie Sanitization Class 98 * 99 * Extension of the SimplePie_Sanitize class to use KSES, because 100 * we cannot universally count on DOMDocument being available 101 * 102 * @package WordPress 103 * @since 3.5.0 104 */ 105 class WP_SimplePie_Sanitize_KSES extends SimplePie_Sanitize { 106 public function sanitize( $data, $type, $base = '' ) { 107 $data = trim( $data ); 108 if ( $type & SIMPLEPIE_CONSTRUCT_MAYBE_HTML ) { 109 if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data)) { 110 $type |= SIMPLEPIE_CONSTRUCT_HTML; 111 } 112 else { 113 $type |= SIMPLEPIE_CONSTRUCT_TEXT; 114 } 115 } 116 if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) { 117 $data = base64_decode( $data ); 118 } 119 if ( $type & ( SIMPLEPIE_CONSTRUCT_HTML | SIMPLEPIE_CONSTRUCT_XHTML ) ) { 120 $data = wp_kses_post( $data ); 121 if ( $this->output_encoding !== 'UTF-8' ) { 122 $data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) ); 123 } 124 return $data; 125 } else { 126 return parent::sanitize( $data, $type, $base ); 127 } 128 } 129 } -
trunk/wp-includes/feed.php
r22599 r22811 529 529 $feed = new SimplePie(); 530 530 531 $feed->set_sanitize_class( 'WP_SimplePie_Sanitize_KSES' ); 532 // We must manually overwrite $feed->sanitize because SimplePie's 533 // constructor sets it before we have a chance to set the sanitization class 534 $feed->sanitize = new WP_SimplePie_Sanitize_KSES(); 535 531 536 $feed->set_cache_class( 'WP_Feed_Cache' ); 532 537 $feed->set_file_class( 'WP_SimplePie_File' );
Note: See TracChangeset
for help on using the changeset viewer.