Make WordPress Core


Ignore:
Timestamp:
11/22/2012 07:23:43 AM (12 years ago)
Author:
nacin
Message:

Do SimplePie sanitization with wp_kses_post() rather than DOMDocument, which cannot be guaranteed to be available.

Overrides SimplePie_Sanitize with WP_SimplePie_Sanitize_KSES.

props markjaquith, rmccue.
see #21990.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/feed.php

    r22599 r22811  
    529529    $feed = new SimplePie();
    530530
     531    $feed->set_sanitize_class( 'WP_SimplePie_Sanitize_KSES' );
     532    // We must manually overwrite $feed->sanitize because SimplePie's
     533    // constructor sets it before we have a chance to set the sanitization class
     534    $feed->sanitize = new WP_SimplePie_Sanitize_KSES();
     535
    531536    $feed->set_cache_class( 'WP_Feed_Cache' );
    532537    $feed->set_file_class( 'WP_SimplePie_File' );
Note: See TracChangeset for help on using the changeset viewer.