Changeset 31079
- Timestamp:
- 01/08/2015 05:51:39 AM (10 years ago)
- Location:
- trunk/src
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ms.php
r31034 r31079 137 137 138 138 while ( $index < count( $stack ) ) { 139 #Get indexed directory from stack139 // Get indexed directory from stack 140 140 $dir = $stack[$index]; 141 141 -
trunk/src/wp-includes/class-wp-xmlrpc-server.php
r30681 r31079 3635 3635 $formats = get_post_format_strings(); 3636 3636 3637 #find out if they want a list of currently supports formats3637 // find out if they want a list of currently supports formats 3638 3638 if ( isset( $args[3] ) && is_array( $args[3] ) ) { 3639 3639 if ( $args[3]['show-supported'] ) { -
trunk/src/wp-includes/formatting.php
r31064 r31079 551 551 for ($i=0; $i < $length; $i++) { 552 552 $c = ord($str[$i]); 553 if ($c < 0x80) $n = 0; #0bbbbbbb554 elseif (($c & 0xE0) == 0xC0) $n=1; #110bbbbb555 elseif (($c & 0xF0) == 0xE0) $n=2; #1110bbbb556 elseif (($c & 0xF8) == 0xF0) $n=3; #11110bbb557 elseif (($c & 0xFC) == 0xF8) $n=4; #111110bb558 elseif (($c & 0xFE) == 0xFC) $n=5; #1111110b559 else return false; #Does not match any model560 for ($j=0; $j<$n; $j++) { #n bytes matching 10bbbbbb follow ?553 if ($c < 0x80) $n = 0; // 0bbbbbbb 554 elseif (($c & 0xE0) == 0xC0) $n=1; // 110bbbbb 555 elseif (($c & 0xF0) == 0xE0) $n=2; // 1110bbbb 556 elseif (($c & 0xF8) == 0xF0) $n=3; // 11110bbb 557 elseif (($c & 0xFC) == 0xF8) $n=4; // 111110bb 558 elseif (($c & 0xFE) == 0xFC) $n=5; // 1111110b 559 else return false; // Does not match any model 560 for ($j=0; $j<$n; $j++) { // n bytes matching 10bbbbbb follow ? 561 561 if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80)) 562 562 return false; -
trunk/src/wp-includes/kses.php
r30726 r31079 673 673 if (substr($string, 0, 1) != '<') 674 674 return '>'; 675 #It matched a ">" character675 // It matched a ">" character 676 676 677 677 if ( '<!--' == substr( $string, 0, 4 ) ) { … … 687 687 return "<!--{$string}-->"; 688 688 } 689 #Allow HTML comments689 // Allow HTML comments 690 690 691 691 if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) 692 692 return ''; 693 #It's seriously malformed693 // It's seriously malformed 694 694 695 695 $slash = trim($matches[1]); … … 702 702 if ( ! isset($allowed_html[strtolower($elem)]) ) 703 703 return ''; 704 #They are using a not allowed HTML element704 // They are using a not allowed HTML element 705 705 706 706 if ($slash != '') 707 707 return "</$elem>"; 708 #No attributes are allowed for closing elements708 // No attributes are allowed for closing elements 709 709 710 710 return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols ); … … 729 729 */ 730 730 function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) { 731 #Is there a closing XHTML slash at the end of the attributes?731 // Is there a closing XHTML slash at the end of the attributes? 732 732 733 733 if ( ! is_array( $allowed_html ) ) … … 738 738 $xhtml_slash = ' /'; 739 739 740 #Are any attributes allowed at all for this element?740 // Are any attributes allowed at all for this element? 741 741 if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 ) 742 742 return "<$element$xhtml_slash>"; 743 743 744 #Split it744 // Split it 745 745 $attrarr = wp_kses_hair($attr, $allowed_protocols); 746 746 747 #Go through $attrarr, and save the allowed attributes for this element748 #in $attr2747 // Go through $attrarr, and save the allowed attributes for this element 748 // in $attr2 749 749 $attr2 = ''; 750 750 … … 752 752 foreach ($attrarr as $arreach) { 753 753 if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) ) 754 continue; #the attribute is not allowed754 continue; // the attribute is not allowed 755 755 756 756 $current = $allowed_attr[strtolower($arreach['name'])]; 757 757 if ( $current == '' ) 758 continue; #the attribute is not allowed758 continue; // the attribute is not allowed 759 759 760 760 if ( strtolower( $arreach['name'] ) == 'style' ) { … … 771 771 if ( ! is_array($current) ) { 772 772 $attr2 .= ' '.$arreach['whole']; 773 #there are no checks773 // there are no checks 774 774 775 775 } else { 776 #there are some checks776 // there are some checks 777 777 $ok = true; 778 778 foreach ($current as $currkey => $currval) { … … 784 784 785 785 if ( $ok ) 786 $attr2 .= ' '.$arreach['whole']; #it passed them787 } #if !is_array($current)788 } #foreach789 790 #Remove any "<" or ">" characters786 $attr2 .= ' '.$arreach['whole']; // it passed them 787 } // if !is_array($current) 788 } // foreach 789 790 // Remove any "<" or ">" characters 791 791 $attr2 = preg_replace('/[<>]/', '', $attr2); 792 792 … … 817 817 $uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action'); 818 818 819 #Loop through the whole attribute list819 // Loop through the whole attribute list 820 820 821 821 while (strlen($attr) != 0) { 822 $working = 0; #Was the last operation successful?822 $working = 0; // Was the last operation successful? 823 823 824 824 switch ($mode) { 825 case 0 : #attribute name, href for instance825 case 0 : // attribute name, href for instance 826 826 827 827 if ( preg_match('/^([-a-zA-Z:]+)/', $attr, $match ) ) { … … 833 833 break; 834 834 835 case 1 : #equals sign or valueless ("selected")836 837 if (preg_match('/^\s*=\s*/', $attr)) #equals sign835 case 1 : // equals sign or valueless ("selected") 836 837 if (preg_match('/^\s*=\s*/', $attr)) // equals sign 838 838 { 839 839 $working = 1; … … 843 843 } 844 844 845 if (preg_match('/^\s+/', $attr)) #valueless845 if (preg_match('/^\s+/', $attr)) // valueless 846 846 { 847 847 $working = 1; … … 855 855 break; 856 856 857 case 2 : #attribute value, a URL after href= for instance857 case 2 : // attribute value, a URL after href= for instance 858 858 859 859 if (preg_match('%^"([^"]*)"(\s+|/?$)%', $attr, $match)) 860 #"value"860 // "value" 861 861 { 862 862 $thisval = $match[1]; … … 874 874 875 875 if (preg_match("%^'([^']*)'(\s+|/?$)%", $attr, $match)) 876 #'value'876 // 'value' 877 877 { 878 878 $thisval = $match[1]; … … 890 890 891 891 if (preg_match("%^([^\s\"']+)(\s+|/?$)%", $attr, $match)) 892 #value892 // value 893 893 { 894 894 $thisval = $match[1]; … … 899 899 $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n'); 900 900 } 901 #We add quotes to conform to W3C's HTML spec.901 // We add quotes to conform to W3C's HTML spec. 902 902 $working = 1; 903 903 $mode = 0; … … 906 906 907 907 break; 908 } #switch909 910 if ($working == 0) #not well formed, remove and try again908 } // switch 909 910 if ($working == 0) // not well formed, remove and try again 911 911 { 912 912 $attr = wp_kses_html_error($attr); 913 913 $mode = 0; 914 914 } 915 } #while915 } // while 916 916 917 917 if ($mode == 1 && false === array_key_exists($attrname, $attrarr)) 918 #special case, for when the attribute list ends with a valueless919 #attribute like "selected"918 // special case, for when the attribute list ends with a valueless 919 // attribute like "selected" 920 920 $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y'); 921 921 … … 942 942 switch (strtolower($checkname)) { 943 943 case 'maxlen' : 944 #The maxlen check makes sure that the attribute value has a length not945 #greater than the given value. This can be used to avoid Buffer Overflows946 #in WWW clients and various Internet servers.944 // The maxlen check makes sure that the attribute value has a length not 945 // greater than the given value. This can be used to avoid Buffer Overflows 946 // in WWW clients and various Internet servers. 947 947 948 948 if (strlen($value) > $checkvalue) … … 951 951 952 952 case 'minlen' : 953 #The minlen check makes sure that the attribute value has a length not954 #smaller than the given value.953 // The minlen check makes sure that the attribute value has a length not 954 // smaller than the given value. 955 955 956 956 if (strlen($value) < $checkvalue) … … 959 959 960 960 case 'maxval' : 961 #The maxval check does two things: it checks that the attribute value is962 #an integer from 0 and up, without an excessive amount of zeroes or963 #whitespace (to avoid Buffer Overflows). It also checks that the attribute964 #value is not greater than the given value.965 #This check can be used to avoid Denial of Service attacks.961 // The maxval check does two things: it checks that the attribute value is 962 // an integer from 0 and up, without an excessive amount of zeroes or 963 // whitespace (to avoid Buffer Overflows). It also checks that the attribute 964 // value is not greater than the given value. 965 // This check can be used to avoid Denial of Service attacks. 966 966 967 967 if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value)) … … 972 972 973 973 case 'minval' : 974 #The minval check makes sure that the attribute value is a positive integer,975 #and that it is not smaller than the given value.974 // The minval check makes sure that the attribute value is a positive integer, 975 // and that it is not smaller than the given value. 976 976 977 977 if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value)) … … 982 982 983 983 case 'valueless' : 984 #The valueless check makes sure if the attribute has a value985 #(like <a href="blah">) or not (<option selected>). If the given value986 #is a "y" or a "Y", the attribute must not have a value.987 #If the given value is an "n" or an "N", the attribute must have one.984 // The valueless check makes sure if the attribute has a value 985 // (like <a href="blah">) or not (<option selected>). If the given value 986 // is a "y" or a "Y", the attribute must not have a value. 987 // If the given value is an "n" or an "N", the attribute must have one. 988 988 989 989 if (strtolower($checkvalue) != $vless) 990 990 $ok = false; 991 991 break; 992 } #switch992 } // switch 993 993 994 994 return $ok; … … 1075 1075 $outkey2 = strtolower($inkey2); 1076 1076 $outarray[$outkey][$outkey2] = $inval2; 1077 } #foreach $inval1078 } #foreach $inarray1077 } // foreach $inval 1078 } // foreach $inarray 1079 1079 1080 1080 return $outarray; … … 1182 1182 */ 1183 1183 function wp_kses_normalize_entities($string) { 1184 #Disarm all entities by converting & to &1184 // Disarm all entities by converting & to & 1185 1185 1186 1186 $string = str_replace('&', '&', $string); 1187 1187 1188 #Change back the allowed entities in our entity whitelist1188 // Change back the allowed entities in our entity whitelist 1189 1189 1190 1190 $string = preg_replace_callback('/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string);
Note: See TracChangeset
for help on using the changeset viewer.