Changeset 42712
- Timestamp:
- 02/14/2018 11:45:56 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r42343 r42712 972 972 $string = wp_kses_stripslashes( $string ); 973 973 974 // It matched a ">" character. 974 975 if ( substr( $string, 0, 1 ) != '<' ) { 975 976 return '>'; 976 977 } 977 // It matched a ">" character 978 978 979 // Allow HTML comments. 979 980 if ( '<!--' == substr( $string, 0, 4 ) ) { 980 981 $string = str_replace( array( '<!--', '-->' ), '', $string ); … … 991 992 return "<!--{$string}-->"; 992 993 } 993 // Allow HTML comments 994 994 995 // It's seriously malformed. 995 996 if ( ! preg_match( '%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches ) ) { 996 997 return ''; 997 998 } 998 // It's seriously malformed999 999 1000 1000 $slash = trim( $matches[1] ); … … 1006 1006 } 1007 1007 1008 // They are using a not allowed HTML element. 1008 1009 if ( ! isset( $allowed_html[ strtolower( $elem ) ] ) ) { 1009 1010 return ''; 1010 1011 } 1011 // They are using a not allowed HTML element 1012 1012 1013 // No attributes are allowed for closing elements. 1013 1014 if ( $slash != '' ) { 1014 1015 return "</$elem>"; 1015 1016 } 1016 // No attributes are allowed for closing elements1017 1017 1018 1018 return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
Note: See TracChangeset
for help on using the changeset viewer.