Changeset 43016 for trunk/src/wp-includes/kses.php
- Timestamp:
- 04/28/2018 01:57:32 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r42880 r43016 32 32 33 33 /** 34 * You can override this in a plugin. 35 * 36 * The {@see 'wp_kses_allowed_html'} filter is more powerful and supplies context. 37 * 38 * `CUSTOM_TAGS` is not recommended and should be considered deprecated. 34 * Specifies the default allowable HTML tags. 35 * 36 * Using `CUSTOM_TAGS` is not recommended and should be considered deprecated. The 37 * {@see 'wp_kses_allowed_html'} filter is more powerful and supplies context. 39 38 * 40 39 * @see wp_kses_allowed_html() 41 *42 40 * @since 1.2.0 41 * 42 * @var array[]|bool Array of default allowable HTML tags, or false to use the defaults. 43 43 */ 44 44 if ( ! defined( 'CUSTOM_TAGS' ) ) { … … 52 52 if ( ! CUSTOM_TAGS ) { 53 53 /** 54 * K sesglobal for default allowable HTML tags.54 * KSES global for default allowable HTML tags. 55 55 * 56 * Can be overrid e by using CUSTOM_TAGSconstant.56 * Can be overridden with the `CUSTOM_TAGS` constant. 57 57 * 58 * @ global array $allowedposttags58 * @var array[] $allowedposttags Array of default allowable HTML tags. 59 59 * @since 2.0.0 60 60 */ … … 417 417 418 418 /** 419 * Kses allowed HTML elements. 420 * 421 * @global array $allowedtags 419 * @var array[] $allowedtags Array of KSES allowed HTML elements. 422 420 * @since 1.0.0 423 421 */ … … 452 450 ); 453 451 452 /** 453 * @var string[] $allowedentitynames Array of KSES allowed HTML entitity names. 454 * @since 1.0.0 455 */ 454 456 $allowedentitynames = array( 455 457 'nbsp', … … 715 717 716 718 /** 717 * Filters content and keeps only allowable HTML elements.719 * Filters text content and strips out disallowed HTML. 718 720 * 719 721 * This function makes sure that only the allowed HTML element names, attribute 720 * names and attribute values plus only sane HTML entities will occur in 721 * $string. You have to remove any slashes from PHP's magic quotes before you 722 * call this function. 723 * 724 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 725 * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This 726 * covers all common link protocols, except for 'javascript' which should not 727 * be allowed for untrusted users. 722 * names, attribute values, and HTML entities will occur in the given text string. 723 * 724 * This function expects unslashed data. 725 * 726 * @see wp_kses_post() for specifically filtering post content and fields. 727 * @see wp_allowed_protocols() for the default allowed protocols in link URLs. 728 728 * 729 729 * @since 1.0.0 730 730 * 731 * @param string $string Content to filter through kses 732 * @param array $allowed_html List of allowed HTML elements 733 * @param array $allowed_protocols Optional. Allowed protocol in links. 734 * @return string Filtered content with only allowed HTML elements 731 * @param string $string Text content to filter. 732 * @param array[]|string $allowed_html An array of allowed HTML elements and attributes, or a 733 * context name such as 'post'. 734 * @param string[] $allowed_protocols Array of allowed URL protocols. 735 * @return string Filtered content containing only the allowed HTML. 735 736 */ 736 737 function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) { … … 740 741 $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) ); 741 742 $string = wp_kses_normalize_entities( $string ); 742 $string = wp_kses_hook( $string, $allowed_html, $allowed_protocols ); // WP changed the order of these funcs and added args to wp_kses_hook743 $string = wp_kses_hook( $string, $allowed_html, $allowed_protocols ); 743 744 return wp_kses_split( $string, $allowed_html, $allowed_protocols ); 744 745 } 745 746 746 747 /** 747 * Filters one attribute only and ensures its value is allowed. 748 * 749 * This function has the advantage of being more secure than esc_attr() and can 750 * escape data in some situations where wp_kses() must strip the whole attribute. 748 * Filters one HTML attribute and ensures its value is allowed. 749 * 750 * This function can escape data in some situations where `wp_kses()` must strip the whole attribute. 751 751 * 752 752 * @since 4.2.3 753 753 * 754 * @param string $string The 'whole' attribute, including name and value.755 * @param string $element The element name to which the attribute belongs.754 * @param string $string The 'whole' attribute, including name and value. 755 * @param string $element The HTML element name to which the attribute belongs. 756 756 * @return string Filtered attribute. 757 757 */ … … 819 819 820 820 /** 821 * Return a list of allowedtags and attributes for a given context.821 * Returns an array of allowed HTML tags and attributes for a given context. 822 822 * 823 823 * @since 3.5.0 … … 827 827 * @global array $allowedentitynames 828 828 * 829 * @param string|array $context The context for which to retrieve tags. 830 * Allowed values are post, strip, data, entities, or831 * the name of a field filter such as pre_user_description.832 * @return array List of allowedtags and their allowed attributes.829 * @param string|array $context The context for which to retrieve tags. Allowed values are 'post', 830 * 'strip', 'data', 'entities', or the name of a field filter such as 831 * 'pre_user_description'. 832 * @return array Array of allowed HTML tags and their allowed attributes. 833 833 */ 834 834 function wp_kses_allowed_html( $context = '' ) { … … 837 837 if ( is_array( $context ) ) { 838 838 /** 839 * Filters HTML elements allowed for a given context.839 * Filters the HTML that is allowed for a given context. 840 840 * 841 841 * @since 3.5.0 842 842 * 843 * @param array 844 * @param string $context_type Context type (explicit).843 * @param array[]|string $context Context to judge allowed tags by. 844 * @param string $context_type Context name. 845 845 */ 846 846 return apply_filters( 'wp_kses_allowed_html', $context, 'explicit' ); … … 875 875 876 876 /** 877 * You add any kseshooks here.878 * 879 * There is currently only one ksesWordPress hook, {@see 'pre_kses'}, and it is called here.877 * You add any KSES hooks here. 878 * 879 * There is currently only one KSES WordPress hook, {@see 'pre_kses'}, and it is called here. 880 880 * All parameters are passed to the hooks and expected to receive a string. 881 881 * 882 882 * @since 1.0.0 883 883 * 884 * @param string $string Content to filter through kses885 * @param array $allowed_html List of allowed HTML elements886 * @param array $allowed_protocols Allowed protocol in links884 * @param string $string Content to filter through KSES. 885 * @param array[]|string $allowed_html List of allowed HTML elements. 886 * @param string[] $allowed_protocols Array of allowed URL protocols. 887 887 * @return string Filtered content through {@see 'pre_kses'} hook. 888 888 */ … … 893 893 * @since 2.3.0 894 894 * 895 * @param string $string Content to run through kses.896 * @param array $allowed_html Allowed HTML elements.897 * @param array $allowed_protocols Allowed protocol in links.895 * @param string $string Content to run through KSES. 896 * @param array[]|string $allowed_html Allowed HTML elements. 897 * @param string[] $allowed_protocols Array of allowed URL protocols. 898 898 */ 899 899 return apply_filters( 'pre_kses', $string, $allowed_html, $allowed_protocols ); … … 901 901 902 902 /** 903 * This function returns kses' version number.903 * Returns the version number of KSES. 904 904 * 905 905 * @since 1.0.0 906 906 * 907 * @return string KSES Version Number907 * @return string KSES version number. 908 908 */ 909 909 function wp_kses_version() { … … 914 914 * Searches for HTML tags, no matter how malformed. 915 915 * 916 * It also matches stray ">"characters.916 * It also matches stray `>` characters. 917 917 * 918 918 * @since 1.0.0 … … 921 921 * @global array $pass_allowed_protocols 922 922 * 923 * @param string $string Content to filter924 * @param array $allowed_html Allowed HTML elements925 * @param array $allowed_protocols Allowed protocols to keep923 * @param string $string Content to filter. 924 * @param array $allowed_html Allowed HTML elements. 925 * @param string[] $allowed_protocols Array of allowed URL protocols. 926 926 * @return string Content with fixed HTML tags 927 927 */ … … 934 934 935 935 /** 936 * Callback for wp_kses_split.936 * Callback for `wp_kses_split()`. 937 937 * 938 938 * @since 3.1.0 939 939 * @access private 940 * @ignore 940 941 * 941 942 * @global array $pass_allowed_html … … 950 951 951 952 /** 952 * Callback for wp_kses_splitfor fixing malformed HTML tags.953 * Callback for `wp_kses_split()` for fixing malformed HTML tags. 953 954 * 954 955 * This function does a lot of work. It rejects some very malformed things like 955 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no956 * strip_tags()!). Otherwise it splits the tag into an element and an attribute956 * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no 957 * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute 957 958 * list. 958 959 * … … 962 963 * 963 964 * @access private 965 * @ignore 964 966 * @since 1.0.0 965 967 * 966 * @param string $string Content to filter967 * @param array $allowed_html Allowed HTML elements968 * @param array $allowed_protocols Allowed protocols to keep968 * @param string $string Content to filter. 969 * @param array $allowed_html Allowed HTML elements. 970 * @param string[] $allowed_protocols Array of allowed URL protocols. 969 971 * @return string Fixed HTML element 970 972 */ … … 1022 1024 * Removes all attributes, if none are allowed for this element. 1023 1025 * 1024 * If some are allowed it calls wp_kses_hair()to split them further, and then1025 * it builds up new HTML code from the data that kses_hair()returns. It also1026 * removes "<" and ">"characters, if there are any left. One more thing it does1026 * If some are allowed it calls `wp_kses_hair()` to split them further, and then 1027 * it builds up new HTML code from the data that `kses_hair()` returns. It also 1028 * removes `<` and `>` characters, if there are any left. One more thing it does 1027 1029 * is to check if the tag has a closing XHTML slash, and if it does, it puts one 1028 1030 * in the returned code as well. … … 1030 1032 * @since 1.0.0 1031 1033 * 1032 * @param string $element HTML element/tag1033 * @param string $attr HTML attributes from HTML element to closing HTML element tag1034 * @param array $allowed_html Allowed HTML elements1035 * @param array $allowed_protocols Allowed protocols to keep1036 * @return string Sanitized HTML element 1034 * @param string $element HTML element/tag. 1035 * @param string $attr HTML attributes from HTML element to closing HTML element tag. 1036 * @param array $allowed_html Allowed HTML elements. 1037 * @param string[] $allowed_protocols Array of allowed URL protocols. 1038 * @return string Sanitized HTML element. 1037 1039 */ 1038 1040 function wp_kses_attr( $element, $attr, $allowed_html, $allowed_protocols ) { … … 1072 1074 1073 1075 /** 1074 * Determine whether an attribute is allowed.1076 * Determines whether an attribute is allowed. 1075 1077 * 1076 1078 * @since 4.2.3 1077 1079 * 1078 * @param string $name The attribute name. Returns empty string when not allowed.1079 * @param string $value The attribute value. Returns a filtered value.1080 * @param string $whole The name=value input. Returns filtered input.1081 * @param string $vless 'y' when attribute like "enabled", otherwise'n'.1082 * @param string $element The name of the element to which this attribute belongs.1083 * @param array $allowed_html The full list of allowed elements and attributes.1084 * @return bool Is the attribute allowed?1080 * @param string $name The attribute name. Passed by reference. Returns empty string when not allowed. 1081 * @param string $value The attribute value. Passed by reference. Returns a filtered value. 1082 * @param string $whole The `name=value` input. Passed by reference. Returns filtered input. 1083 * @param string $vless Whether the attribute is valueless. Use 'y' or 'n'. 1084 * @param string $element The name of the element to which this attribute belongs. 1085 * @param array $allowed_html The full list of allowed elements and attributes. 1086 * @return bool Whether or not the attribute is allowed. 1085 1087 */ 1086 1088 function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) { … … 1127 1129 * conform to W3C's HTML specification. It will also remove bad URL protocols 1128 1130 * from attribute values. It also reduces duplicate attributes by using the 1129 * attribute defined first ( foo='bar' foo='baz' will result in foo='bar').1131 * attribute defined first (`foo='bar' foo='baz'` will result in `foo='bar'`). 1130 1132 * 1131 1133 * @since 1.0.0 1132 1134 * 1133 * @param string $attr Attribute list from HTML element to closing HTML element tag1134 * @param array $allowed_protocols Allowed protocols to keep1135 * @return array List of attributes after parsing1135 * @param string $attr Attribute list from HTML element to closing HTML element tag. 1136 * @param string[] $allowed_protocols Array of allowed URL protocols. 1137 * @return array[] Array of attribute information after parsing. 1136 1138 */ 1137 1139 function wp_kses_hair( $attr, $allowed_protocols ) { … … 1272 1274 * Does not modify input. May return "evil" output. 1273 1275 * 1274 * Based on wp_kses_split2() and wp_kses_attr()1276 * Based on `wp_kses_split2()` and `wp_kses_attr()`. 1275 1277 * 1276 1278 * @since 4.2.3 1277 1279 * 1278 * @param string $element HTML element /tag1279 * @return array|bool List of attributes found in $element. Returns false on failure.1280 * @param string $element HTML element. 1281 * @return array|bool List of attributes found in the element. Returns false on failure. 1280 1282 */ 1281 1283 function wp_kses_attr_parse( $element ) { … … 1323 1325 * In case of unexpected input, returns false instead of stripping things. 1324 1326 * 1325 * Based on wp_kses_hair()but does not return a multi-dimensional array.1327 * Based on `wp_kses_hair()` but does not return a multi-dimensional array. 1326 1328 * 1327 1329 * @since 4.2.3 1328 1330 * 1329 * @param string $attr Attribute list from HTML element to closing HTML element tag 1331 * @param string $attr Attribute list from HTML element to closing HTML element tag. 1330 1332 * @return array|bool List of attributes found in $attr. Returns false on failure. 1331 1333 */ … … 1375 1377 * Performs different checks for attribute values. 1376 1378 * 1377 * The currently implemented checks are "maxlen", "minlen", "maxval", "minval" 1379 * The currently implemented checks are "maxlen", "minlen", "maxval", "minval", 1378 1380 * and "valueless". 1379 1381 * 1380 1382 * @since 1.0.0 1381 1383 * 1382 * @param string $value Attribute value 1383 * @param string $vless Whether the value is valueless. Use 'y' or 'n'1384 * @param string $value Attribute value. 1385 * @param string $vless Whether the attribute is valueless. Use 'y' or 'n'. 1384 1386 * @param string $checkname What $checkvalue is checking for. 1385 * @param mixed $checkvalue What constraint the value should pass 1386 * @return bool Whether check passes 1387 * @param mixed $checkvalue What constraint the value should pass. 1388 * @return bool Whether check passes. 1387 1389 */ 1388 1390 function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) { … … 1438 1440 case 'valueless': 1439 1441 // The valueless check makes sure if the attribute has a value 1440 // (like <a href="blah">) or not (<option selected>). If the given value1442 // (like `<a href="blah">`) or not (`<option selected>`). If the given value 1441 1443 // is a "y" or a "Y", the attribute must not have a value. 1442 // If the given value is an "n" or an "N", the attribute must have one.1444 // If the given value is an "n" or an "N", the attribute must have a value. 1443 1445 1444 1446 if ( strtolower( $checkvalue ) != $vless ) { … … 1452 1454 1453 1455 /** 1454 * Sanitize string from badprotocols.1455 * 1456 * This function removes all non-allowed protocols from the beginning of 1457 * $string. It ignores whitespace and the case of the letters, and it does1458 * understand HTML entities. It does its work in a while loop, so it won't be1459 * fooled by a string like "javascript:javascript:alert(57)".1456 * Sanitizes a string and removed disallowed URL protocols. 1457 * 1458 * This function removes all non-allowed protocols from the beginning of the 1459 * string. It ignores whitespace and the case of the letters, and it does 1460 * understand HTML entities. It does its work recursively, so it won't be 1461 * fooled by a string like `javascript:javascript:alert(57)`. 1460 1462 * 1461 1463 * @since 1.0.0 1462 1464 * 1463 * @param string $string Content to filter bad protocols from1464 * @param array $allowed_protocols Allowed protocols to keep1465 * @return string Filtered content 1465 * @param string $string Content to filter bad protocols from. 1466 * @param string[] $allowed_protocols Array of allowed URL protocols. 1467 * @return string Filtered content. 1466 1468 */ 1467 1469 function wp_kses_bad_protocol( $string, $allowed_protocols ) { … … 1482 1484 1483 1485 /** 1484 * Removes any invalid control characters in $string.1485 * 1486 * Also removes any instance of the '\0'string.1486 * Removes any invalid control characters in a text string. 1487 * 1488 * Also removes any instance of the `\0` string. 1487 1489 * 1488 1490 * @since 1.0.0 1489 1491 * 1490 * @param string $string 1491 * @param array $options Set 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'.1492 * @return string 1492 * @param string $string Content to filter null characters from. 1493 * @param array $options Set 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'. 1494 * @return string Filtered content. 1493 1495 */ 1494 1496 function wp_kses_no_null( $string, $options = null ) { … … 1508 1510 * Strips slashes from in front of quotes. 1509 1511 * 1510 * This function changes the character sequence \" to just ". It leaves all 1511 * other slashes alone. It's really weird, but the quoting from 1512 * preg_replace(//e) seems to require this. 1512 * This function changes the character sequence `\"` to just `"`. It leaves all other 1513 * slashes alone. The quoting from `preg_replace(//e)` requires this. 1513 1514 * 1514 1515 * @since 1.0.0 1515 1516 * 1516 * @param string $string String to strip slashes 1517 * @return string Fixed string with quoted slashes 1517 * @param string $string String to strip slashes from. 1518 * @return string Fixed string with quoted slashes. 1518 1519 */ 1519 1520 function wp_kses_stripslashes( $string ) { … … 1522 1523 1523 1524 /** 1524 * Goes through an array and changes the keys to all lowercase.1525 * Converts the keys of an array to lowercase. 1525 1526 * 1526 1527 * @since 1.0.0 1527 1528 * 1528 * @param array $inarray Unfiltered array 1529 * @return array Fixed array with all lowercase keys 1529 * @param array $inarray Unfiltered array. 1530 * @return array Fixed array with all lowercase keys. 1530 1531 */ 1531 1532 function wp_kses_array_lc( $inarray ) { … … 1539 1540 $outkey2 = strtolower( $inkey2 ); 1540 1541 $outarray[ $outkey ][ $outkey2 ] = $inval2; 1541 } // foreach $inval1542 } // foreach $inarray1542 } 1543 } 1543 1544 1544 1545 return $outarray; … … 1546 1547 1547 1548 /** 1548 * Handles parsing errors in wp_kses_hair().1549 * Handles parsing errors in `wp_kses_hair()`. 1549 1550 * 1550 1551 * The general plan is to remove everything to and including some whitespace, … … 1563 1564 * Sanitizes content from bad protocols and other characters. 1564 1565 * 1565 * This function searches for URL protocols at the beginning of $string, while1566 * This function searches for URL protocols at the beginning of the string, while 1566 1567 * handling whitespace and HTML entities. 1567 1568 * 1568 1569 * @since 1.0.0 1569 1570 * 1570 * @param string $string Content to check for bad protocols1571 * @param string $allowed_protocols Allowed protocols1572 * @return string Sanitized content 1571 * @param string $string Content to check for bad protocols. 1572 * @param string[] $allowed_protocols Array of allowed URL protocols. 1573 * @return string Sanitized content. 1573 1574 */ 1574 1575 function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) { … … 1593 1594 1594 1595 /** 1595 * Callback for wp_kses_bad_protocol_once()regular expression.1596 * Callback for `wp_kses_bad_protocol_once()` regular expression. 1596 1597 * 1597 1598 * This function processes URL protocols, checks to see if they're in the … … 1599 1600 * 1600 1601 * @access private 1602 * @ignore 1601 1603 * @since 1.0.0 1602 1604 * 1603 * @param string $string URI scheme to check against the whitelist1604 * @param string $allowed_protocols Allowed protocols1605 * @return string Sanitized content 1605 * @param string $string URI scheme to check against the whitelist. 1606 * @param string[] $allowed_protocols Array of allowed URL protocols. 1607 * @return string Sanitized content. 1606 1608 */ 1607 1609 function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) { … … 1634 1636 * @since 1.0.0 1635 1637 * 1636 * @param string $string Content to normalize entities 1637 * @return string Content with normalized entities 1638 * @param string $string Content to normalize entities. 1639 * @return string Content with normalized entities. 1638 1640 */ 1639 1641 function wp_kses_normalize_entities( $string ) { … … 1650 1652 1651 1653 /** 1652 * Callback for wp_kses_normalize_entities()regular expression.1654 * Callback for `wp_kses_normalize_entities()` regular expression. 1653 1655 * 1654 1656 * This function only accepts valid named entity references, which are finite, … … 1659 1661 * @global array $allowedentitynames 1660 1662 * 1661 * @param array $matches preg_replace_callback() matches array 1662 * @return string Correctly encoded entity 1663 * @param array $matches preg_replace_callback() matches array. 1664 * @return string Correctly encoded entity. 1663 1665 */ 1664 1666 function wp_kses_named_entities( $matches ) { … … 1674 1676 1675 1677 /** 1676 * Callback for wp_kses_normalize_entities()regular expression.1677 * 1678 * This function helps wp_kses_normalize_entities()to only accept 16-bit1678 * Callback for `wp_kses_normalize_entities()` regular expression. 1679 * 1680 * This function helps `wp_kses_normalize_entities()` to only accept 16-bit 1679 1681 * values and nothing more for `&#number;` entities. 1680 1682 * 1681 1683 * @access private 1684 * @ignore 1682 1685 * @since 1.0.0 1683 1686 * 1684 * @param array $matches preg_replace_callback() matches array1685 * @return string Correctly encoded entity 1687 * @param array $matches `preg_replace_callback()` matches array. 1688 * @return string Correctly encoded entity. 1686 1689 */ 1687 1690 function wp_kses_normalize_entities2( $matches ) { … … 1702 1705 1703 1706 /** 1704 * Callback for wp_kses_normalize_entities()for regular expression.1705 * 1706 * This function helps wp_kses_normalize_entities()to only accept valid Unicode1707 * Callback for `wp_kses_normalize_entities()` for regular expression. 1708 * 1709 * This function helps `wp_kses_normalize_entities()` to only accept valid Unicode 1707 1710 * numeric entities in hex form. 1708 1711 * 1709 1712 * @since 2.7.0 1710 1713 * @access private 1711 * 1712 * @param array $matches preg_replace_callback() matches array 1713 * @return string Correctly encoded entity 1714 * @ignore 1715 * 1716 * @param array $matches `preg_replace_callback()` matches array. 1717 * @return string Correctly encoded entity. 1714 1718 */ 1715 1719 function wp_kses_normalize_entities3( $matches ) { … … 1723 1727 1724 1728 /** 1725 * Helper function to determine if a Unicode valueis valid.1729 * Determines if a Unicode codepoint is valid. 1726 1730 * 1727 1731 * @since 2.7.0 1728 1732 * 1729 * @param int $i Unicode value1730 * @return bool True if the value was a valid Unicode number1733 * @param int $i Unicode codepoint. 1734 * @return bool Whether or not the codepoint is a valid Unicode codepoint. 1731 1735 */ 1732 1736 function valid_unicode( $i ) { … … 1738 1742 1739 1743 /** 1740 * Convert all entities to their charactercounterparts.1744 * Converts all numeric HTML entities to their named counterparts. 1741 1745 * 1742 1746 * This function decodes numeric HTML entities (`A` and `A`). 1743 * It doesn't do anything with other entities like ä, but we don't1747 * It doesn't do anything with named entities like `ä`, but we don't 1744 1748 * need them in the URL protocol whitelisting system anyway. 1745 1749 * 1746 1750 * @since 1.0.0 1747 1751 * 1748 * @param string $string Content to change entities 1749 * @return string Content after decoded entities 1752 * @param string $string Content to change entities. 1753 * @return string Content after decoded entities. 1750 1754 */ 1751 1755 function wp_kses_decode_entities( $string ) { … … 1757 1761 1758 1762 /** 1759 * Regex callback for wp_kses_decode_entities()1763 * Regex callback for `wp_kses_decode_entities()`. 1760 1764 * 1761 1765 * @since 2.9.0 1766 * @access private 1767 * @ignore 1762 1768 * 1763 1769 * @param array $match preg match … … 1769 1775 1770 1776 /** 1771 * Regex callback for wp_kses_decode_entities()1777 * Regex callback for `wp_kses_decode_entities()`. 1772 1778 * 1773 1779 * @since 2.9.0 1780 * @access private 1781 * @ignore 1774 1782 * 1775 1783 * @param array $match preg match … … 1781 1789 1782 1790 /** 1783 * Sanitize content with allowed HTML Kses rules. 1791 * Sanitize content with allowed HTML KSES rules. 1792 * 1793 * This function expects slashed data. 1784 1794 * 1785 1795 * @since 1.0.0 1786 1796 * 1787 * @param string $data Content to filter, expected to be escaped with slashes 1788 * @return string Filtered content 1797 * @param string $data Content to filter, expected to be escaped with slashes. 1798 * @return string Filtered content. 1789 1799 */ 1790 1800 function wp_filter_kses( $data ) { … … 1793 1803 1794 1804 /** 1795 * Sanitize content with allowed HTML Kses rules. 1805 * Sanitize content with allowed HTML KSES rules. 1806 * 1807 * This function expects unslashed data. 1796 1808 * 1797 1809 * @since 2.9.0 1798 1810 * 1799 * @param string $data Content to filter, expected to not be escaped 1800 * @return string Filtered content 1811 * @param string $data Content to filter, expected to not be escaped. 1812 * @return string Filtered content. 1801 1813 */ 1802 1814 function wp_kses_data( $data ) { … … 1805 1817 1806 1818 /** 1807 * Sanitize content for allowed HTML tags for post content.1808 * 1809 * Post content refers to the page contents of the 'post' type and not $_POST1819 * Sanitizes content for allowed HTML tags for post content. 1820 * 1821 * Post content refers to the page contents of the 'post' type and not `$_POST` 1810 1822 * data from forms. 1811 1823 * 1824 * This function expects slashed data. 1825 * 1812 1826 * @since 2.0.0 1813 1827 * 1814 * @param string $data Post content to filter, expected to be escaped with slashes 1828 * @param string $data Post content to filter, expected to be escaped with slashes. 1815 1829 * @return string Filtered post content with allowed HTML tags and attributes intact. 1816 1830 */ … … 1820 1834 1821 1835 /** 1822 * Sanitize content for allowed HTML tags for post content.1823 * 1824 * Post content refers to the page contents of the 'post' type and not $_POST1836 * Sanitizes content for allowed HTML tags for post content. 1837 * 1838 * Post content refers to the page contents of the 'post' type and not `$_POST` 1825 1839 * data from forms. 1826 1840 * 1841 * This function expects unslashed data. 1842 * 1827 1843 * @since 2.9.0 1828 1844 * 1829 * @param string $data Post content to filter 1845 * @param string $data Post content to filter. 1830 1846 * @return string Filtered post content with allowed HTML tags and attributes intact. 1831 1847 */ … … 1850 1866 1851 1867 /** 1852 * Strips all of the HTML in the content. 1868 * Strips all HTML from a text string. 1869 * 1870 * This function expects slashed data. 1853 1871 * 1854 1872 * @since 2.1.0 1855 1873 * 1856 * @param string $data Content to strip all HTML from 1857 * @return string Filtered content without any HTML 1874 * @param string $data Content to strip all HTML from. 1875 * @return string Filtered content without any HTML. 1858 1876 */ 1859 1877 function wp_filter_nohtml_kses( $data ) { … … 1862 1880 1863 1881 /** 1864 * Adds all K sesinput form content filters.1865 * 1866 * All hooks have default priority. The wp_filter_kses()function is added to1882 * Adds all KSES input form content filters. 1883 * 1884 * All hooks have default priority. The `wp_filter_kses()` function is added to 1867 1885 * the 'pre_comment_content' and 'title_save_pre' hooks. 1868 1886 * 1869 * The wp_filter_post_kses()function is added to the 'content_save_pre',1887 * The `wp_filter_post_kses()` function is added to the 'content_save_pre', 1870 1888 * 'excerpt_save_pre', and 'content_filtered_save_pre' hooks. 1871 1889 * … … 1890 1908 1891 1909 /** 1892 * Removes all K sesinput form content filters.1893 * 1894 * A quick procedural method to removing all of the filters that ksesuses for1910 * Removes all KSES input form content filters. 1911 * 1912 * A quick procedural method to removing all of the filters that KSES uses for 1895 1913 * content in WordPress Loop. 1896 1914 * 1897 * Does not remove the kses_init()function from {@see 'init'} hook (priority is1898 * default). Also does not remove kses_init()function from {@see 'set_current_user'}1915 * Does not remove the `kses_init()` function from {@see 'init'} hook (priority is 1916 * default). Also does not remove `kses_init()` function from {@see 'set_current_user'} 1899 1917 * hook (priority is also default). 1900 1918 * … … 1916 1934 1917 1935 /** 1918 * Sets up most of the Kses filters for input form content. 1919 * 1920 * If you remove the kses_init() function from {@see 'init'} hook and 1921 * {@see 'set_current_user'} (priority is default), then none of the Kses filter hooks 1922 * will be added. 1923 * 1924 * First removes all of the Kses filters in case the current user does not need 1925 * to have Kses filter the content. If the user does not have unfiltered_html 1926 * capability, then Kses filters are added. 1936 * Sets up most of the KSES filters for input form content. 1937 * 1938 * First removes all of the KSES filters in case the current user does not need 1939 * to have KSES filter the content. If the user does not have `unfiltered_html` 1940 * capability, then KSES filters are added. 1927 1941 * 1928 1942 * @since 2.0.0 … … 1937 1951 1938 1952 /** 1939 * Inline CSS filter1953 * Filters an inline style attribute and removes disallowed rules. 1940 1954 * 1941 1955 * @since 2.8.1 … … 1943 1957 * @param string $css A string of CSS rules. 1944 1958 * @param string $deprecated Not used. 1945 * @return string 1959 * @return string Filtered string of CSS rules. 1946 1960 */ 1947 1961 function safecss_filter_attr( $css, $deprecated = '' ) { … … 1967 1981 * @since 5.0.0 Added support for `text-transform`. 1968 1982 * 1969 * @param array $attr Listof allowed CSS attributes.1983 * @param string[] $attr Array of allowed CSS attributes. 1970 1984 */ 1971 1985 $allowed_attr = apply_filters( … … 2078 2092 * @since 3.5.0 2079 2093 * @access private 2094 * @ignore 2080 2095 * 2081 2096 * @param array $value An array of attributes.
Note: See TracChangeset
for help on using the changeset viewer.