Changeset 43727 for branches/5.0/src/wp-includes/kses.php
- Timestamp:
- 10/15/2018 05:21:04 AM (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.0/src/wp-includes/kses.php
r42861 r43727 855 855 * 856 856 * @since 4.2.3 857 * @since 5.0.0 Add support for `data-*` wildcard attributes. 857 858 * 858 859 * @param string $name The attribute name. Returns empty string when not allowed. … … 865 866 */ 866 867 function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) { 867 $allowed_attr = $allowed_html[ strtolower( $element )];868 $allowed_attr = $allowed_html[ strtolower( $element ) ]; 868 869 869 870 $name_low = strtolower( $name ); 871 870 872 if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) { 871 $name = $value = $whole = ''; 872 return false; 873 /* 874 * Allow `data-*` attributes. 875 * 876 * When specifying `$allowed_html`, the attribute name should be set as 877 * `data-*` (not to be mixed with the HTML 4.0 `data` attribute, see 878 * https://www.w3.org/TR/html40/struct/objects.html#adef-data). 879 * 880 * Note: the attribute name should only contain `A-Za-z0-9_-` chars, 881 * double hyphens `--` are not accepted by WordPress. 882 */ 883 if ( strpos( $name_low, 'data-' ) === 0 && ! empty( $allowed_attr['data-*'] ) && preg_match( '/^data(?:-[a-z0-9_]+)+$/', $name_low, $match ) ) { 884 /* 885 * Add the whole attribute name to the allowed attributes and set any restrictions 886 * for the `data-*` attribute values for the current element. 887 */ 888 $allowed_attr[ $match[0] ] = $allowed_attr['data-*']; 889 } else { 890 $name = $value = $whole = ''; 891 return false; 892 } 873 893 } 874 894 … … 885 905 } 886 906 887 if ( is_array( $allowed_attr[ $name_low] ) ) {907 if ( is_array( $allowed_attr[ $name_low ] ) ) { 888 908 // there are some checks 889 909 foreach ( $allowed_attr[$name_low] as $currkey => $currval ) { … … 1809 1829 * 1810 1830 * @since 3.5.0 1831 * @since 5.0.0 Add support for `data-*` wildcard attributes. 1811 1832 * @access private 1812 1833 * … … 1821 1842 'title' => true, 1822 1843 'role' => true, 1844 'data-*' => true, 1823 1845 ); 1824 1846
Note: See TracChangeset
for help on using the changeset viewer.