Make WordPress Core

Changeset 46959


Ignore:
Timestamp:
12/14/2019 03:51:33 PM (5 years ago)
Author:
SergeyBiryukov
Message:

Formatting: Return early from wp_kses_attr_check() if the element is not in the list of allowed elements and attributes.

Props krynes, tristanleboss.
Fixes #48549.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r46895 r46959  
    11531153 */
    11541154function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
    1155     $allowed_attr = $allowed_html[ strtolower( $element ) ];
    1156 
    1157     $name_low = strtolower( $name );
     1155    $name_low    = strtolower( $name );
     1156    $element_low = strtolower( $element );
     1157
     1158    if ( ! isset( $allowed_html[ $element_low ] ) ) {
     1159        $name  = '';
     1160        $value = '';
     1161        $whole = '';
     1162        return false;
     1163    }
     1164
     1165    $allowed_attr = $allowed_html[ $element_low ];
     1166
    11581167    if ( ! isset( $allowed_attr[ $name_low ] ) || '' == $allowed_attr[ $name_low ] ) {
    11591168        /*
Note: See TracChangeset for help on using the changeset viewer.