Changeset 51963 for trunk/src/wp-includes/kses.php
- Timestamp:
- 11/01/2021 02:12:09 AM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r51729 r51963 271 271 'lang' => true, 272 272 'xml:lang' => true, 273 ), 274 'object' => array( 275 'data' => true, 276 'type' => array( 277 'required' => true, 278 'values' => array( 'application/pdf' ), 279 ), 273 280 ), 274 281 'p' => array( … … 1166 1173 $attrarr = wp_kses_hair( $attr, $allowed_protocols ); 1167 1174 1175 // Check if there are attributes that are required. 1176 $required_attrs = array_filter( 1177 $allowed_html[ $element_low ], 1178 function( $required_attr_limits ) { 1179 return isset( $required_attr_limits['required'] ) && true === $required_attr_limits['required']; 1180 } 1181 ); 1182 1183 // If a required attribute check fails, we can return nothing for a self-closing tag, 1184 // but for a non-self-closing tag the best option is to return the element with attributes, 1185 // as KSES doesn't handle matching the relevant closing tag. 1186 $stripped_tag = ''; 1187 if ( empty( $xhtml_slash ) ) { 1188 $stripped_tag = "<$element>"; 1189 } 1190 1168 1191 // Go through $attrarr, and save the allowed attributes for this element 1169 1192 // in $attr2. 1170 1193 $attr2 = ''; 1171 1194 foreach ( $attrarr as $arreach ) { 1195 // Check if this attribute is required. 1196 $required = isset( $required_attrs[ strtolower( $arreach['name'] ) ] ); 1197 1172 1198 if ( wp_kses_attr_check( $arreach['name'], $arreach['value'], $arreach['whole'], $arreach['vless'], $element, $allowed_html ) ) { 1173 1199 $attr2 .= ' ' . $arreach['whole']; 1200 1201 // If this was a required attribute, we can mark it as found. 1202 if ( $required ) { 1203 unset( $required_attrs[ strtolower( $arreach['name'] ) ] ); 1204 } 1205 } elseif ( $required ) { 1206 // This attribute was required, but didn't pass the check. The entire tag is not allowed. 1207 return $stripped_tag; 1174 1208 } 1209 } 1210 1211 // If some required attributes weren't set, the entire tag is not allowed. 1212 if ( ! empty( $required_attrs ) ) { 1213 return $stripped_tag; 1175 1214 } 1176 1215 … … 1601 1640 } 1602 1641 break; 1642 1643 case 'values': 1644 /* 1645 * The values check is used when you want to make sure that the attribute 1646 * has one of the given values. 1647 */ 1648 1649 if ( false === array_search( strtolower( $value ), $checkvalue, true ) ) { 1650 $ok = false; 1651 } 1652 break; 1603 1653 } // End switch. 1604 1654
Note: See TracChangeset
for help on using the changeset viewer.