Make WordPress Core

Changeset 54933


Ignore:
Timestamp:
12/05/2022 01:55:20 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Code Modernization: Rename parameters that use reserved keywords in wp-includes/kses.php.

While using reserved PHP keywords as parameter name labels is allowed, in the context of function calls using named parameters in PHP 8.0+, this will easily lead to confusion. To avoid that, it is recommended not to use reserved keywords as function parameter names.

This commit:

  • Renames the $string parameter to $content in:
    • wp_kses()
    • wp_kses_hook()
    • wp_kses_split()
    • wp_kses_split2()
    • wp_kses_bad_protocol()
    • wp_kses_no_null()
    • wp_kses_stripslashes()
    • wp_kses_bad_protocol_once()
    • wp_kses_normalize_entities()
    • wp_kses_decode_entities()
  • Renames the $string parameter to $attr in:
    • wp_kses_one_attr()
    • wp_kses_html_error()
  • Renames the $match parameter to $matches in:
    • _wp_kses_split_callback()
    • _wp_kses_decode_entities_chr()
    • _wp_kses_decode_entities_chr_hexdec()
  • Renames the $string parameter to $scheme in wp_kses_bad_protocol_once2().

Follow-up to [52946], [52996], [52997], [52998], [53003], [53014], [53029], [53039], [53116], [53117], [53137], [53174], [53184], [53185], [53192], [53193], [53198], [53203], [53207], [53215], [53216], [53220], [53230], [53232], [53236], [53239], [53240], [53242], [53243], [53245], [53246], [53257], [53269], [53270], [53271], [53272], [53273], [53274], [53275], [53276], [53277], [53281], [53283], [53284], [53285], [53287], [53364], [53365], [54927], [54929], [54930], [54931], [54932].

Props jrf, aristath, poena, justinahinon, SergeyBiryukov.
See #56788.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/kses.php

    r54698 r54933  
    737737 * @since 1.0.0
    738738 *
    739  * @param string         $string            Text content to filter.
     739 * @param string         $content           Text content to filter.
    740740 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
    741741 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
     
    745745 * @return string Filtered content containing only the allowed HTML.
    746746 */
    747 function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
     747function wp_kses( $content, $allowed_html, $allowed_protocols = array() ) {
    748748    if ( empty( $allowed_protocols ) ) {
    749749        $allowed_protocols = wp_allowed_protocols();
    750750    }
    751751
    752     $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
    753     $string = wp_kses_normalize_entities( $string );
    754     $string = wp_kses_hook( $string, $allowed_html, $allowed_protocols );
    755 
    756     return wp_kses_split( $string, $allowed_html, $allowed_protocols );
     752    $content = wp_kses_no_null( $content, array( 'slash_zero' => 'keep' ) );
     753    $content = wp_kses_normalize_entities( $content );
     754    $content = wp_kses_hook( $content, $allowed_html, $allowed_protocols );
     755
     756    return wp_kses_split( $content, $allowed_html, $allowed_protocols );
    757757}
    758758
     
    764764 * @since 4.2.3
    765765 *
    766  * @param string $string  The 'whole' attribute, including name and value.
     766 * @param string $attr    The 'whole' attribute, including name and value.
    767767 * @param string $element The HTML element name to which the attribute belongs.
    768768 * @return string Filtered attribute.
    769769 */
    770 function wp_kses_one_attr( $string, $element ) {
     770function wp_kses_one_attr( $attr, $element ) {
    771771    $uris              = wp_kses_uri_attributes();
    772772    $allowed_html      = wp_kses_allowed_html( 'post' );
    773773    $allowed_protocols = wp_allowed_protocols();
    774     $string            = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
     774    $attr              = wp_kses_no_null( $attr, array( 'slash_zero' => 'keep' ) );
    775775
    776776    // Preserve leading and trailing whitespace.
    777777    $matches = array();
    778     preg_match( '/^\s*/', $string, $matches );
     778    preg_match( '/^\s*/', $attr, $matches );
    779779    $lead = $matches[0];
    780     preg_match( '/\s*$/', $string, $matches );
     780    preg_match( '/\s*$/', $attr, $matches );
    781781    $trail = $matches[0];
    782782    if ( empty( $trail ) ) {
    783         $string = substr( $string, strlen( $lead ) );
     783        $attr = substr( $attr, strlen( $lead ) );
    784784    } else {
    785         $string = substr( $string, strlen( $lead ), -strlen( $trail ) );
     785        $attr = substr( $attr, strlen( $lead ), -strlen( $trail ) );
    786786    }
    787787
    788788    // Parse attribute name and value from input.
    789     $split = preg_split( '/\s*=\s*/', $string, 2 );
     789    $split = preg_split( '/\s*=\s*/', $attr, 2 );
    790790    $name  = $split[0];
    791791    if ( count( $split ) == 2 ) {
     
    793793
    794794        // Remove quotes surrounding $value.
    795         // Also guarantee correct quoting in $string for this one attribute.
     795        // Also guarantee correct quoting in $attr for this one attribute.
    796796        if ( '' === $value ) {
    797797            $quote = '';
     
    816816        }
    817817
    818         $string = "$name=$quote$value$quote";
    819         $vless  = 'n';
     818        $attr = "$name=$quote$value$quote";
     819        $vless = 'n';
    820820    } else {
    821821        $value = '';
     
    824824
    825825    // Sanitize attribute by name.
    826     wp_kses_attr_check( $name, $value, $string, $vless, $element, $allowed_html );
     826    wp_kses_attr_check( $name, $value, $attr, $vless, $element, $allowed_html );
    827827
    828828    // Restore whitespace.
    829     return $lead . $string . $trail;
     829    return $lead . $attr . $trail;
    830830}
    831831
     
    923923 * @since 1.0.0
    924924 *
    925  * @param string         $string            Content to filter through KSES.
     925 * @param string         $content           Content to filter through KSES.
    926926 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
    927927 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
     
    930930 * @return string Filtered content through {@see 'pre_kses'} hook.
    931931 */
    932 function wp_kses_hook( $string, $allowed_html, $allowed_protocols ) {
     932function wp_kses_hook( $content, $allowed_html, $allowed_protocols ) {
    933933    /**
    934934     * Filters content to be run through KSES.
     
    936936     * @since 2.3.0
    937937     *
    938      * @param string         $string            Content to filter through KSES.
     938     * @param string         $content           Content to filter through KSES.
    939939     * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
    940940     *                                          or a context name such as 'post'. See wp_kses_allowed_html()
     
    942942     * @param string[]       $allowed_protocols Array of allowed URL protocols.
    943943     */
    944     return apply_filters( 'pre_kses', $string, $allowed_html, $allowed_protocols );
     944    return apply_filters( 'pre_kses', $content, $allowed_html, $allowed_protocols );
    945945}
    946946
     
    967967 * @global string[]       $pass_allowed_protocols Array of allowed URL protocols.
    968968 *
    969  * @param string         $string            Content to filter.
     969 * @param string         $content           Content to filter.
    970970 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
    971971 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
     
    974974 * @return string Content with fixed HTML tags
    975975 */
    976 function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
     976function wp_kses_split( $content, $allowed_html, $allowed_protocols ) {
    977977    global $pass_allowed_html, $pass_allowed_protocols;
    978978
     
    980980    $pass_allowed_protocols = $allowed_protocols;
    981981
    982     return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
     982    return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $content );
    983983}
    984984
     
    10441044 * @global string[]       $pass_allowed_protocols Array of allowed URL protocols.
    10451045 *
    1046  * @param array $match preg_replace regexp matches
     1046 * @param array $matches preg_replace regexp matches
    10471047 * @return string
    10481048 */
    1049 function _wp_kses_split_callback( $match ) {
     1049function _wp_kses_split_callback( $matches ) {
    10501050    global $pass_allowed_html, $pass_allowed_protocols;
    10511051
    1052     return wp_kses_split2( $match[0], $pass_allowed_html, $pass_allowed_protocols );
     1052    return wp_kses_split2( $matches[0], $pass_allowed_html, $pass_allowed_protocols );
    10531053}
    10541054
     
    10691069 * @since 1.0.0
    10701070 *
    1071  * @param string         $string            Content to filter.
     1071 * @param string         $content           Content to filter.
    10721072 * @param array[]|string $allowed_html      An array of allowed HTML elements and attributes,
    10731073 *                                          or a context name such as 'post'. See wp_kses_allowed_html()
     
    10761076 * @return string Fixed HTML element
    10771077 */
    1078 function wp_kses_split2( $string, $allowed_html, $allowed_protocols ) {
    1079     $string = wp_kses_stripslashes( $string );
     1078function wp_kses_split2( $content, $allowed_html, $allowed_protocols ) {
     1079    $content = wp_kses_stripslashes( $content );
    10801080
    10811081    // It matched a ">" character.
    1082     if ( '<' !== substr( $string, 0, 1 ) ) {
     1082    if ( '<' !== substr( $content, 0, 1 ) ) {
    10831083        return '&gt;';
    10841084    }
    10851085
    10861086    // Allow HTML comments.
    1087     if ( '<!--' === substr( $string, 0, 4 ) ) {
    1088         $string = str_replace( array( '<!--', '-->' ), '', $string );
    1089         while ( ( $newstring = wp_kses( $string, $allowed_html, $allowed_protocols ) ) != $string ) {
    1090             $string = $newstring;
     1087    if ( '<!--' === substr( $content, 0, 4 ) ) {
     1088        $content = str_replace( array( '<!--', '-->' ), '', $content );
     1089        while ( ( $newstring = wp_kses( $content, $allowed_html, $allowed_protocols ) ) != $content ) {
     1090            $content = $newstring;
    10911091        }
    1092         if ( '' === $string ) {
     1092        if ( '' === $content ) {
    10931093            return '';
    10941094        }
    10951095        // Prevent multiple dashes in comments.
    1096         $string = preg_replace( '/--+/', '-', $string );
     1096        $content = preg_replace( '/--+/', '-', $content );
    10971097        // Prevent three dashes closing a comment.
    1098         $string = preg_replace( '/-$/', '', $string );
    1099         return "<!--{$string}-->";
     1098        $content = preg_replace( '/-$/', '', $content );
     1099        return "<!--{$content}-->";
    11001100    }
    11011101
    11021102    // It's seriously malformed.
    1103     if ( ! preg_match( '%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches ) ) {
     1103    if ( ! preg_match( '%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $content, $matches ) ) {
    11041104        return '';
    11051105    }
     
    16821682 * @since 1.0.0
    16831683 *
    1684  * @param string   $string            Content to filter bad protocols from.
     1684 * @param string   $content           Content to filter bad protocols from.
    16851685 * @param string[] $allowed_protocols Array of allowed URL protocols.
    16861686 * @return string Filtered content.
    16871687 */
    1688 function wp_kses_bad_protocol( $string, $allowed_protocols ) {
    1689     $string     = wp_kses_no_null( $string );
     1688function wp_kses_bad_protocol( $content, $allowed_protocols ) {
     1689    $content    = wp_kses_no_null( $content );
    16901690    $iterations = 0;
    16911691
    16921692    do {
    1693         $original_string = $string;
    1694         $string          = wp_kses_bad_protocol_once( $string, $allowed_protocols );
    1695     } while ( $original_string != $string && ++$iterations < 6 );
    1696 
    1697     if ( $original_string != $string ) {
     1693        $original_content = $content;
     1694        $content          = wp_kses_bad_protocol_once( $content, $allowed_protocols );
     1695    } while ( $original_content != $content && ++$iterations < 6 );
     1696
     1697    if ( $original_content != $content ) {
    16981698        return '';
    16991699    }
    17001700
    1701     return $string;
     1701    return $content;
    17021702}
    17031703
     
    17091709 * @since 1.0.0
    17101710 *
    1711  * @param string $string Content to filter null characters from.
     1711 * @param string $content Content to filter null characters from.
    17121712 * @param array  $options Set 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'.
    17131713 * @return string Filtered content.
    17141714 */
    1715 function wp_kses_no_null( $string, $options = null ) {
     1715function wp_kses_no_null( $content, $options = null ) {
    17161716    if ( ! isset( $options['slash_zero'] ) ) {
    17171717        $options = array( 'slash_zero' => 'remove' );
    17181718    }
    17191719
    1720     $string = preg_replace( '/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $string );
     1720    $content = preg_replace( '/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $content );
    17211721    if ( 'remove' === $options['slash_zero'] ) {
    1722         $string = preg_replace( '/\\\\+0+/', '', $string );
    1723     }
    1724 
    1725     return $string;
     1722        $content = preg_replace( '/\\\\+0+/', '', $content );
     1723    }
     1724
     1725    return $content;
    17261726}
    17271727
     
    17341734 * @since 1.0.0
    17351735 *
    1736  * @param string $string String to strip slashes from.
     1736 * @param string $content String to strip slashes from.
    17371737 * @return string Fixed string with quoted slashes.
    17381738 */
    1739 function wp_kses_stripslashes( $string ) {
    1740     return preg_replace( '%\\\\"%', '"', $string );
     1739function wp_kses_stripslashes( $content ) {
     1740    return preg_replace( '%\\\\"%', '"', $content );
    17411741}
    17421742
     
    17731773 * @since 1.0.0
    17741774 *
    1775  * @param string $string
     1775 * @param string $attr
    17761776 * @return string
    17771777 */
    1778 function wp_kses_html_error( $string ) {
    1779     return preg_replace( '/^("[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*/', '', $string );
     1778function wp_kses_html_error( $attr ) {
     1779    return preg_replace( '/^("[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*/', '', $attr );
    17801780}
    17811781
     
    17881788 * @since 1.0.0
    17891789 *
    1790  * @param string   $string            Content to check for bad protocols.
     1790 * @param string   $content           Content to check for bad protocols.
    17911791 * @param string[] $allowed_protocols Array of allowed URL protocols.
    17921792 * @param int      $count             Depth of call recursion to this function.
    17931793 * @return string Sanitized content.
    17941794 */
    1795 function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
    1796     $string  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $string );
    1797     $string2 = preg_split( '/:|&#0*58;|&#x0*3a;|&colon;/i', $string, 2 );
    1798     if ( isset( $string2[1] ) && ! preg_match( '%/\?%', $string2[0] ) ) {
    1799         $string   = trim( $string2[1] );
    1800         $protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
     1795function wp_kses_bad_protocol_once( $content, $allowed_protocols, $count = 1 ) {
     1796    $content  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $content );
     1797    $content2 = preg_split( '/:|&#0*58;|&#x0*3a;|&colon;/i', $content, 2 );
     1798
     1799    if ( isset( $content2[1] ) && ! preg_match( '%/\?%', $content2[0] ) ) {
     1800        $content  = trim( $content2[1] );
     1801        $protocol = wp_kses_bad_protocol_once2( $content2[0], $allowed_protocols );
    18011802        if ( 'feed:' === $protocol ) {
    18021803            if ( $count > 2 ) {
    18031804                return '';
    18041805            }
    1805             $string = wp_kses_bad_protocol_once( $string, $allowed_protocols, ++$count );
    1806             if ( empty( $string ) ) {
    1807                 return $string;
     1806            $content = wp_kses_bad_protocol_once( $content, $allowed_protocols, ++$count );
     1807            if ( empty( $content ) ) {
     1808                return $content;
    18081809            }
    18091810        }
    1810         $string = $protocol . $string;
    1811     }
    1812 
    1813     return $string;
     1811        $content = $protocol . $content;
     1812    }
     1813
     1814    return $content;
    18141815}
    18151816
     
    18251826 * @since 1.0.0
    18261827 *
    1827  * @param string   $string            URI scheme to check against the list of allowed protocols.
     1828 * @param string   $scheme            URI scheme to check against the list of allowed protocols.
    18281829 * @param string[] $allowed_protocols Array of allowed URL protocols.
    18291830 * @return string Sanitized content.
    18301831 */
    1831 function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) {
    1832     $string2 = wp_kses_decode_entities( $string );
    1833     $string2 = preg_replace( '/\s/', '', $string2 );
    1834     $string2 = wp_kses_no_null( $string2 );
    1835     $string2 = strtolower( $string2 );
     1832function wp_kses_bad_protocol_once2( $scheme, $allowed_protocols ) {
     1833    $scheme = wp_kses_decode_entities( $scheme );
     1834    $scheme = preg_replace( '/\s/', '', $scheme );
     1835    $scheme = wp_kses_no_null( $scheme );
     1836    $scheme = strtolower( $scheme );
    18361837
    18371838    $allowed = false;
    18381839    foreach ( (array) $allowed_protocols as $one_protocol ) {
    1839         if ( strtolower( $one_protocol ) == $string2 ) {
     1840        if ( strtolower( $one_protocol ) == $scheme ) {
    18401841            $allowed = true;
    18411842            break;
     
    18441845
    18451846    if ( $allowed ) {
    1846         return "$string2:";
     1847        return "$scheme:";
    18471848    } else {
    18481849        return '';
     
    18621863 * @since 5.5.0 Added `$context` parameter.
    18631864 *
    1864  * @param string $string Content to normalize entities.
     1865 * @param string $content Content to normalize entities.
    18651866 * @param string $context Context for normalization. Can be either 'html' or 'xml'.
    18661867 *                        Default 'html'.
    18671868 * @return string Content with normalized entities.
    18681869 */
    1869 function wp_kses_normalize_entities( $string, $context = 'html' ) {
     1870function wp_kses_normalize_entities( $content, $context = 'html' ) {
    18701871    // Disarm all entities by converting & to &amp;
    1871     $string = str_replace( '&', '&amp;', $string );
     1872    $content = str_replace( '&', '&amp;', $content );
    18721873
    18731874    // Change back the allowed entities in our list of allowed entities.
    18741875    if ( 'xml' === $context ) {
    1875         $string = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $string );
     1876        $content = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_xml_named_entities', $content );
    18761877    } else {
    1877         $string = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string );
    1878     }
    1879     $string = preg_replace_callback( '/&amp;#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string );
    1880     $string = preg_replace_callback( '/&amp;#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string );
    1881 
    1882     return $string;
     1878        $content = preg_replace_callback( '/&amp;([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $content );
     1879    }
     1880    $content = preg_replace_callback( '/&amp;#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $content );
     1881    $content = preg_replace_callback( '/&amp;#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $content );
     1882
     1883    return $content;
    18831884}
    18841885
     
    20152016 * @since 1.0.0
    20162017 *
    2017  * @param string $string Content to change entities.
     2018 * @param string $content Content to change entities.
    20182019 * @return string Content after decoded entities.
    20192020 */
    2020 function wp_kses_decode_entities( $string ) {
    2021     $string = preg_replace_callback( '/&#([0-9]+);/', '_wp_kses_decode_entities_chr', $string );
    2022     $string = preg_replace_callback( '/&#[Xx]([0-9A-Fa-f]+);/', '_wp_kses_decode_entities_chr_hexdec', $string );
    2023 
    2024     return $string;
     2021function wp_kses_decode_entities( $content ) {
     2022    $content = preg_replace_callback( '/&#([0-9]+);/', '_wp_kses_decode_entities_chr', $content );
     2023    $content = preg_replace_callback( '/&#[Xx]([0-9A-Fa-f]+);/', '_wp_kses_decode_entities_chr_hexdec', $content );
     2024
     2025    return $content;
    20252026}
    20262027
     
    20322033 * @ignore
    20332034 *
    2034  * @param array $match preg match
     2035 * @param array $matches preg match
    20352036 * @return string
    20362037 */
    2037 function _wp_kses_decode_entities_chr( $match ) {
    2038     return chr( $match[1] );
     2038function _wp_kses_decode_entities_chr( $matches ) {
     2039    return chr( $matches[1] );
    20392040}
    20402041
     
    20462047 * @ignore
    20472048 *
    2048  * @param array $match preg match
     2049 * @param array $matches preg match
    20492050 * @return string
    20502051 */
    2051 function _wp_kses_decode_entities_chr_hexdec( $match ) {
    2052     return chr( hexdec( $match[1] ) );
     2052function _wp_kses_decode_entities_chr_hexdec( $matches ) {
     2053    return chr( hexdec( $matches[1] ) );
    20532054}
    20542055
Note: See TracChangeset for help on using the changeset viewer.