Changeset 56377
- Timestamp:
- 08/09/2023 10:59:04 AM (14 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/kses.php
r56191 r56377 1089 1089 if ( str_starts_with( $content, '<!--' ) ) { 1090 1090 $content = str_replace( array( '<!--', '-->' ), '', $content ); 1091 while ( ( $newstring = wp_kses( $content, $allowed_html, $allowed_protocols ) ) != $content ) { 1091 1092 while ( ( $newstring = wp_kses( $content, $allowed_html, $allowed_protocols ) ) !== $content ) { 1092 1093 $content = $newstring; 1093 1094 } 1095 1094 1096 if ( '' === $content ) { 1095 1097 return ''; 1096 1098 } 1099 1097 1100 // Prevent multiple dashes in comments. 1098 1101 $content = preg_replace( '/--+/', '-', $content ); 1099 1102 // Prevent three dashes closing a comment. 1100 1103 $content = preg_replace( '/-$/', '', $content ); 1104 1101 1105 return "<!--{$content}-->"; 1102 1106 } … … 1358 1362 $working = 1; 1359 1363 $mode = 0; 1364 1360 1365 if ( false === array_key_exists( $attrname, $attrarr ) ) { 1361 1366 $attrarr[ $attrname ] = array( … … 1366 1371 ); 1367 1372 } 1373 1368 1374 $attr = preg_replace( '/^\s+/', '', $attr ); 1369 1375 } … … 1387 1393 ); 1388 1394 } 1395 1389 1396 $working = 1; 1390 1397 $mode = 0; … … 1408 1415 ); 1409 1416 } 1417 1410 1418 $working = 1; 1411 1419 $mode = 0; … … 1429 1437 ); 1430 1438 } 1439 1431 1440 // We add quotes to conform to W3C's HTML spec. 1432 1441 $working = 1; … … 1438 1447 } // End switch. 1439 1448 1440 if ( 0 == $working ) { // Not well-formed, remove and try again.1449 if ( 0 === $working ) { // Not well-formed, remove and try again. 1441 1450 $attr = wp_kses_html_error( $attr ); 1442 1451 $mode = 0; … … 1444 1453 } // End while. 1445 1454 1446 if ( 1 == $mode && false === array_key_exists( $attrname, $attrarr ) ) {1455 if ( 1 === $mode && false === array_key_exists( $attrname, $attrarr ) ) { 1447 1456 /* 1448 1457 * Special case, for when the attribute list ends with a valueless … … 1708 1717 $original_content = $content; 1709 1718 $content = wp_kses_bad_protocol_once( $content, $allowed_protocols ); 1710 } while ( $original_content != $content && ++$iterations < 6 );1711 1712 if ( $original_content != $content ) {1719 } while ( $original_content !== $content && ++$iterations < 6 ); 1720 1721 if ( $original_content !== $content ) { 1713 1722 return ''; 1714 1723 } … … 1975 1984 1976 1985 $i = $matches[1]; 1986 1977 1987 if ( valid_unicode( $i ) ) { 1978 1988 $i = str_pad( ltrim( $i, '0' ), 3, '0', STR_PAD_LEFT ); … … 2004 2014 2005 2015 $hexchars = $matches[1]; 2016 2006 2017 return ( ! valid_unicode( hexdec( $hexchars ) ) ) ? "&#x$hexchars;" : '&#x' . ltrim( $hexchars, '0' ) . ';'; 2007 2018 } … … 2016 2027 */ 2017 2028 function valid_unicode( $i ) { 2018 return ( 0x9 == $i || 0xa == $i || 0xd == $i || 2019 ( 0x20 <= $i && $i <= 0xd7ff ) || 2020 ( 0xe000 <= $i && $i <= 0xfffd ) || 2021 ( 0x10000 <= $i && $i <= 0x10ffff ) ); 2029 $i = (int) $i; 2030 2031 return ( 0x9 === $i || 0xa === $i || 0xd === $i || 2032 ( 0x20 <= $i && $i <= 0xd7ff ) || 2033 ( 0xe000 <= $i && $i <= 0xfffd ) || 2034 ( 0x10000 <= $i && $i <= 0x10ffff ) 2035 ); 2022 2036 } 2023 2037
Note: See TracChangeset
for help on using the changeset viewer.