WordPress.org

Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.6/wp-includes/kses.php

    r7969 r8385  
    432432        if ( $string == '' )
    433433            return '';
     434        // prevent multiple dashes in comments
     435        $string = preg_replace('/--+/', '-', $string);
     436        // prevent three dashes closing a comment
     437        $string = preg_replace('/-$/', '', $string);
    434438        return "<!--{$string}-->";
    435439    }
     
    534538 * or apostrophes around them, to make it easier to produce HTML code that will
    535539 * conform to W3C's HTML specification. It will also remove bad URL protocols
    536  * from attribute values.
     540 * from attribute values.  It also reduces duplicate attributes by using the
     541 * attribute defined first (foo='bar' foo='baz' will result in foo='bar').
    537542 *
    538543 * @since 1.0.0
     
    577582                    $working = 1;
    578583                    $mode = 0;
    579                     $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
     584                    if(FALSE === array_key_exists($attrname, $attrarr)) {
     585                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
     586                    }
    580587                    $attr = preg_replace('/^\s+/', '', $attr);
    581588                }
     
    590597                    $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
    591598
    592                     $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
     599                    if(FALSE === array_key_exists($attrname, $attrarr)) {
     600                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
     601                    }
    593602                    $working = 1;
    594603                    $mode = 0;
     
    602611                    $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
    603612
    604                     $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
     613                    if(FALSE === array_key_exists($attrname, $attrarr)) {
     614                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
     615                    }
    605616                    $working = 1;
    606617                    $mode = 0;
     
    614625                    $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
    615626
    616                     $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
     627                    if(FALSE === array_key_exists($attrname, $attrarr)) {
     628                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
     629                    }
    617630                    # We add quotes to conform to W3C's HTML spec.
    618631                    $working = 1;
     
    631644    } # while
    632645
    633     if ($mode == 1)
     646    if ($mode == 1 && FALSE === array_key_exists($attrname, $attrarr))
    634647        # special case, for when the attribute list ends with a valueless
    635648        # attribute like "selected"
    636         $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
     649        $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
    637650
    638651    return $attrarr;
Note: See TracChangeset for help on using the changeset viewer.