Changes from trunk/wp-includes/kses.php at r7969 to branches/2.6/wp-includes/kses.php at r8385

File:

• branches/2.6/wp-includes/kses.php (modified) (7 diffs)

branches/2.6/wp-includes/kses.php

@@ -432 +432 @@
         if ( $string == '' )
             return '';
+        // prevent multiple dashes in comments
+        $string = preg_replace('/--+/', '-', $string);
+        // prevent three dashes closing a comment
+        $string = preg_replace('/-$/', '', $string);
         return "<!--{$string}-->";
     }
@@ -534 +538 @@
  * or apostrophes around them, to make it easier to produce HTML code that will
  * conform to W3C's HTML specification. It will also remove bad URL protocols
- * from attribute values.
+ * from attribute values.  It also reduces duplicate attributes by using the
+ * attribute defined first (foo='bar' foo='baz' will result in foo='bar').
  *
  * @since 1.0.0
@@ -577 +582 @@
                     $working = 1;
                     $mode = 0;
-                    $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
+                    if(FALSE === array_key_exists($attrname, $attrarr)) {
+                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
+                    }
                     $attr = preg_replace('/^\s+/', '', $attr);
                 }
@@ -590 +597 @@
                     $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
-                    $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                    if(FALSE === array_key_exists($attrname, $attrarr)) {
+                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                    }
                     $working = 1;
                     $mode = 0;
@@ -602 +611 @@
                     $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
-                    $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
+                    if(FALSE === array_key_exists($attrname, $attrarr)) {
+                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
+                    }
                     $working = 1;
                     $mode = 0;
@@ -614 +625 @@
                     $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
-                    $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                    if(FALSE === array_key_exists($attrname, $attrarr)) {
+                        $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                    }
                     # We add quotes to conform to W3C's HTML spec.
                     $working = 1;
@@ -631 +644 @@
     } # while
 
-    if ($mode == 1)
+    if ($mode == 1 && FALSE === array_key_exists($attrname, $attrarr))
         # special case, for when the attribute list ends with a valueless
         # attribute like "selected"
-        $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
+        $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
 
     return $attrarr;