WordPress.org

Make WordPress Core

Changeset 8387


Ignore:
Timestamp:
07/21/2008 05:11:00 AM (10 years ago)
Author:
azaozz
Message:

kses - don't use create_function in preg_replace_callback. Fixes #7363.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/kses.php

    r8386 r8387  
    851851    $string2 = preg_split('/:|:|:/i', $string, 2);
    852852    if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) )
    853         $string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]);
     853        $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]);
    854854    else
    855         $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string);
     855        $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string);
    856856
    857857    return $string;
     
    866866 * @since 1.0.0
    867867 *
    868  * @param string $string Content to check for bad protocols
    869  * @param array $allowed_protocols Allowed protocols
     868 * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols
    870869 * @return string Sanitized content
    871870 */
    872 function wp_kses_bad_protocol_once2($string, $allowed_protocols) {
     871function wp_kses_bad_protocol_once2($matches) {
     872    global $_kses_allowed_protocols;
     873
     874    if ( is_array($matches) ) {
     875        if ( ! isset($matches[1]) || empty($matches[1]) )
     876            return '';
     877
     878        $string = $matches[1];
     879    } else {
     880        $string = $matches;
     881    }
     882
    873883    $string2 = wp_kses_decode_entities($string);
    874884    $string2 = preg_replace('/\s/', '', $string2);
     
    879889
    880890    $allowed = false;
    881     foreach ($allowed_protocols as $one_protocol)
     891    foreach ( (array) $_kses_allowed_protocols as $one_protocol)
    882892        if (strtolower($one_protocol) == $string2) {
    883893            $allowed = true;
     
    911921
    912922    $string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string);
    913     $string = preg_replace_callback('/&#0*([0-9]{1,5});/', create_function('$matches', 'return wp_kses_normalize_entities2($matches[1]);'), $string);
    914     $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', create_function('$matches', 'return wp_kses_normalize_entities3($matches[2]);'), $string);
     923    $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);
     924    $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);
    915925
    916926    return $string;
     
    925935 * @since 1.0.0
    926936 *
    927  * @param int $i Number encoded entity
     937 * @param array $matches preg_replace_callback() matches array
    928938 * @return string Correctly encoded entity
    929939 */
    930 function wp_kses_normalize_entities2($i) {
    931     return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;");
     940function wp_kses_normalize_entities2($matches) {
     941    if ( ! isset($matches[1]) || empty($matches[1]) )
     942        return '';
     943
     944    $i = $matches[1];
     945    return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" );
    932946}
    933947
     
    938952 * in hex form.
    939953 *
    940  * @param string $h Hex string of encoded entity
     954 * @param array $matches preg_replace_callback() matches array
    941955 * @return string Correctly encoded entity
    942956 */
    943 function wp_kses_normalize_entities3($hexchars) {
    944     return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;");
     957function wp_kses_normalize_entities3($matches) {
     958    if ( ! isset($matches[2]) || empty($matches[2]) )
     959        return '';
     960
     961    $hexchars = $matches[2];
     962    return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" );
    945963}
    946964
Note: See TracChangeset for help on using the changeset viewer.