WordPress.org

Make WordPress Core

Changeset 8387


Ignore:
Timestamp:
07/21/08 05:11:00 (7 years ago)
Author:
azaozz
Message:

kses - don't use create_function in preg_replace_callback. Fixes #7363.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/kses.php

    r8386 r8387  
    851851    $string2 = preg_split('/:|:|:/i', $string, 2); 
    852852    if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) ) 
    853         $string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]); 
     853        $string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]); 
    854854    else 
    855         $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string); 
     855        $string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string); 
    856856 
    857857    return $string; 
     
    866866 * @since 1.0.0 
    867867 * 
    868  * @param string $string Content to check for bad protocols 
    869  * @param array $allowed_protocols Allowed protocols 
     868 * @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols 
    870869 * @return string Sanitized content 
    871870 */ 
    872 function wp_kses_bad_protocol_once2($string, $allowed_protocols) { 
     871function wp_kses_bad_protocol_once2($matches) { 
     872    global $_kses_allowed_protocols; 
     873 
     874    if ( is_array($matches) ) { 
     875        if ( ! isset($matches[1]) || empty($matches[1]) ) 
     876            return ''; 
     877 
     878        $string = $matches[1]; 
     879    } else { 
     880        $string = $matches; 
     881    } 
     882 
    873883    $string2 = wp_kses_decode_entities($string); 
    874884    $string2 = preg_replace('/\s/', '', $string2); 
     
    879889 
    880890    $allowed = false; 
    881     foreach ($allowed_protocols as $one_protocol) 
     891    foreach ( (array) $_kses_allowed_protocols as $one_protocol) 
    882892        if (strtolower($one_protocol) == $string2) { 
    883893            $allowed = true; 
     
    911921 
    912922    $string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string); 
    913     $string = preg_replace_callback('/&#0*([0-9]{1,5});/', create_function('$matches', 'return wp_kses_normalize_entities2($matches[1]);'), $string); 
    914     $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', create_function('$matches', 'return wp_kses_normalize_entities3($matches[2]);'), $string); 
     923    $string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string); 
     924    $string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string); 
    915925 
    916926    return $string; 
     
    925935 * @since 1.0.0 
    926936 * 
    927  * @param int $i Number encoded entity 
     937 * @param array $matches preg_replace_callback() matches array 
    928938 * @return string Correctly encoded entity 
    929939 */ 
    930 function wp_kses_normalize_entities2($i) { 
    931     return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;"); 
     940function wp_kses_normalize_entities2($matches) { 
     941    if ( ! isset($matches[1]) || empty($matches[1]) ) 
     942        return ''; 
     943 
     944    $i = $matches[1]; 
     945    return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" ); 
    932946} 
    933947 
     
    938952 * in hex form. 
    939953 * 
    940  * @param string $h Hex string of encoded entity 
     954 * @param array $matches preg_replace_callback() matches array 
    941955 * @return string Correctly encoded entity 
    942956 */ 
    943 function wp_kses_normalize_entities3($hexchars) { 
    944     return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;"); 
     957function wp_kses_normalize_entities3($matches) { 
     958    if ( ! isset($matches[2]) || empty($matches[2]) ) 
     959        return ''; 
     960 
     961    $hexchars = $matches[2]; 
     962    return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" ); 
    945963} 
    946964 
Note: See TracChangeset for help on using the changeset viewer.