Changeset 8837
- Timestamp:
- 09/06/2008 06:53:45 AM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/kses.php
r8671 r8837 25 25 26 26 /** 27 * You can override this in your my-hacks.php file 28 * You can also override this in a plugin file. The 29 * my-hacks.php is deprecated in its usage. 27 * You can override this in your my-hacks.php file You can also override this 28 * in a plugin file. The my-hacks.php is deprecated in its usage. 30 29 * 31 30 * @since 1.2.0 … … 36 35 if (!CUSTOM_TAGS) { 37 36 /** 38 * Kses global for default allowable HTML tags 37 * Kses global for default allowable HTML tags. 39 38 * 40 * Can be override by using CUSTOM_TAGS constant 39 * Can be override by using CUSTOM_TAGS constant. 40 * 41 41 * @global array $allowedposttags 42 42 * @since 2.0.0 … … 282 282 'type' => array ()), 283 283 'var' => array ()); 284 284 285 /** 285 * Kses allowed HTML elements 286 * Kses allowed HTML elements. 286 287 * 287 288 * @global array $allowedtags … … 324 325 325 326 /** 326 * wp_kses() -Filters content and keeps only allowable HTML elements.327 * 328 * This function makes sure that only the allowed HTML element names, 329 * attribute names and attribute values plus only sane HTML entities330 * will occur in $string. You have to remove any slashes from PHP's331 * magic quotes before youcall this function.332 * 333 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 334 * ' news', 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This335 * covers all common link protocols, except for 'javascript' which336 * should not be allowed foruntrusted users.327 * Filters content and keeps only allowable HTML elements. 328 * 329 * This function makes sure that only the allowed HTML element names, attribute 330 * names and attribute values plus only sane HTML entities will occur in 331 * $string. You have to remove any slashes from PHP's magic quotes before you 332 * call this function. 333 * 334 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 335 * 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common 336 * link protocols, except for 'javascript' which should not be allowed for 337 * untrusted users. 337 338 * 338 339 * @since 1.0.0 … … 353 354 354 355 /** 355 * wp_kses_hook() - You add any kses hooks here. 356 * 357 * There is currently only one kses WordPress hook and it is 358 * called here. All parameters are passed to the hooks and 359 * expected to recieve a string. 356 * You add any kses hooks here. 357 * 358 * There is currently only one kses WordPress hook and it is called here. All 359 * parameters are passed to the hooks and expected to recieve a string. 360 360 * 361 361 * @since 1.0.0 … … 372 372 373 373 /** 374 * wp_kses_version() -This function returns kses' version number.375 * 376 * @since 1.0.0 377 * 378 * @return string Version Number374 * This function returns kses' version number. 375 * 376 * @since 1.0.0 377 * 378 * @return string KSES Version Number 379 379 */ 380 380 function wp_kses_version() { … … 383 383 384 384 /** 385 * wp_kses_split() - Searches for HTML tags, no matter how malformed385 * Searches for HTML tags, no matter how malformed. 386 386 * 387 387 * It also matches stray ">" characters. … … 400 400 401 401 /** 402 * wp_kses_split2() - Callback for wp_kses_split for fixing malformed HTML tags403 * 404 * This function does a lot of work. It rejects some very malformed things 405 * like <:::>. It returns an empty string, if the element isn't allowed (look406 * ma, no strip_tags()!). Otherwise it splits the tag into an element and an407 * attributelist.402 * Callback for wp_kses_split for fixing malformed HTML tags. 403 * 404 * This function does a lot of work. It rejects some very malformed things like 405 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no 406 * strip_tags()!). Otherwise it splits the tag into an element and an attribute 407 * list. 408 408 * 409 409 * After the tag is split into an element and an attribute list, it is run 410 * through another filter which will remove illegal attributes and once 411 * that iscompleted, will be returned.410 * through another filter which will remove illegal attributes and once that is 411 * completed, will be returned. 412 412 * 413 413 * @access private … … 461 461 462 462 /** 463 * wp_kses_attr() - Removes all attributes, if none are allowed for this element463 * Removes all attributes, if none are allowed for this element. 464 464 * 465 465 * If some are allowed it calls wp_kses_hair() to split them further, and then 466 466 * it builds up new HTML code from the data that kses_hair() returns. It also 467 * removes "<" and ">" characters, if there are any left. One more thing it 468 * does is to check if the tag has a closing XHTML slash, and if it does, it469 * puts onein the returned code as well.467 * removes "<" and ">" characters, if there are any left. One more thing it does 468 * is to check if the tag has a closing XHTML slash, and if it does, it puts one 469 * in the returned code as well. 470 470 * 471 471 * @since 1.0.0 … … 532 532 533 533 /** 534 * wp_kses_hair() -Builds an attribute list from string containing attributes.534 * Builds an attribute list from string containing attributes. 535 535 * 536 536 * This function does a lot of work. It parses an attribute list into an array … … 661 661 662 662 /** 663 * wp_kses_check_attr_val() -Performs different checks for attribute values.663 * Performs different checks for attribute values. 664 664 * 665 665 * The currently implemented checks are "maxlen", "minlen", "maxval", "minval" … … 733 733 734 734 /** 735 * wp_kses_bad_protocol() - Sanitize string from bad protocols736 * 737 * This function removes all non-allowed protocols from the beginning 738 * of $string. It ignores whitespace and the case of the letters, and739 * it does understand HTML entities. It does its work in a while loop,740 * so it won't befooled by a string like "javascript:javascript:alert(57)".735 * Sanitize string from bad protocols. 736 * 737 * This function removes all non-allowed protocols from the beginning of 738 * $string. It ignores whitespace and the case of the letters, and it does 739 * understand HTML entities. It does its work in a while loop, so it won't be 740 * fooled by a string like "javascript:javascript:alert(57)". 741 741 * 742 742 * @since 1.0.0 … … 760 760 761 761 /** 762 * wp_kses_no_null() -Removes any NULL characters in $string.762 * Removes any NULL characters in $string. 763 763 * 764 764 * @since 1.0.0 … … 775 775 776 776 /** 777 * wp_kses_stripslashes() - Strips slashes from in front of quotes778 * 779 * This function changes the character sequence \" to just " 780 * It leaves all other slashes alone. It's really weird, but the781 * quoting frompreg_replace(//e) seems to require this.777 * Strips slashes from in front of quotes. 778 * 779 * This function changes the character sequence \" to just ". It leaves all 780 * other slashes alone. It's really weird, but the quoting from 781 * preg_replace(//e) seems to require this. 782 782 * 783 783 * @since 1.0.0 … … 791 791 792 792 /** 793 * wp_kses_array_lc() -Goes through an array and changes the keys to all lower case.793 * Goes through an array and changes the keys to all lower case. 794 794 * 795 795 * @since 1.0.0 … … 815 815 816 816 /** 817 * wp_kses_js_entities() -Removes the HTML JavaScript entities found in early versions of Netscape 4.817 * Removes the HTML JavaScript entities found in early versions of Netscape 4. 818 818 * 819 819 * @since 1.0.0 … … 827 827 828 828 /** 829 * wp_kses_html_error() - Handles parsing errors in wp_kses_hair()830 * 831 * The general plan is to remove everything to and including some 832 * whitespace,but it deals with quotes and apostrophes as well.829 * Handles parsing errors in wp_kses_hair(). 830 * 831 * The general plan is to remove everything to and including some whitespace, 832 * but it deals with quotes and apostrophes as well. 833 833 * 834 834 * @since 1.0.0 … … 842 842 843 843 /** 844 * wp_kses_bad_protocol_once() - Sanitizes content from bad protocols and other characters845 * 846 * This function searches for URL protocols at the beginning of $string, 847 * whilehandling whitespace and HTML entities.844 * Sanitizes content from bad protocols and other characters. 845 * 846 * This function searches for URL protocols at the beginning of $string, while 847 * handling whitespace and HTML entities. 848 848 * 849 849 * @since 1.0.0 … … 867 867 868 868 /** 869 * wp_kses_bad_protocol_once2() -Callback for wp_kses_bad_protocol_once() regular expression.869 * Callback for wp_kses_bad_protocol_once() regular expression. 870 870 * 871 871 * This function processes URL protocols, checks to see if they're in the … … 911 911 912 912 /** 913 * wp_kses_normalize_entities() - Converts and fixes HTML entities 914 * 915 * This function normalizes HTML entities. It will convert "AT&T" to the 916 * correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" 917 * and so on. 913 * Converts and fixes HTML entities. 914 * 915 * This function normalizes HTML entities. It will convert "AT&T" to the correct 916 * "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on. 918 917 * 919 918 * @since 1.0.0 … … 937 936 938 937 /** 939 * wp_kses_normalize_entities2() - Callback for wp_kses_normalize_entities() regular expression940 * 941 * This function helps wp_kses_normalize_entities() to only accept 16 bit 942 * valuesand nothing more for &#number; entities.938 * Callback for wp_kses_normalize_entities() regular expression. 939 * 940 * This function helps wp_kses_normalize_entities() to only accept 16 bit values 941 * and nothing more for &#number; entities. 943 942 * 944 943 * @access private … … 957 956 958 957 /** 959 * wp_kses_normalize_entities3() - Callback for wp_kses_normalize_entities() for regular expression960 * 961 * This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities962 * in hex form.958 * Callback for wp_kses_normalize_entities() for regular expression. 959 * 960 * This function helps wp_kses_normalize_entities() to only accept valid Unicode 961 * numeric entities in hex form. 963 962 * 964 963 * @access private … … 976 975 977 976 /** 978 * valid_unicode() -Helper function to determine if a Unicode value is valid.977 * Helper function to determine if a Unicode value is valid. 979 978 * 980 979 * @param int $i Unicode value … … 989 988 990 989 /** 991 * wp_kses_decode_entities() -Convert all entities to their character counterparts.992 * 993 * This function decodes numeric HTML entities (A and A). It 994 * doesn't do anything with other entities like ä, but we don't need995 * them in the URLprotocol whitelisting system anyway.990 * Convert all entities to their character counterparts. 991 * 992 * This function decodes numeric HTML entities (A and A). It doesn't do 993 * anything with other entities like ä, but we don't need them in the URL 994 * protocol whitelisting system anyway. 996 995 * 997 996 * @since 1.0.0 … … 1008 1007 1009 1008 /** 1010 * wp_filter_kses() - Sanitize content with allowed HTML Kses rules1009 * Sanitize content with allowed HTML Kses rules. 1011 1010 * 1012 1011 * @since 1.0.0 … … 1022 1021 1023 1022 /** 1024 * wp_filter_post_kses() - Sanitize content for allowed HTML tags for post content1025 * 1026 * Post content refers to the page contents of the 'post' type and not 1027 * $_POSTdata from forms.1023 * Sanitize content for allowed HTML tags for post content. 1024 * 1025 * Post content refers to the page contents of the 'post' type and not $_POST 1026 * data from forms. 1028 1027 * 1029 1028 * @since 2.0.0 … … 1039 1038 1040 1039 /** 1041 * wp_filter_nohtml_kses() - Strips all of the HTML in the content1040 * Strips all of the HTML in the content. 1042 1041 * 1043 1042 * @since 2.1.0 … … 1051 1050 1052 1051 /** 1053 * kses_init_filters() - Adds all Kses input form content filters1054 * 1055 * All hooks have default priority. The wp_filter_kses() fu cntion1056 * is added to the 'pre_comment_content' and 'title_save_pre'1057 * hooks. The wp_filter_post_kses() function is added to the1058 * 'content_save_pre', 'excerpt_save_pre', and 'content_filtered_save_pre'1059 * hooks.1052 * Adds all Kses input form content filters. 1053 * 1054 * All hooks have default priority. The wp_filter_kses() function is added to 1055 * the 'pre_comment_content' and 'title_save_pre' hooks. 1056 * 1057 * The wp_filter_post_kses() function is added to the 'content_save_pre', 1058 * 'excerpt_save_pre', and 'content_filtered_save_pre' hooks. 1060 1059 * 1061 1060 * @since 2.0.0 … … 1074 1073 1075 1074 /** 1076 * kses_remove_filters() - Removes all Kses input form content filters 1077 * 1078 * A quick procedural method to removing all of the filters 1079 * that kses uses for content in WordPress Loop. 1080 * 1081 * Does not remove the kses_init() function from 'init' hook 1082 * (priority is default). Also does not remove kses_init() 1083 * function from 'set_current_user' hook (priority is also 1084 * default). 1075 * Removes all Kses input form content filters. 1076 * 1077 * A quick procedural method to removing all of the filters that kses uses for 1078 * content in WordPress Loop. 1079 * 1080 * Does not remove the kses_init() function from 'init' hook (priority is 1081 * default). Also does not remove kses_init() function from 'set_current_user' 1082 * hook (priority is also default). 1085 1083 * 1086 1084 * @since 2.0.6 … … 1098 1096 1099 1097 /** 1100 * kses_init() - Sets up most of the Kses filters for input form content1098 * Sets up most of the Kses filters for input form content. 1101 1099 * 1102 1100 * If you remove the kses_init() function from 'init' hook and 1103 * 'set_current_user' (priority is default), then none of the 1104 * Kses filter hookswill be added.1105 * 1106 * First removes all of the Kses filters in case the current user 1107 * does not need to have Kses filter the content. If the user does1108 * not have unfiltered htmlcapability, then Kses filters are added.1101 * 'set_current_user' (priority is default), then none of the Kses filter hooks 1102 * will be added. 1103 * 1104 * First removes all of the Kses filters in case the current user does not need 1105 * to have Kses filter the content. If the user does not have unfiltered html 1106 * capability, then Kses filters are added. 1109 1107 * 1110 1108 * @uses kses_remove_filters() Removes the Kses filters
Note: See TracChangeset
for help on using the changeset viewer.