| author | ymh <ymh.work@gmail.com> |
| Mon, 14 Oct 2019 18:28:13 +0200 | |
| changeset 9 | 177826044cd9 |
| parent 7 | cf61fcea0001 |
| child 16 | a86126ab1dd4 |
| permissions | -rw-r--r-- |
|
7
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
1 |
<?php |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
2 |
/** |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
3 |
* Feed API: WP_SimplePie_Sanitize_KSES class |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
4 |
* |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
5 |
* @package WordPress |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
6 |
* @subpackage Feed |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
7 |
* @since 4.7.0 |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
8 |
*/ |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
9 |
|
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
10 |
/** |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
11 |
* Core class used to implement SimpliePie feed sanitization. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
12 |
* |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
13 |
* Extends the SimplePie_Sanitize class to use KSES, because |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
14 |
* we cannot universally count on DOMDocument being available. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
15 |
* |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
16 |
* @since 3.5.0 |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
17 |
* |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
18 |
* @see SimplePie_Sanitize |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
19 |
*/ |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
20 |
class WP_SimplePie_Sanitize_KSES extends SimplePie_Sanitize { |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
21 |
|
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
22 |
/** |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
23 |
* WordPress SimplePie sanitization using KSES. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
24 |
* |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
25 |
* Sanitizes the incoming data, to ensure that it matches the type of data expected, using KSES. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
26 |
* |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
27 |
* @since 3.5.0 |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
28 |
* |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
29 |
* @param mixed $data The data that needs to be sanitized. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
30 |
* @param integer $type The type of data that it's supposed to be. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
31 |
* @param string $base Optional. The `xml:base` value to use when converting relative |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
32 |
* URLs to absolute ones. Default empty. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
33 |
* @return mixed Sanitized data. |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
34 |
*/ |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
35 |
public function sanitize( $data, $type, $base = '' ) { |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
36 |
$data = trim( $data ); |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
37 |
if ( $type & SIMPLEPIE_CONSTRUCT_MAYBE_HTML ) { |
| 9 | 38 |
if ( preg_match( '/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data ) ) { |
|
7
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
39 |
$type |= SIMPLEPIE_CONSTRUCT_HTML; |
| 9 | 40 |
} else { |
|
7
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
41 |
$type |= SIMPLEPIE_CONSTRUCT_TEXT; |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
42 |
} |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
43 |
} |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
44 |
if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) { |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
45 |
$data = base64_decode( $data ); |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
46 |
} |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
47 |
if ( $type & ( SIMPLEPIE_CONSTRUCT_HTML | SIMPLEPIE_CONSTRUCT_XHTML ) ) { |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
48 |
$data = wp_kses_post( $data ); |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
49 |
if ( $this->output_encoding !== 'UTF-8' ) { |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
50 |
$data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) ); |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
51 |
} |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
52 |
return $data; |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
53 |
} else { |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
54 |
return parent::sanitize( $data, $type, $base ); |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
55 |
} |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
56 |
} |
|
cf61fcea0001
resynchronize code repo with production
ymh <ymh.work@gmail.com>
parents:
diff
changeset
|
57 |
} |