enmi-conf.org: wp/wp-includes/kses.php@5e2f62d02dcd (annotated)

0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	2	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	3	* kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	4	* Copyright (C) 2002, 2003, 2005 Ulf Harnhammar
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	5	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	6	* This program is free software and open source software; you can redistribute
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	7	* it and/or modify it under the terms of the GNU General Public License as
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	8	* published by the Free Software Foundation; either version 2 of the License,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	9	* or (at your option) any later version.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	10	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	11	* This program is distributed in the hope that it will be useful, but WITHOUT
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	14	* more details.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	15	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	16	* You should have received a copy of the GNU General Public License along
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	17	* with this program; if not, write to the Free Software Foundation, Inc.,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	18	* 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	19	* http://www.gnu.org/licenses/gpl.html
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	20	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	21	* [kses strips evil scripts!]
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	22	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	23	* Added wp_ prefix to avoid conflicts with existing kses users
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	24	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	25	* @version 0.2.2
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	26	* @copyright (C) 2002, 2003, 2005
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	27	* @author Ulf Harnhammar <http://advogato.org/person/metaur/>
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	28	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	29	* @package External
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	30	* @subpackage KSES
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	31	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	32	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	33
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	34	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	35	* You can override this in a plugin.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	36	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	37	* The wp_kses_allowed_html filter is more powerful and supplies context.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	38	* CUSTOM_TAGS is not recommended and should be considered deprecated.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	39	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	40	* @see wp_kses_allowed_html()
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	41	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	42	* @since 1.2.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	43	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	44	if ( ! defined( 'CUSTOM_TAGS' ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	45	define( 'CUSTOM_TAGS', false );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	46
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	47	// Ensure that these variables are added to the global namespace
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	48	// (e.g. if using namespaces / autoload in the current PHP environment).
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	49	global $allowedposttags, $allowedtags, $allowedentitynames;
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	50
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	51	if ( ! CUSTOM_TAGS ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	52	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	53	* Kses global for default allowable HTML tags.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	54	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	55	* Can be override by using CUSTOM_TAGS constant.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	56	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	57	* @global array $allowedposttags
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	58	* @since 2.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	59	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	60	$allowedposttags = array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	61	'address' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	62	'a' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	63	'href' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	64	'rel' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	65	'rev' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	66	'name' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	67	'target' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	68	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	69	'abbr' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	70	'acronym' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	71	'area' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	72	'alt' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	73	'coords' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	74	'href' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	75	'nohref' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	76	'shape' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	77	'target' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	78	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	79	'article' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	80	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	81	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	82	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	83	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	84	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	85	'aside' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	86	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	87	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	88	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	89	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	90	),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	91	'audio' => array(
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	92	'autoplay' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	93	'controls' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	94	'loop' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	95	'muted' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	96	'preload' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	97	'src' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	98	),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	99	'b' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	100	'big' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	101	'blockquote' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	102	'cite' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	103	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	104	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	105	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	106	'br' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	107	'button' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	108	'disabled' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	109	'name' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	110	'type' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	111	'value' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	112	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	113	'caption' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	114	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	115	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	116	'cite' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	117	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	118	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	119	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	120	'code' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	121	'col' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	122	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	123	'char' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	124	'charoff' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	125	'span' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	126	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	127	'valign' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	128	'width' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	129	),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	130	'colgroup' => array(
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	131	'align' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	132	'char' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	133	'charoff' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	134	'span' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	135	'valign' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	136	'width' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	137	),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	138	'del' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	139	'datetime' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	140	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	141	'dd' => array(),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	142	'dfn' => array(),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	143	'details' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	144	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	145	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	146	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	147	'open' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	148	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	149	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	150	'div' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	151	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	152	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	153	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	154	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	155	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	156	'dl' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	157	'dt' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	158	'em' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	159	'fieldset' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	160	'figure' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	161	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	162	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	163	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	164	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	165	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	166	'figcaption' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	167	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	168	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	169	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	170	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	171	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	172	'font' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	173	'color' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	174	'face' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	175	'size' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	176	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	177	'footer' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	178	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	179	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	180	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	181	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	182	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	183	'form' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	184	'action' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	185	'accept' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	186	'accept-charset' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	187	'enctype' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	188	'method' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	189	'name' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	190	'target' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	191	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	192	'h1' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	193	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	194	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	195	'h2' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	196	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	197	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	198	'h3' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	199	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	200	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	201	'h4' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	202	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	203	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	204	'h5' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	205	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	206	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	207	'h6' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	208	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	209	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	210	'header' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	211	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	212	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	213	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	214	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	215	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	216	'hgroup' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	217	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	218	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	219	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	220	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	221	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	222	'hr' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	223	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	224	'noshade' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	225	'size' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	226	'width' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	227	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	228	'i' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	229	'img' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	230	'alt' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	231	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	232	'border' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	233	'height' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	234	'hspace' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	235	'longdesc' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	236	'vspace' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	237	'src' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	238	'usemap' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	239	'width' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	240	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	241	'ins' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	242	'datetime' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	243	'cite' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	244	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	245	'kbd' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	246	'label' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	247	'for' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	248	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	249	'legend' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	250	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	251	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	252	'li' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	253	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	254	'value' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	255	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	256	'map' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	257	'name' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	258	),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	259	'mark' => array(),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	260	'menu' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	261	'type' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	262	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	263	'nav' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	264	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	265	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	266	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	267	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	268	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	269	'p' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	270	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	271	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	272	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	273	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	274	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	275	'pre' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	276	'width' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	277	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	278	'q' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	279	'cite' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	280	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	281	's' => array(),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	282	'samp' => array(),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	283	'span' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	284	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	285	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	286	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	287	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	288	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	289	'section' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	290	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	291	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	292	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	293	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	294	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	295	'small' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	296	'strike' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	297	'strong' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	298	'sub' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	299	'summary' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	300	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	301	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	302	'lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	303	'xml:lang' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	304	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	305	'sup' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	306	'table' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	307	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	308	'bgcolor' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	309	'border' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	310	'cellpadding' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	311	'cellspacing' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	312	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	313	'rules' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	314	'summary' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	315	'width' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	316	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	317	'tbody' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	318	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	319	'char' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	320	'charoff' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	321	'valign' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	322	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	323	'td' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	324	'abbr' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	325	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	326	'axis' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	327	'bgcolor' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	328	'char' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	329	'charoff' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	330	'colspan' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	331	'dir' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	332	'headers' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	333	'height' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	334	'nowrap' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	335	'rowspan' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	336	'scope' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	337	'valign' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	338	'width' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	339	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	340	'textarea' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	341	'cols' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	342	'rows' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	343	'disabled' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	344	'name' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	345	'readonly' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	346	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	347	'tfoot' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	348	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	349	'char' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	350	'charoff' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	351	'valign' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	352	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	353	'th' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	354	'abbr' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	355	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	356	'axis' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	357	'bgcolor' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	358	'char' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	359	'charoff' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	360	'colspan' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	361	'headers' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	362	'height' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	363	'nowrap' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	364	'rowspan' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	365	'scope' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	366	'valign' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	367	'width' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	368	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	369	'thead' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	370	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	371	'char' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	372	'charoff' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	373	'valign' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	374	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	375	'title' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	376	'tr' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	377	'align' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	378	'bgcolor' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	379	'char' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	380	'charoff' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	381	'valign' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	382	),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	383	'track' => array(
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	384	'default' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	385	'kind' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	386	'label' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	387	'src' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	388	'srclang' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	389	),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	390	'tt' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	391	'u' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	392	'ul' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	393	'type' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	394	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	395	'ol' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	396	'start' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	397	'type' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	398	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	399	'var' => array(),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	400	'video' => array(
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	401	'autoplay' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	402	'controls' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	403	'height' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	404	'loop' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	405	'muted' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	406	'poster' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	407	'preload' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	408	'src' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	409	'width' => true,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	410	),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	411	);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	412
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	413	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	414	* Kses allowed HTML elements.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	415	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	416	* @global array $allowedtags
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	417	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	418	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	419	$allowedtags = array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	420	'a' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	421	'href' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	422	'title' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	423	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	424	'abbr' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	425	'title' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	426	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	427	'acronym' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	428	'title' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	429	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	430	'b' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	431	'blockquote' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	432	'cite' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	433	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	434	'cite' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	435	'code' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	436	'del' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	437	'datetime' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	438	),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	439	'em' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	440	'i' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	441	'q' => array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	442	'cite' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	443	),
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	444	's' => array(),
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	445	'strike' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	446	'strong' => array(),
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	447	);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	448
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	449	$allowedentitynames = array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	450	'nbsp', 'iexcl', 'cent', 'pound', 'curren', 'yen',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	451	'brvbar', 'sect', 'uml', 'copy', 'ordf', 'laquo',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	452	'not', 'shy', 'reg', 'macr', 'deg', 'plusmn',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	453	'acute', 'micro', 'para', 'middot', 'cedil', 'ordm',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	454	'raquo', 'iquest', 'Agrave', 'Aacute', 'Acirc', 'Atilde',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	455	'Auml', 'Aring', 'AElig', 'Ccedil', 'Egrave', 'Eacute',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	456	'Ecirc', 'Euml', 'Igrave', 'Iacute', 'Icirc', 'Iuml',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	457	'ETH', 'Ntilde', 'Ograve', 'Oacute', 'Ocirc', 'Otilde',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	458	'Ouml', 'times', 'Oslash', 'Ugrave', 'Uacute', 'Ucirc',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	459	'Uuml', 'Yacute', 'THORN', 'szlig', 'agrave', 'aacute',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	460	'acirc', 'atilde', 'auml', 'aring', 'aelig', 'ccedil',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	461	'egrave', 'eacute', 'ecirc', 'euml', 'igrave', 'iacute',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	462	'icirc', 'iuml', 'eth', 'ntilde', 'ograve', 'oacute',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	463	'ocirc', 'otilde', 'ouml', 'divide', 'oslash', 'ugrave',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	464	'uacute', 'ucirc', 'uuml', 'yacute', 'thorn', 'yuml',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	465	'quot', 'amp', 'lt', 'gt', 'apos', 'OElig',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	466	'oelig', 'Scaron', 'scaron', 'Yuml', 'circ', 'tilde',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	467	'ensp', 'emsp', 'thinsp', 'zwnj', 'zwj', 'lrm',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	468	'rlm', 'ndash', 'mdash', 'lsquo', 'rsquo', 'sbquo',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	469	'ldquo', 'rdquo', 'bdquo', 'dagger', 'Dagger', 'permil',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	470	'lsaquo', 'rsaquo', 'euro', 'fnof', 'Alpha', 'Beta',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	471	'Gamma', 'Delta', 'Epsilon', 'Zeta', 'Eta', 'Theta',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	472	'Iota', 'Kappa', 'Lambda', 'Mu', 'Nu', 'Xi',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	473	'Omicron', 'Pi', 'Rho', 'Sigma', 'Tau', 'Upsilon',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	474	'Phi', 'Chi', 'Psi', 'Omega', 'alpha', 'beta',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	475	'gamma', 'delta', 'epsilon', 'zeta', 'eta', 'theta',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	476	'iota', 'kappa', 'lambda', 'mu', 'nu', 'xi',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	477	'omicron', 'pi', 'rho', 'sigmaf', 'sigma', 'tau',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	478	'upsilon', 'phi', 'chi', 'psi', 'omega', 'thetasym',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	479	'upsih', 'piv', 'bull', 'hellip', 'prime', 'Prime',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	480	'oline', 'frasl', 'weierp', 'image', 'real', 'trade',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	481	'alefsym', 'larr', 'uarr', 'rarr', 'darr', 'harr',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	482	'crarr', 'lArr', 'uArr', 'rArr', 'dArr', 'hArr',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	483	'forall', 'part', 'exist', 'empty', 'nabla', 'isin',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	484	'notin', 'ni', 'prod', 'sum', 'minus', 'lowast',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	485	'radic', 'prop', 'infin', 'ang', 'and', 'or',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	486	'cap', 'cup', 'int', 'sim', 'cong', 'asymp',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	487	'ne', 'equiv', 'le', 'ge', 'sub', 'sup',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	488	'nsub', 'sube', 'supe', 'oplus', 'otimes', 'perp',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	489	'sdot', 'lceil', 'rceil', 'lfloor', 'rfloor', 'lang',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	490	'rang', 'loz', 'spades', 'clubs', 'hearts', 'diams',
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	491	'sup1', 'sup2', 'sup3', 'frac14', 'frac12', 'frac34',
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	492	'there4',
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	493	);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	494
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	495	$allowedposttags = array_map( '_wp_add_global_attributes', $allowedposttags );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	496	} else {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	497	$allowedtags = wp_kses_array_lc( $allowedtags );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	498	$allowedposttags = wp_kses_array_lc( $allowedposttags );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	499	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	500
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	501	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	502	* Filters content and keeps only allowable HTML elements.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	503	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	504	* This function makes sure that only the allowed HTML element names, attribute
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	505	* names and attribute values plus only sane HTML entities will occur in
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	506	* $string. You have to remove any slashes from PHP's magic quotes before you
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	507	* call this function.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	508	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	509	* The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	510	* 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	511	* covers all common link protocols, except for 'javascript' which should not
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	512	* be allowed for untrusted users.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	513	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	514	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	515	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	516	* @param string $string Content to filter through kses
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	517	* @param array $allowed_html List of allowed HTML elements
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	518	* @param array $allowed_protocols Optional. Allowed protocol in links.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	519	* @return string Filtered content with only allowed HTML elements
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	520	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	521	function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	522	if ( empty( $allowed_protocols ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	523	$allowed_protocols = wp_allowed_protocols();
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	524	$string = wp_kses_no_null($string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	525	$string = wp_kses_js_entities($string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	526	$string = wp_kses_normalize_entities($string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	527	$string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	528	return wp_kses_split($string, $allowed_html, $allowed_protocols);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	529	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	530
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	531	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	532	* Return a list of allowed tags and attributes for a given context.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	533	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	534	* @since 3.5.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	535	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	536	* @param string $context The context for which to retrieve tags. Allowed values are
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	537	* post \| strip \| data \| entities or the name of a field filter such as pre_user_description.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	538	* @return array List of allowed tags and their allowed attributes.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	539	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	540	function wp_kses_allowed_html( $context = '' ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	541	global $allowedposttags, $allowedtags, $allowedentitynames;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	542
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	543	if ( is_array( $context ) ) {
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	544	/**
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	545	* Filter HTML elements allowed for a given context.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	546	*
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	547	* @since 3.5.0
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	548	*
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	549	* @param string $tags Allowed tags, attributes, and/or entities.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	550	* @param string $context Context to judge allowed tags by. Allowed values are 'post',
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	551	* 'data', 'strip', 'entities', 'explicit', or the name of a filter.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	552	*/
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	553	return apply_filters( 'wp_kses_allowed_html', $context, 'explicit' );
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	554	}
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	555
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	556	switch ( $context ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	557	case 'post':
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	558	/** This filter is documented in wp-includes/kses.php */
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	559	return apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	560
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	561	case 'user_description':
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	562	case 'pre_user_description':
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	563	$tags = $allowedtags;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	564	$tags['a']['rel'] = true;
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	565	/** This filter is documented in wp-includes/kses.php */
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	566	return apply_filters( 'wp_kses_allowed_html', $tags, $context );
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	567
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	568	case 'strip':
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	569	/** This filter is documented in wp-includes/kses.php */
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	570	return apply_filters( 'wp_kses_allowed_html', array(), $context );
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	571
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	572	case 'entities':
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	573	/** This filter is documented in wp-includes/kses.php */
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	574	return apply_filters( 'wp_kses_allowed_html', $allowedentitynames, $context);
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	575
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	576	case 'data':
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	577	default:
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	578	/** This filter is documented in wp-includes/kses.php */
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	579	return apply_filters( 'wp_kses_allowed_html', $allowedtags, $context );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	580	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	581	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	582
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	583	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	584	* You add any kses hooks here.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	585	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	586	* There is currently only one kses WordPress hook and it is called here. All
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	587	* parameters are passed to the hooks and expected to receive a string.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	588	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	589	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	590	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	591	* @param string $string Content to filter through kses
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	592	* @param array $allowed_html List of allowed HTML elements
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	593	* @param array $allowed_protocols Allowed protocol in links
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	594	* @return string Filtered content through 'pre_kses' hook
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	595	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	596	function wp_kses_hook( $string, $allowed_html, $allowed_protocols ) {
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	597	/**
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	598	* Filter content to be run through kses.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	599	*
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	600	* @since 2.3.0
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	601	*
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	602	* @param string $string Content to run through kses.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	603	* @param array $allowed_html Allowed HTML elements.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	604	* @param array $allowed_protocols Allowed protocol in links.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	605	*/
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	606	$string = apply_filters( 'pre_kses', $string, $allowed_html, $allowed_protocols );
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	607	return $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	608	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	609
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	610	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	611	* This function returns kses' version number.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	612	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	613	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	614	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	615	* @return string KSES Version Number
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	616	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	617	function wp_kses_version() {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	618	return '0.2.2';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	619	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	620
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	621	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	622	* Searches for HTML tags, no matter how malformed.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	623	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	624	* It also matches stray ">" characters.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	625	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	626	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	627	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	628	* @param string $string Content to filter
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	629	* @param array $allowed_html Allowed HTML elements
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	630	* @param array $allowed_protocols Allowed protocols to keep
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	631	* @return string Content with fixed HTML tags
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	632	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	633	function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	634	global $pass_allowed_html, $pass_allowed_protocols;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	635	$pass_allowed_html = $allowed_html;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	636	$pass_allowed_protocols = $allowed_protocols;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	637	return preg_replace_callback( '%(<!--.?(-->\|$))\|(<[^>](>\|$)\|>)%', '_wp_kses_split_callback', $string );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	638	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	639
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	640	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	641	* Callback for wp_kses_split.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	642	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	643	* @since 3.1.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	644	* @access private
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	645	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	646	function _wp_kses_split_callback( $match ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	647	global $pass_allowed_html, $pass_allowed_protocols;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	648	return wp_kses_split2( $match[0], $pass_allowed_html, $pass_allowed_protocols );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	649	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	650
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	651	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	652	* Callback for wp_kses_split for fixing malformed HTML tags.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	653	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	654	* This function does a lot of work. It rejects some very malformed things like
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	655	* <:::>. It returns an empty string, if the element isn't allowed (look ma, no
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	656	* strip_tags()!). Otherwise it splits the tag into an element and an attribute
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	657	* list.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	658	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	659	* After the tag is split into an element and an attribute list, it is run
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	660	* through another filter which will remove illegal attributes and once that is
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	661	* completed, will be returned.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	662	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	663	* @access private
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	664	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	665	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	666	* @param string $string Content to filter
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	667	* @param array $allowed_html Allowed HTML elements
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	668	* @param array $allowed_protocols Allowed protocols to keep
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	669	* @return string Fixed HTML element
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	670	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	671	function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	672	$string = wp_kses_stripslashes($string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	673
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	674	if (substr($string, 0, 1) != '<')
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	675	return '>';
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	676	// It matched a ">" character
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	677
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	678	if ( '<!--' == substr( $string, 0, 4 ) ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	679	$string = str_replace( array('<!--', '-->'), '', $string );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	680	while ( $string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols)) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	681	$string = $newstring;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	682	if ( $string == '' )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	683	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	684	// prevent multiple dashes in comments
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	685	$string = preg_replace('/--+/', '-', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	686	// prevent three dashes closing a comment
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	687	$string = preg_replace('/-$/', '', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	688	return "<!--{$string}-->";
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	689	}
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	690	// Allow HTML comments
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	691
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	692	if (!preg_match('%^<\s(/\s)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches))
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	693	return '';
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	694	// It's seriously malformed
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	695
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	696	$slash = trim($matches[1]);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	697	$elem = $matches[2];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	698	$attrlist = $matches[3];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	699
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	700	if ( ! is_array( $allowed_html ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	701	$allowed_html = wp_kses_allowed_html( $allowed_html );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	702
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	703	if ( ! isset($allowed_html[strtolower($elem)]) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	704	return '';
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	705	// They are using a not allowed HTML element
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	706
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	707	if ($slash != '')
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	708	return "</$elem>";
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	709	// No attributes are allowed for closing elements
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	710
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	711	return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	712	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	713
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	714	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	715	* Removes all attributes, if none are allowed for this element.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	716	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	717	* If some are allowed it calls wp_kses_hair() to split them further, and then
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	718	* it builds up new HTML code from the data that kses_hair() returns. It also
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	719	* removes "<" and ">" characters, if there are any left. One more thing it does
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	720	* is to check if the tag has a closing XHTML slash, and if it does, it puts one
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	721	* in the returned code as well.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	722	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	723	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	724	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	725	* @param string $element HTML element/tag
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	726	* @param string $attr HTML attributes from HTML element to closing HTML element tag
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	727	* @param array $allowed_html Allowed HTML elements
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	728	* @param array $allowed_protocols Allowed protocols to keep
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	729	* @return string Sanitized HTML element
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	730	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	731	function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	732	// Is there a closing XHTML slash at the end of the attributes?
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	733
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	734	if ( ! is_array( $allowed_html ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	735	$allowed_html = wp_kses_allowed_html( $allowed_html );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	736
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	737	$xhtml_slash = '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	738	if (preg_match('%\s/\s$%', $attr))
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	739	$xhtml_slash = ' /';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	740
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	741	// Are any attributes allowed at all for this element?
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	742	if ( ! isset($allowed_html[strtolower($element)]) \|\| count($allowed_html[strtolower($element)]) == 0 )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	743	return "<$element$xhtml_slash>";
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	744
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	745	// Split it
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	746	$attrarr = wp_kses_hair($attr, $allowed_protocols);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	747
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	748	// Go through $attrarr, and save the allowed attributes for this element
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	749	// in $attr2
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	750	$attr2 = '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	751
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	752	$allowed_attr = $allowed_html[strtolower($element)];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	753	foreach ($attrarr as $arreach) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	754	if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) )
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	755	continue; // the attribute is not allowed
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	756
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	757	$current = $allowed_attr[strtolower($arreach['name'])];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	758	if ( $current == '' )
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	759	continue; // the attribute is not allowed
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	760
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	761	if ( strtolower( $arreach['name'] ) == 'style' ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	762	$orig_value = $arreach['value'];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	763	$value = safecss_filter_attr( $orig_value );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	764
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	765	if ( empty( $value ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	766	continue;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	767
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	768	$arreach['value'] = $value;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	769	$arreach['whole'] = str_replace( $orig_value, $value, $arreach['whole'] );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	770	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	771
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	772	if ( ! is_array($current) ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	773	$attr2 .= ' '.$arreach['whole'];
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	774	// there are no checks
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	775
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	776	} else {
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	777	// there are some checks
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	778	$ok = true;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	779	foreach ($current as $currkey => $currval) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	780	if ( ! wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval) ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	781	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	782	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	783	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	784	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	785
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	786	if ( $ok )
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	787	$attr2 .= ' '.$arreach['whole']; // it passed them
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	788	} // if !is_array($current)
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	789	} // foreach
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	790
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	791	// Remove any "<" or ">" characters
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	792	$attr2 = preg_replace('/[<>]/', '', $attr2);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	793
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	794	return "<$element$attr2$xhtml_slash>";
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	795	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	796
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	797	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	798	* Builds an attribute list from string containing attributes.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	799	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	800	* This function does a lot of work. It parses an attribute list into an array
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	801	* with attribute data, and tries to do the right thing even if it gets weird
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	802	* input. It will add quotes around attribute values that don't have any quotes
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	803	* or apostrophes around them, to make it easier to produce HTML code that will
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	804	* conform to W3C's HTML specification. It will also remove bad URL protocols
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	805	* from attribute values. It also reduces duplicate attributes by using the
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	806	* attribute defined first (foo='bar' foo='baz' will result in foo='bar').
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	807	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	808	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	809	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	810	* @param string $attr Attribute list from HTML element to closing HTML element tag
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	811	* @param array $allowed_protocols Allowed protocols to keep
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	812	* @return array List of attributes after parsing
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	813	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	814	function wp_kses_hair($attr, $allowed_protocols) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	815	$attrarr = array();
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	816	$mode = 0;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	817	$attrname = '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	818	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	819
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	820	// Loop through the whole attribute list
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	821
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	822	while (strlen($attr) != 0) {
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	823	$working = 0; // Was the last operation successful?
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	824
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	825	switch ($mode) {
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	826	case 0 : // attribute name, href for instance
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	827
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	828	if ( preg_match('/^([-a-zA-Z:]+)/', $attr, $match ) ) {
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	829	$attrname = $match[1];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	830	$working = $mode = 1;
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	831	$attr = preg_replace( '/^[-a-zA-Z:]+/', '', $attr );
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	832	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	833
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	834	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	835
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	836	case 1 : // equals sign or valueless ("selected")
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	837
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	838	if (preg_match('/^\s=\s/', $attr)) // equals sign
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	839	{
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	840	$working = 1;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	841	$mode = 2;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	842	$attr = preg_replace('/^\s=\s/', '', $attr);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	843	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	844	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	845
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	846	if (preg_match('/^\s+/', $attr)) // valueless
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	847	{
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	848	$working = 1;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	849	$mode = 0;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	850	if(false === array_key_exists($attrname, $attrarr)) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	851	$attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	852	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	853	$attr = preg_replace('/^\s+/', '', $attr);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	854	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	855
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	856	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	857
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	858	case 2 : // attribute value, a URL after href= for instance
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	859
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	860	if (preg_match('%^"([^"]*)"(\s+\|/?$)%', $attr, $match))
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	861	// "value"
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	862	{
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	863	$thisval = $match[1];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	864	if ( in_array(strtolower($attrname), $uris) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	865	$thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	866
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	867	if(false === array_key_exists($attrname, $attrarr)) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	868	$attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	869	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	870	$working = 1;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	871	$mode = 0;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	872	$attr = preg_replace('/^"[^"]*"(\s+\|$)/', '', $attr);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	873	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	874	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	875
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	876	if (preg_match("%^'([^']*)'(\s+\|/?$)%", $attr, $match))
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	877	// 'value'
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	878	{
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	879	$thisval = $match[1];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	880	if ( in_array(strtolower($attrname), $uris) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	881	$thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	882
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	883	if(false === array_key_exists($attrname, $attrarr)) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	884	$attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	885	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	886	$working = 1;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	887	$mode = 0;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	888	$attr = preg_replace("/^'[^']*'(\s+\|$)/", '', $attr);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	889	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	890	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	891
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	892	if (preg_match("%^([^\s\"']+)(\s+\|/?$)%", $attr, $match))
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	893	// value
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	894	{
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	895	$thisval = $match[1];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	896	if ( in_array(strtolower($attrname), $uris) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	897	$thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	898
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	899	if(false === array_key_exists($attrname, $attrarr)) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	900	$attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	901	}
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	902	// We add quotes to conform to W3C's HTML spec.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	903	$working = 1;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	904	$mode = 0;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	905	$attr = preg_replace("%^[^\s\"']+(\s+\|$)%", '', $attr);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	906	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	907
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	908	break;
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	909	} // switch
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	910
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	911	if ($working == 0) // not well formed, remove and try again
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	912	{
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	913	$attr = wp_kses_html_error($attr);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	914	$mode = 0;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	915	}
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	916	} // while
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	917
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	918	if ($mode == 1 && false === array_key_exists($attrname, $attrarr))
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	919	// special case, for when the attribute list ends with a valueless
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	920	// attribute like "selected"
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	921	$attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	922
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	923	return $attrarr;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	924	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	925
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	926	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	927	* Performs different checks for attribute values.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	928	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	929	* The currently implemented checks are "maxlen", "minlen", "maxval", "minval"
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	930	* and "valueless".
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	931	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	932	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	933	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	934	* @param string $value Attribute value
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	935	* @param string $vless Whether the value is valueless. Use 'y' or 'n'
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	936	* @param string $checkname What $checkvalue is checking for.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	937	* @param mixed $checkvalue What constraint the value should pass
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	938	* @return bool Whether check passes
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	939	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	940	function wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	941	$ok = true;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	942
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	943	switch (strtolower($checkname)) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	944	case 'maxlen' :
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	945	// The maxlen check makes sure that the attribute value has a length not
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	946	// greater than the given value. This can be used to avoid Buffer Overflows
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	947	// in WWW clients and various Internet servers.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	948
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	949	if (strlen($value) > $checkvalue)
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	950	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	951	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	952
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	953	case 'minlen' :
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	954	// The minlen check makes sure that the attribute value has a length not
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	955	// smaller than the given value.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	956
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	957	if (strlen($value) < $checkvalue)
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	958	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	959	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	960
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	961	case 'maxval' :
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	962	// The maxval check does two things: it checks that the attribute value is
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	963	// an integer from 0 and up, without an excessive amount of zeroes or
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	964	// whitespace (to avoid Buffer Overflows). It also checks that the attribute
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	965	// value is not greater than the given value.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	966	// This check can be used to avoid Denial of Service attacks.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	967
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	968	if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	969	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	970	if ($value > $checkvalue)
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	971	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	972	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	973
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	974	case 'minval' :
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	975	// The minval check makes sure that the attribute value is a positive integer,
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	976	// and that it is not smaller than the given value.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	977
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	978	if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	979	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	980	if ($value < $checkvalue)
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	981	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	982	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	983
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	984	case 'valueless' :
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	985	// The valueless check makes sure if the attribute has a value
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	986	// (like <a href="blah">) or not (<option selected>). If the given value
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	987	// is a "y" or a "Y", the attribute must not have a value.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	988	// If the given value is an "n" or an "N", the attribute must have one.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	989
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	990	if (strtolower($checkvalue) != $vless)
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	991	$ok = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	992	break;
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	993	} // switch
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	994
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	995	return $ok;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	996	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	997
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	998	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	999	* Sanitize string from bad protocols.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1000	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1001	* This function removes all non-allowed protocols from the beginning of
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1002	* $string. It ignores whitespace and the case of the letters, and it does
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1003	* understand HTML entities. It does its work in a while loop, so it won't be
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1004	* fooled by a string like "javascript:javascript:alert(57)".
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1005	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1006	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1007	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1008	* @param string $string Content to filter bad protocols from
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1009	* @param array $allowed_protocols Allowed protocols to keep
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1010	* @return string Filtered content
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1011	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1012	function wp_kses_bad_protocol($string, $allowed_protocols) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1013	$string = wp_kses_no_null($string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1014	$iterations = 0;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1015
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1016	do {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1017	$original_string = $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1018	$string = wp_kses_bad_protocol_once($string, $allowed_protocols);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1019	} while ( $original_string != $string && ++$iterations < 6 );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1020
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1021	if ( $original_string != $string )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1022	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1023
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1024	return $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1025	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1026
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1027	/**
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1028	* Removes any invalid control characters in $string.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1029	*
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1030	* Also removes any instance of the '\0' string.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1031	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1032	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1033	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1034	* @param string $string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1035	* @return string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1036	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1037	function wp_kses_no_null($string) {
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1038	$string = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $string);
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1039	$string = preg_replace('/(\\\\0)+/', '', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1040
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1041	return $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1042	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1043
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1044	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1045	* Strips slashes from in front of quotes.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1046	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1047	* This function changes the character sequence \" to just ". It leaves all
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1048	* other slashes alone. It's really weird, but the quoting from
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1049	* preg_replace(//e) seems to require this.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1050	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1051	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1052	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1053	* @param string $string String to strip slashes
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1054	* @return string Fixed string with quoted slashes
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1055	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1056	function wp_kses_stripslashes($string) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1057	return preg_replace('%\\\\"%', '"', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1058	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1059
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1060	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1061	* Goes through an array and changes the keys to all lower case.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1062	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1063	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1064	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1065	* @param array $inarray Unfiltered array
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1066	* @return array Fixed array with all lowercase keys
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1067	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1068	function wp_kses_array_lc($inarray) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1069	$outarray = array ();
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1070
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1071	foreach ( (array) $inarray as $inkey => $inval) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1072	$outkey = strtolower($inkey);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1073	$outarray[$outkey] = array ();
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1074
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1075	foreach ( (array) $inval as $inkey2 => $inval2) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1076	$outkey2 = strtolower($inkey2);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1077	$outarray[$outkey][$outkey2] = $inval2;
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1078	} // foreach $inval
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1079	} // foreach $inarray
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1080
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1081	return $outarray;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1082	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1083
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1084	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1085	* Removes the HTML JavaScript entities found in early versions of Netscape 4.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1086	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1087	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1088	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1089	* @param string $string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1090	* @return string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1091	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1092	function wp_kses_js_entities($string) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1093	return preg_replace('%&\s\{[^}](\}\s*;?\|$)%', '', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1094	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1095
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1096	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1097	* Handles parsing errors in wp_kses_hair().
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1098	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1099	* The general plan is to remove everything to and including some whitespace,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1100	* but it deals with quotes and apostrophes as well.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1101	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1102	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1103	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1104	* @param string $string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1105	* @return string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1106	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1107	function wp_kses_html_error($string) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1108	return preg_replace('/^("[^"]("\|$)\|\'[^\'](\'\|$)\|\S)\s/', '', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1109	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1110
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1111	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1112	* Sanitizes content from bad protocols and other characters.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1113	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1114	* This function searches for URL protocols at the beginning of $string, while
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1115	* handling whitespace and HTML entities.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1116	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1117	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1118	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1119	* @param string $string Content to check for bad protocols
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1120	* @param string $allowed_protocols Allowed protocols
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1121	* @return string Sanitized content
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1122	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1123	function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1124	$string2 = preg_split( '/:\|&#058;\|&#x03a;/i', $string, 2 );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1125	if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1126	$string = trim( $string2[1] );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1127	$protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1128	if ( 'feed:' == $protocol ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1129	if ( $count > 2 )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1130	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1131	$string = wp_kses_bad_protocol_once( $string, $allowed_protocols, ++$count );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1132	if ( empty( $string ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1133	return $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1134	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1135	$string = $protocol . $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1136	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1137
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1138	return $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1139	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1140
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1141	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1142	* Callback for wp_kses_bad_protocol_once() regular expression.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1143	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1144	* This function processes URL protocols, checks to see if they're in the
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1145	* whitelist or not, and returns different data depending on the answer.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1146	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1147	* @access private
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1148	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1149	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1150	* @param string $string URI scheme to check against the whitelist
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1151	* @param string $allowed_protocols Allowed protocols
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1152	* @return string Sanitized content
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1153	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1154	function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1155	$string2 = wp_kses_decode_entities($string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1156	$string2 = preg_replace('/\s/', '', $string2);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1157	$string2 = wp_kses_no_null($string2);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1158	$string2 = strtolower($string2);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1159
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1160	$allowed = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1161	foreach ( (array) $allowed_protocols as $one_protocol )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1162	if ( strtolower($one_protocol) == $string2 ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1163	$allowed = true;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1164	break;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1165	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1166
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1167	if ($allowed)
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1168	return "$string2:";
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1169	else
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1170	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1171	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1172
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1173	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1174	* Converts and fixes HTML entities.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1175	*
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1176	* This function normalizes HTML entities. It will convert `AT&T` to the correct
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1177	* `AT&T`, `:` to `:`, `&#XYZZY;` to `&#XYZZY;` and so on.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1178	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1179	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1180	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1181	* @param string $string Content to normalize entities
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1182	* @return string Content with normalized entities
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1183	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1184	function wp_kses_normalize_entities($string) {
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1185	// Disarm all entities by converting & to &
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1186
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1187	$string = str_replace('&', '&', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1188
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1189	// Change back the allowed entities in our entity whitelist
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1190
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1191	$string = preg_replace_callback('/&([A-Za-z]{2,8}[0-9]{0,2});/', 'wp_kses_named_entities', $string);
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1192	$string = preg_replace_callback('/&#(0*[0-9]{1,7});/', 'wp_kses_normalize_entities2', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1193	$string = preg_replace_callback('/&#[Xx](0*[0-9A-Fa-f]{1,6});/', 'wp_kses_normalize_entities3', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1194
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1195	return $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1196	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1197
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1198	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1199	* Callback for wp_kses_normalize_entities() regular expression.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1200	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1201	* This function only accepts valid named entity references, which are finite,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1202	* case-sensitive, and highly scrutinized by HTML and XML validators.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1203	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1204	* @since 3.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1205	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1206	* @param array $matches preg_replace_callback() matches array
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1207	* @return string Correctly encoded entity
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1208	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1209	function wp_kses_named_entities($matches) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1210	global $allowedentitynames;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1211
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1212	if ( empty($matches[1]) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1213	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1214
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1215	$i = $matches[1];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1216	return ( ( ! in_array($i, $allowedentitynames) ) ? "&$i;" : "&$i;" );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1217	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1218
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1219	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1220	* Callback for wp_kses_normalize_entities() regular expression.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1221	*
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1222	* This function helps {@see wp_kses_normalize_entities()} to only accept 16-bit
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1223	* values and nothing more for `&#number;` entities.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1224	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1225	* @access private
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1226	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1227	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1228	* @param array $matches preg_replace_callback() matches array
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1229	* @return string Correctly encoded entity
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1230	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1231	function wp_kses_normalize_entities2($matches) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1232	if ( empty($matches[1]) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1233	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1234
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1235	$i = $matches[1];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1236	if (valid_unicode($i)) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1237	$i = str_pad(ltrim($i,'0'), 3, '0', STR_PAD_LEFT);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1238	$i = "&#$i;";
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1239	} else {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1240	$i = "&#$i;";
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1241	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1242
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1243	return $i;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1244	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1245
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1246	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1247	* Callback for wp_kses_normalize_entities() for regular expression.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1248	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1249	* This function helps wp_kses_normalize_entities() to only accept valid Unicode
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1250	* numeric entities in hex form.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1251	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1252	* @access private
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1253	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1254	* @param array $matches preg_replace_callback() matches array
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1255	* @return string Correctly encoded entity
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1256	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1257	function wp_kses_normalize_entities3($matches) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1258	if ( empty($matches[1]) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1259	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1260
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1261	$hexchars = $matches[1];
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1262	return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : '&#x'.ltrim($hexchars,'0').';' );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1263	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1264
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1265	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1266	* Helper function to determine if a Unicode value is valid.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1267	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1268	* @param int $i Unicode value
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1269	* @return bool True if the value was a valid Unicode number
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1270	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1271	function valid_unicode($i) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1272	return ( $i == 0x9 \|\| $i == 0xa \|\| $i == 0xd \|\|
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1273	($i >= 0x20 && $i <= 0xd7ff) \|\|
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1274	($i >= 0xe000 && $i <= 0xfffd) \|\|
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1275	($i >= 0x10000 && $i <= 0x10ffff) );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1276	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1277
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1278	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1279	* Convert all entities to their character counterparts.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1280	*
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1281	* This function decodes numeric HTML entities (`A` and `A`).
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1282	* It doesn't do anything with other entities like ä, but we don't
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1283	* need them in the URL protocol whitelisting system anyway.
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1284	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1285	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1286	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1287	* @param string $string Content to change entities
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1288	* @return string Content after decoded entities
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1289	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1290	function wp_kses_decode_entities($string) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1291	$string = preg_replace_callback('/&#([0-9]+);/', '_wp_kses_decode_entities_chr', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1292	$string = preg_replace_callback('/&#[Xx]([0-9A-Fa-f]+);/', '_wp_kses_decode_entities_chr_hexdec', $string);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1293
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1294	return $string;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1295	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1296
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1297	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1298	* Regex callback for wp_kses_decode_entities()
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1299	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1300	* @param array $match preg match
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1301	* @return string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1302	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1303	function _wp_kses_decode_entities_chr( $match ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1304	return chr( $match[1] );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1305	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1306
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1307	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1308	* Regex callback for wp_kses_decode_entities()
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1309	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1310	* @param array $match preg match
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1311	* @return string
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1312	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1313	function _wp_kses_decode_entities_chr_hexdec( $match ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1314	return chr( hexdec( $match[1] ) );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1315	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1316
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1317	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1318	* Sanitize content with allowed HTML Kses rules.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1319	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1320	* @since 1.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1321	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1322	* @param string $data Content to filter, expected to be escaped with slashes
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1323	* @return string Filtered content
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1324	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1325	function wp_filter_kses( $data ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1326	return addslashes( wp_kses( stripslashes( $data ), current_filter() ) );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1327	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1328
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1329	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1330	* Sanitize content with allowed HTML Kses rules.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1331	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1332	* @since 2.9.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1333	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1334	* @param string $data Content to filter, expected to not be escaped
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1335	* @return string Filtered content
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1336	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1337	function wp_kses_data( $data ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1338	return wp_kses( $data , current_filter() );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1339	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1340
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1341	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1342	* Sanitize content for allowed HTML tags for post content.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1343	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1344	* Post content refers to the page contents of the 'post' type and not $_POST
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1345	* data from forms.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1346	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1347	* @since 2.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1348	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1349	* @param string $data Post content to filter, expected to be escaped with slashes
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1350	* @return string Filtered post content with allowed HTML tags and attributes intact.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1351	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1352	function wp_filter_post_kses($data) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1353	return addslashes ( wp_kses( stripslashes( $data ), 'post' ) );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1354	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1355
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1356	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1357	* Sanitize content for allowed HTML tags for post content.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1358	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1359	* Post content refers to the page contents of the 'post' type and not $_POST
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1360	* data from forms.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1361	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1362	* @since 2.9.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1363	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1364	* @param string $data Post content to filter
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1365	* @return string Filtered post content with allowed HTML tags and attributes intact.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1366	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1367	function wp_kses_post($data) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1368	return wp_kses( $data , 'post' );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1369	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1370
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1371	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1372	* Strips all of the HTML in the content.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1373	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1374	* @since 2.1.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1375	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1376	* @param string $data Content to strip all HTML from
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1377	* @return string Filtered content without any HTML
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1378	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1379	function wp_filter_nohtml_kses( $data ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1380	return addslashes ( wp_kses( stripslashes( $data ), 'strip' ) );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1381	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1382
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1383	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1384	* Adds all Kses input form content filters.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1385	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1386	* All hooks have default priority. The wp_filter_kses() function is added to
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1387	* the 'pre_comment_content' and 'title_save_pre' hooks.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1388	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1389	* The wp_filter_post_kses() function is added to the 'content_save_pre',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1390	* 'excerpt_save_pre', and 'content_filtered_save_pre' hooks.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1391	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1392	* @since 2.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1393	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1394	function kses_init_filters() {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1395	// Normal filtering
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1396	add_filter('title_save_pre', 'wp_filter_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1397
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1398	// Comment filtering
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1399	if ( current_user_can( 'unfiltered_html' ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1400	add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1401	else
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1402	add_filter( 'pre_comment_content', 'wp_filter_kses' );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1403
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1404	// Post filtering
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1405	add_filter('content_save_pre', 'wp_filter_post_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1406	add_filter('excerpt_save_pre', 'wp_filter_post_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1407	add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1408	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1409
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1410	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1411	* Removes all Kses input form content filters.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1412	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1413	* A quick procedural method to removing all of the filters that kses uses for
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1414	* content in WordPress Loop.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1415	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1416	* Does not remove the kses_init() function from 'init' hook (priority is
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1417	* default). Also does not remove kses_init() function from 'set_current_user'
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1418	* hook (priority is also default).
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1419	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1420	* @since 2.0.6
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1421	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1422	function kses_remove_filters() {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1423	// Normal filtering
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1424	remove_filter('title_save_pre', 'wp_filter_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1425
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1426	// Comment filtering
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1427	remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1428	remove_filter( 'pre_comment_content', 'wp_filter_kses' );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1429
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1430	// Post filtering
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1431	remove_filter('content_save_pre', 'wp_filter_post_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1432	remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1433	remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1434	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1435
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1436	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1437	* Sets up most of the Kses filters for input form content.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1438	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1439	* If you remove the kses_init() function from 'init' hook and
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1440	* 'set_current_user' (priority is default), then none of the Kses filter hooks
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1441	* will be added.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1442	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1443	* First removes all of the Kses filters in case the current user does not need
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1444	* to have Kses filter the content. If the user does not have unfiltered_html
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1445	* capability, then Kses filters are added.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1446	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1447	* @since 2.0.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1448	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1449	function kses_init() {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1450	kses_remove_filters();
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1451
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1452	if (current_user_can('unfiltered_html') == false)
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1453	kses_init_filters();
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1454	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1455
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1456	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1457	* Inline CSS filter
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1458	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1459	* @since 2.8.1
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1460	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1461	function safecss_filter_attr( $css, $deprecated = '' ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1462	if ( !empty( $deprecated ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1463	_deprecated_argument( __FUNCTION__, '2.8.1' ); // Never implemented
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1464
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1465	$css = wp_kses_no_null($css);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1466	$css = str_replace(array("\n","\r","\t"), '', $css);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1467
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1468	if ( preg_match( '%[\\\\(&=}]\|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1469	return '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1470
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1471	$css_array = explode( ';', trim( $css ) );
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1472
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1473	/**
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1474	* Filter list of allowed CSS attributes.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1475	*
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1476	* @since 2.8.1
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1477	*
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1478	* @param array $attr List of allowed CSS attributes.
5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1479	*/
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1480	$allowed_attr = apply_filters( 'safe_style_css', array( 'text-align', 'margin', 'color', 'float',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1481	'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1482	'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1483	'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1484	'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1485	'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1486	'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1487	'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1488	'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1489	'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align',
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1490	'width' ) );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1491
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1492	if ( empty($allowed_attr) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1493	return $css;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1494
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1495	$css = '';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1496	foreach ( $css_array as $css_item ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1497	if ( $css_item == '' )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1498	continue;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1499	$css_item = trim( $css_item );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1500	$found = false;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1501	if ( strpos( $css_item, ':' ) === false ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1502	$found = true;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1503	} else {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1504	$parts = explode( ':', $css_item );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1505	if ( in_array( trim( $parts[0] ), $allowed_attr ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1506	$found = true;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1507	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1508	if ( $found ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1509	if( $css != '' )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1510	$css .= ';';
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1511	$css .= $css_item;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1512	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1513	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1514
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1515	return $css;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1516	}
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1517
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1518	/**
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1519	* Helper function to add global attributes to a tag in the allowed html list.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1520	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1521	* @since 3.5.0
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1522	* @access private
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1523	*
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1524	* @param array $value An array of attributes.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1525	* @return array The array of attributes with global attributes added.
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1526	*/
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1527	function _wp_add_global_attributes( $value ) {
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1528	$global_attributes = array(
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1529	'class' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1530	'id' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1531	'style' => true,
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1532	'title' => true,
5 5e2f62d02dcd upgrade wordpress + plugins ymh <ymh.work@gmail.com> parents: 0 diff changeset	1533	'role' => true,
0 d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1534	);
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1535
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1536	if ( true === $value )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1537	$value = array();
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1538
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1539	if ( is_array( $value ) )
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1540	return array_merge( $value, $global_attributes );
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1541
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1542	return $value;
d970ebf37754 first import ymh <ymh.work@gmail.com> parents: diff changeset	1543	}

author	ymh <ymh.work@gmail.com>
	Tue, 09 Jun 2015 03:35:32 +0200
changeset 5	5e2f62d02dcd
parent 0	d970ebf37754
child 7	cf61fcea0001
permissions	-rw-r--r--