5 * @package WordPress |
5 * @package WordPress |
6 * @subpackage Feed |
6 * @subpackage Feed |
7 * @since 4.7.0 |
7 * @since 4.7.0 |
8 */ |
8 */ |
9 |
9 |
|
10 // Don't load directly. |
|
11 if ( ! defined( 'ABSPATH' ) ) { |
|
12 die( '-1' ); |
|
13 } |
|
14 |
10 /** |
15 /** |
11 * Core class used to implement SimplePie feed sanitization. |
16 * Core class used to implement SimplePie feed sanitization. |
12 * |
17 * |
13 * Extends the SimplePie_Sanitize class to use KSES, because |
18 * Extends the SimplePie\Sanitize class to use KSES, because |
14 * we cannot universally count on DOMDocument being available. |
19 * we cannot universally count on DOMDocument being available. |
15 * |
20 * |
16 * @since 3.5.0 |
21 * @since 3.5.0 |
17 */ |
22 */ |
18 #[AllowDynamicProperties] |
23 #[AllowDynamicProperties] |
19 class WP_SimplePie_Sanitize_KSES extends SimplePie_Sanitize { |
24 class WP_SimplePie_Sanitize_KSES extends SimplePie\Sanitize { |
20 |
25 |
21 /** |
26 /** |
22 * WordPress SimplePie sanitization using KSES. |
27 * WordPress SimplePie sanitization using KSES. |
23 * |
28 * |
24 * Sanitizes the incoming data, to ensure that it matches the type of data expected, using KSES. |
29 * Sanitizes the incoming data, to ensure that it matches the type of data expected, using KSES. |
31 * URLs to absolute ones. Default empty. |
36 * URLs to absolute ones. Default empty. |
32 * @return mixed Sanitized data. |
37 * @return mixed Sanitized data. |
33 */ |
38 */ |
34 public function sanitize( $data, $type, $base = '' ) { |
39 public function sanitize( $data, $type, $base = '' ) { |
35 $data = trim( $data ); |
40 $data = trim( $data ); |
36 if ( $type & SIMPLEPIE_CONSTRUCT_MAYBE_HTML ) { |
41 if ( $type & SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML ) { |
37 if ( preg_match( '/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data ) ) { |
42 if ( preg_match( '/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data ) ) { |
38 $type |= SIMPLEPIE_CONSTRUCT_HTML; |
43 $type |= SimplePie\SimplePie::CONSTRUCT_HTML; |
39 } else { |
44 } else { |
40 $type |= SIMPLEPIE_CONSTRUCT_TEXT; |
45 $type |= SimplePie\SimplePie::CONSTRUCT_TEXT; |
41 } |
46 } |
42 } |
47 } |
43 if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) { |
48 if ( $type & SimplePie\SimplePie::CONSTRUCT_BASE64 ) { |
44 $data = base64_decode( $data ); |
49 $data = base64_decode( $data ); |
45 } |
50 } |
46 if ( $type & ( SIMPLEPIE_CONSTRUCT_HTML | SIMPLEPIE_CONSTRUCT_XHTML ) ) { |
51 if ( $type & ( SimplePie\SimplePie::CONSTRUCT_HTML | \SimplePie\SimplePie::CONSTRUCT_XHTML ) ) { |
47 $data = wp_kses_post( $data ); |
52 $data = wp_kses_post( $data ); |
48 if ( 'UTF-8' !== $this->output_encoding ) { |
53 if ( 'UTF-8' !== $this->output_encoding ) { |
49 $data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) ); |
54 $data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) ); |
50 } |
55 } |
51 return $data; |
56 return $data; |