|
1 <?php |
|
2 /** |
|
3 * Feed API: WP_SimplePie_Sanitize_KSES class |
|
4 * |
|
5 * @package WordPress |
|
6 * @subpackage Feed |
|
7 * @since 4.7.0 |
|
8 */ |
|
9 |
|
10 /** |
|
11 * Core class used to implement SimpliePie feed sanitization. |
|
12 * |
|
13 * Extends the SimplePie_Sanitize class to use KSES, because |
|
14 * we cannot universally count on DOMDocument being available. |
|
15 * |
|
16 * @since 3.5.0 |
|
17 * |
|
18 * @see SimplePie_Sanitize |
|
19 */ |
|
20 class WP_SimplePie_Sanitize_KSES extends SimplePie_Sanitize { |
|
21 |
|
22 /** |
|
23 * WordPress SimplePie sanitization using KSES. |
|
24 * |
|
25 * Sanitizes the incoming data, to ensure that it matches the type of data expected, using KSES. |
|
26 * |
|
27 * @since 3.5.0 |
|
28 * |
|
29 * @param mixed $data The data that needs to be sanitized. |
|
30 * @param integer $type The type of data that it's supposed to be. |
|
31 * @param string $base Optional. The `xml:base` value to use when converting relative |
|
32 * URLs to absolute ones. Default empty. |
|
33 * @return mixed Sanitized data. |
|
34 */ |
|
35 public function sanitize( $data, $type, $base = '' ) { |
|
36 $data = trim( $data ); |
|
37 if ( $type & SIMPLEPIE_CONSTRUCT_MAYBE_HTML ) { |
|
38 if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data)) { |
|
39 $type |= SIMPLEPIE_CONSTRUCT_HTML; |
|
40 } |
|
41 else { |
|
42 $type |= SIMPLEPIE_CONSTRUCT_TEXT; |
|
43 } |
|
44 } |
|
45 if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) { |
|
46 $data = base64_decode( $data ); |
|
47 } |
|
48 if ( $type & ( SIMPLEPIE_CONSTRUCT_HTML | SIMPLEPIE_CONSTRUCT_XHTML ) ) { |
|
49 $data = wp_kses_post( $data ); |
|
50 if ( $this->output_encoding !== 'UTF-8' ) { |
|
51 $data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) ); |
|
52 } |
|
53 return $data; |
|
54 } else { |
|
55 return parent::sanitize( $data, $type, $base ); |
|
56 } |
|
57 } |
|
58 } |