<?php

/**

 * HTML/XHTML filter that only allows some elements and attributes

 *

 * Added wp_ prefix to avoid conflicts with existing kses users

 *

 * @version 0.2.2

 * @copyright (C) 2002, 2003, 2005

 * @author Ulf Harnhammar <metaur@users.sourceforge.net>

 *

 * @package External

 * @subpackage KSES

 *

 * @internal

 * *** CONTACT INFORMATION ***

 * E-mail:      metaur at users dot sourceforge dot net

 * Web page:    http://sourceforge.net/projects/kses

 * Paper mail:  Ulf Harnhammar

 *              Ymergatan 17 C

 *              753 25  Uppsala

 *              SWEDEN

 *

 * [kses strips evil scripts!]

 */

/**

 * You can override this in your my-hacks.php file You can also override this

 * in a plugin file. The my-hacks.php is deprecated in its usage.

 *

 * @since 1.2.0

 */

if (!defined('CUSTOM_TAGS'))

	define('CUSTOM_TAGS', false);

if (!CUSTOM_TAGS) {

	/**

	 * Kses global for default allowable HTML tags.

	 *

	 * Can be override by using CUSTOM_TAGS constant.

	 *

	 * @global array $allowedposttags

	 * @since 2.0.0

	 */

	$allowedposttags = array(

		'address' => array(),

		'a' => array(

			'class' => array (),

			'href' => array (),

			'id' => array (),

			'title' => array (),

			'rel' => array (),

			'rev' => array (),

			'name' => array (),

			'target' => array()),

		'abbr' => array(

			'class' => array (),

			'title' => array ()),

		'acronym' => array(

			'title' => array ()),

		'b' => array(),

		'big' => array(),

		'blockquote' => array(

			'id' => array (),

			'cite' => array (),

			'class' => array(),

			'lang' => array(),

			'xml:lang' => array()),

		'br' => array (

			'class' => array ()),

		'button' => array(

			'disabled' => array (),

			'name' => array (),

			'type' => array (),

			'value' => array ()),

		'caption' => array(

			'align' => array (),

			'class' => array ()),

		'cite' => array (

			'class' => array(),

			'dir' => array(),

			'lang' => array(),

			'title' => array ()),

		'code' => array (

			'style' => array()),

		'col' => array(

			'align' => array (),

			'char' => array (),

			'charoff' => array (),

			'span' => array (),

			'dir' => array(),

			'style' => array (),

			'valign' => array (),

			'width' => array ()),

		'del' => array(

			'datetime' => array ()),

		'dd' => array(),

		'div' => array(

			'align' => array (),

			'class' => array (),

			'dir' => array (),

			'lang' => array(),

			'style' => array (),

			'xml:lang' => array()),

		'dl' => array(),

		'dt' => array(),

		'em' => array(),

		'fieldset' => array(),

		'font' => array(

			'color' => array (),

			'face' => array (),

			'size' => array ()),

		'form' => array(

			'action' => array (),

			'accept' => array (),

			'accept-charset' => array (),

			'enctype' => array (),

			'method' => array (),

			'name' => array (),

			'target' => array ()),

		'h1' => array(

			'align' => array (),

			'class' => array (),

			'id'    => array (),

			'style' => array ()),

		'h2' => array (

			'align' => array (),

			'class' => array (),

			'id'    => array (),

			'style' => array ()),

		'h3' => array (

			'align' => array (),

			'class' => array (),

			'id'    => array (),

			'style' => array ()),

		'h4' => array (

			'align' => array (),

			'class' => array (),

			'id'    => array (),

			'style' => array ()),

		'h5' => array (

			'align' => array (),

			'class' => array (),

			'id'    => array (),

			'style' => array ()),

		'h6' => array (

			'align' => array (),

			'class' => array (),

			'id'    => array (),

			'style' => array ()),

		'hr' => array (

			'align' => array (),

			'class' => array (),

			'noshade' => array (),

			'size' => array (),

			'width' => array ()),

		'i' => array(),

		'img' => array(

			'alt' => array (),

			'align' => array (),

			'border' => array (),

			'class' => array (),

			'height' => array (),

			'hspace' => array (),

			'longdesc' => array (),

			'vspace' => array (),

			'src' => array (),

			'style' => array (),

			'width' => array ()),

		'ins' => array(

			'datetime' => array (),

			'cite' => array ()),

		'kbd' => array(),

		'label' => array(

			'for' => array ()),

		'legend' => array(

			'align' => array ()),

		'li' => array (

			'align' => array (),

			'class' => array ()),

		'p' => array(

			'class' => array (),

			'align' => array (),

			'dir' => array(),

			'lang' => array(),

			'style' => array (),

			'xml:lang' => array()),

		'pre' => array(

			'style' => array(),

			'width' => array ()),

		'q' => array(

			'cite' => array ()),

		's' => array(),

		'span' => array (

			'class' => array (),

			'dir' => array (),

			'align' => array (),

			'lang' => array (),

			'style' => array (),

			'title' => array (),

			'xml:lang' => array()),

		'strike' => array(),

		'strong' => array(),

		'sub' => array(),

		'sup' => array(),

		'table' => array(

			'align' => array (),

			'bgcolor' => array (),

			'border' => array (),

			'cellpadding' => array (),

			'cellspacing' => array (),

			'class' => array (),

			'dir' => array(),

			'id' => array(),

			'rules' => array (),

			'style' => array (),

			'summary' => array (),

			'width' => array ()),

		'tbody' => array(

			'align' => array (),

			'char' => array (),

			'charoff' => array (),

			'valign' => array ()),

		'td' => array(

			'abbr' => array (),

			'align' => array (),

			'axis' => array (),

			'bgcolor' => array (),

			'char' => array (),

			'charoff' => array (),

			'class' => array (),

			'colspan' => array (),

			'dir' => array(),

			'headers' => array (),

			'height' => array (),

			'nowrap' => array (),

			'rowspan' => array (),

			'scope' => array (),

			'style' => array (),

			'valign' => array (),

			'width' => array ()),

		'textarea' => array(

			'cols' => array (),

			'rows' => array (),

			'disabled' => array (),

			'name' => array (),

			'readonly' => array ()),

		'tfoot' => array(

			'align' => array (),

			'char' => array (),

			'class' => array (),

			'charoff' => array (),

			'valign' => array ()),

		'th' => array(

			'abbr' => array (),

			'align' => array (),

			'axis' => array (),

			'bgcolor' => array (),

			'char' => array (),

			'charoff' => array (),

			'class' => array (),

			'colspan' => array (),

			'headers' => array (),

			'height' => array (),

			'nowrap' => array (),

			'rowspan' => array (),

			'scope' => array (),

			'valign' => array (),

			'width' => array ()),

		'thead' => array(

			'align' => array (),

			'char' => array (),

			'charoff' => array (),

			'class' => array (),

			'valign' => array ()),

		'title' => array(),

		'tr' => array(

			'align' => array (),

			'bgcolor' => array (),

			'char' => array (),

			'charoff' => array (),

			'class' => array (),

			'style' => array (),

			'valign' => array ()),

		'tt' => array(),

		'u' => array(),

		'ul' => array (

			'class' => array (),

			'style' => array (),

			'type' => array ()),

		'ol' => array (

			'class' => array (),

			'start' => array (),

			'style' => array (),

			'type' => array ()),

		'var' => array ());

	/**

	 * Kses allowed HTML elements.

	 *

	 * @global array $allowedtags

	 * @since 1.0.0

	 */

	$allowedtags = array(

		'a' => array(

			'href' => array (),

			'title' => array ()),

		'abbr' => array(

			'title' => array ()),

		'acronym' => array(

			'title' => array ()),

		'b' => array(),

		'blockquote' => array(

			'cite' => array ()),

		//	'br' => array(),

		'cite' => array (),

		'code' => array(),

		'del' => array(

			'datetime' => array ()),

		//	'dd' => array(),

		//	'dl' => array(),

		//	'dt' => array(),

		'em' => array (), 'i' => array (),

		//	'ins' => array('datetime' => array(), 'cite' => array()),

		//	'li' => array(),

		//	'ol' => array(),

		//	'p' => array(),

		'q' => array(

			'cite' => array ()),

		'strike' => array(),

		'strong' => array(),

		//	'sub' => array(),

		//	'sup' => array(),

		//	'u' => array(),

		//	'ul' => array(),

	);

}

/**

 * Filters content and keeps only allowable HTML elements.

 *

 * This function makes sure that only the allowed HTML element names, attribute

 * names and attribute values plus only sane HTML entities will occur in

 * $string. You have to remove any slashes from PHP's magic quotes before you

 * call this function.

 *

 * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',

 * 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common

 * link protocols, except for 'javascript' which should not be allowed for

 * untrusted users.

 *

 * @since 1.0.0

 *

 * @param string $string Content to filter through kses

 * @param array $allowed_html List of allowed HTML elements

 * @param array $allowed_protocols Optional. Allowed protocol in links.

 * @return string Filtered content with only allowed HTML elements

 */

function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet')) {

	$string = wp_kses_no_null($string);

	$string = wp_kses_js_entities($string);

	$string = wp_kses_normalize_entities($string);

	$allowed_html_fixed = wp_kses_array_lc($allowed_html);

	$string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook

	return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);

}

/**

 * You add any kses hooks here.

 *

 * There is currently only one kses WordPress hook and it is called here. All

 * parameters are passed to the hooks and expected to recieve a string.

 *

 * @since 1.0.0

 *

 * @param string $string Content to filter through kses

 * @param array $allowed_html List of allowed HTML elements

 * @param array $allowed_protocols Allowed protocol in links

 * @return string Filtered content through 'pre_kses' hook

 */

function wp_kses_hook($string, $allowed_html, $allowed_protocols) {

	$string = apply_filters('pre_kses', $string, $allowed_html, $allowed_protocols);

	return $string;

}

/**

 * This function returns kses' version number.

 *

 * @since 1.0.0

 *

 * @return string KSES Version Number

 */

function wp_kses_version() {

	return '0.2.2';

}

/**

 * Searches for HTML tags, no matter how malformed.

 *

 * It also matches stray ">" characters.

 *

 * @since 1.0.0

 *

 * @param string $string Content to filter

 * @param array $allowed_html Allowed HTML elements

 * @param array $allowed_protocols Allowed protocols to keep

 * @return string Content with fixed HTML tags

 */

function wp_kses_split($string, $allowed_html, $allowed_protocols) {

	global $pass_allowed_html, $pass_allowed_protocols;

	$pass_allowed_html = $allowed_html;

	$pass_allowed_protocols = $allowed_protocols;

	return preg_replace_callback('%((<!--.*?(-->|$))|(<[^>]*(>|$)|>))%',

		create_function('$match', 'global $pass_allowed_html, $pass_allowed_protocols; return wp_kses_split2($match[1], $pass_allowed_html, $pass_allowed_protocols);'), $string);

}

/**

 * Callback for wp_kses_split for fixing malformed HTML tags.

 *

 * This function does a lot of work. It rejects some very malformed things like

 * <:::>. It returns an empty string, if the element isn't allowed (look ma, no

 * strip_tags()!). Otherwise it splits the tag into an element and an attribute

 * list.

 *

 * After the tag is split into an element and an attribute list, it is run

 * through another filter which will remove illegal attributes and once that is

 * completed, will be returned.

 *

 * @access private

 * @since 1.0.0

 * @uses wp_kses_attr()

 *

 * @param string $string Content to filter

 * @param array $allowed_html Allowed HTML elements

 * @param array $allowed_protocols Allowed protocols to keep

 * @return string Fixed HTML element

 */