| changeset 204 | 09a1c134465b |
| parent 194 | 32102edaa81b |
| 203:f507feede89a | 204:09a1c134465b |
|---|---|
31 * |
31 * |
32 */ |
32 */ |
33 |
33 |
34 /** |
34 /** |
35 * You can override this in a plugin. |
35 * You can override this in a plugin. |
36 * |
|
37 * The wp_kses_allowed_html filter is more powerful and supplies context. |
|
38 * CUSTOM_TAGS is not recommended and should be considered deprecated. |
|
39 * |
|
40 * @see wp_kses_allowed_html() |
|
36 * |
41 * |
37 * @since 1.2.0 |
42 * @since 1.2.0 |
38 */ |
43 */ |
39 if ( ! defined( 'CUSTOM_TAGS' ) ) |
44 if ( ! defined( 'CUSTOM_TAGS' ) ) |
40 define( 'CUSTOM_TAGS', false ); |
45 define( 'CUSTOM_TAGS', false ); |
49 * @since 2.0.0 |
54 * @since 2.0.0 |
50 */ |
55 */ |
51 $allowedposttags = array( |
56 $allowedposttags = array( |
52 'address' => array(), |
57 'address' => array(), |
53 'a' => array( |
58 'a' => array( |
54 'class' => true, |
|
55 'href' => true, |
59 'href' => true, |
56 'id' => true, |
|
57 'title' => true, |
|
58 'rel' => true, |
60 'rel' => true, |
59 'rev' => true, |
61 'rev' => true, |
60 'name' => true, |
62 'name' => true, |
61 'target' => true, |
63 'target' => true, |
62 ), |
64 ), |
63 'abbr' => array( |
65 'abbr' => array(), |
64 'class' => true, |
66 'acronym' => array(), |
65 'title' => true, |
67 'area' => array( |
66 ), |
68 'alt' => true, |
67 'acronym' => array( |
69 'coords' => true, |
68 'title' => true, |
70 'href' => true, |
71 'nohref' => true, |
|
72 'shape' => true, |
|
73 'target' => true, |
|
69 ), |
74 ), |
70 'article' => array( |
75 'article' => array( |
71 'align' => true, |
76 'align' => true, |
72 'class' => true, |
77 'dir' => true, |
73 'dir' => true, |
78 'lang' => true, |
74 'lang' => true, |
|
75 'style' => true, |
|
76 'xml:lang' => true, |
79 'xml:lang' => true, |
77 ), |
80 ), |
78 'aside' => array( |
81 'aside' => array( |
79 'align' => true, |
82 'align' => true, |
80 'class' => true, |
83 'dir' => true, |
81 'dir' => true, |
84 'lang' => true, |
82 'lang' => true, |
|
83 'style' => true, |
|
84 'xml:lang' => true, |
85 'xml:lang' => true, |
85 ), |
86 ), |
86 'b' => array(), |
87 'b' => array(), |
87 'big' => array(), |
88 'big' => array(), |
88 'blockquote' => array( |
89 'blockquote' => array( |
89 'id' => true, |
|
90 'cite' => true, |
90 'cite' => true, |
91 'class' => true, |
|
92 'lang' => true, |
91 'lang' => true, |
93 'xml:lang' => true, |
92 'xml:lang' => true, |
94 ), |
93 ), |
95 'br' => array ( |
94 'br' => array(), |
96 'class' => true, |
|
97 ), |
|
98 'button' => array( |
95 'button' => array( |
99 'disabled' => true, |
96 'disabled' => true, |
100 'name' => true, |
97 'name' => true, |
101 'type' => true, |
98 'type' => true, |
102 'value' => true, |
99 'value' => true, |
103 ), |
100 ), |
104 'caption' => array( |
101 'caption' => array( |
105 'align' => true, |
102 'align' => true, |
106 'class' => true, |
103 ), |
107 ), |
104 'cite' => array( |
108 'cite' => array ( |
105 'dir' => true, |
109 'class' => true, |
106 'lang' => true, |
110 'dir' => true, |
107 ), |
111 'lang' => true, |
108 'code' => array(), |
112 'title' => true, |
|
113 ), |
|
114 'code' => array ( |
|
115 'style' => true, |
|
116 ), |
|
117 'col' => array( |
109 'col' => array( |
118 'align' => true, |
110 'align' => true, |
119 'char' => true, |
111 'char' => true, |
120 'charoff' => true, |
112 'charoff' => true, |
121 'span' => true, |
113 'span' => true, |
122 'dir' => true, |
114 'dir' => true, |
123 'style' => true, |
|
124 'valign' => true, |
115 'valign' => true, |
125 'width' => true, |
116 'width' => true, |
126 ), |
117 ), |
127 'del' => array( |
118 'del' => array( |
128 'datetime' => true, |
119 'datetime' => true, |
129 ), |
120 ), |
130 'dd' => array(), |
121 'dd' => array(), |
131 'details' => array( |
122 'details' => array( |
132 'align' => true, |
123 'align' => true, |
133 'class' => true, |
|
134 'dir' => true, |
124 'dir' => true, |
135 'lang' => true, |
125 'lang' => true, |
136 'open' => true, |
126 'open' => true, |
137 'style' => true, |
|
138 'xml:lang' => true, |
127 'xml:lang' => true, |
139 ), |
128 ), |
140 'div' => array( |
129 'div' => array( |
141 'align' => true, |
130 'align' => true, |
142 'class' => true, |
131 'dir' => true, |
143 'dir' => true, |
132 'lang' => true, |
144 'lang' => true, |
|
145 'style' => true, |
|
146 'xml:lang' => true, |
133 'xml:lang' => true, |
147 ), |
134 ), |
148 'dl' => array(), |
135 'dl' => array(), |
149 'dt' => array(), |
136 'dt' => array(), |
150 'em' => array(), |
137 'em' => array(), |
151 'fieldset' => array(), |
138 'fieldset' => array(), |
152 'figure' => array( |
139 'figure' => array( |
153 'align' => true, |
140 'align' => true, |
154 'class' => true, |
141 'dir' => true, |
155 'dir' => true, |
142 'lang' => true, |
156 'lang' => true, |
|
157 'style' => true, |
|
158 'xml:lang' => true, |
143 'xml:lang' => true, |
159 ), |
144 ), |
160 'figcaption' => array( |
145 'figcaption' => array( |
161 'align' => true, |
146 'align' => true, |
162 'class' => true, |
147 'dir' => true, |
163 'dir' => true, |
148 'lang' => true, |
164 'lang' => true, |
|
165 'style' => true, |
|
166 'xml:lang' => true, |
149 'xml:lang' => true, |
167 ), |
150 ), |
168 'font' => array( |
151 'font' => array( |
169 'color' => true, |
152 'color' => true, |
170 'face' => true, |
153 'face' => true, |
171 'size' => true, |
154 'size' => true, |
172 ), |
155 ), |
173 'footer' => array( |
156 'footer' => array( |
174 'align' => true, |
157 'align' => true, |
175 'class' => true, |
158 'dir' => true, |
176 'dir' => true, |
159 'lang' => true, |
177 'lang' => true, |
|
178 'style' => true, |
|
179 'xml:lang' => true, |
160 'xml:lang' => true, |
180 ), |
161 ), |
181 'form' => array( |
162 'form' => array( |
182 'action' => true, |
163 'action' => true, |
183 'accept' => true, |
164 'accept' => true, |
187 'name' => true, |
168 'name' => true, |
188 'target' => true, |
169 'target' => true, |
189 ), |
170 ), |
190 'h1' => array( |
171 'h1' => array( |
191 'align' => true, |
172 'align' => true, |
192 'class' => true, |
173 ), |
193 'id' => true, |
174 'h2' => array( |
194 'style' => true, |
175 'align' => true, |
195 ), |
176 ), |
196 'h2' => array ( |
177 'h3' => array( |
197 'align' => true, |
178 'align' => true, |
198 'class' => true, |
179 ), |
199 'id' => true, |
180 'h4' => array( |
200 'style' => true, |
181 'align' => true, |
201 ), |
182 ), |
202 'h3' => array ( |
183 'h5' => array( |
203 'align' => true, |
184 'align' => true, |
204 'class' => true, |
185 ), |
205 'id' => true, |
186 'h6' => array( |
206 'style' => true, |
187 'align' => true, |
207 ), |
|
208 'h4' => array ( |
|
209 'align' => true, |
|
210 'class' => true, |
|
211 'id' => true, |
|
212 'style' => true, |
|
213 ), |
|
214 'h5' => array ( |
|
215 'align' => true, |
|
216 'class' => true, |
|
217 'id' => true, |
|
218 'style' => true, |
|
219 ), |
|
220 'h6' => array ( |
|
221 'align' => true, |
|
222 'class' => true, |
|
223 'id' => true, |
|
224 'style' => true, |
|
225 ), |
188 ), |
226 'header' => array( |
189 'header' => array( |
227 'align' => true, |
190 'align' => true, |
228 'class' => true, |
191 'dir' => true, |
229 'dir' => true, |
192 'lang' => true, |
230 'lang' => true, |
|
231 'style' => true, |
|
232 'xml:lang' => true, |
193 'xml:lang' => true, |
233 ), |
194 ), |
234 'hgroup' => array( |
195 'hgroup' => array( |
235 'align' => true, |
196 'align' => true, |
236 'class' => true, |
197 'dir' => true, |
237 'dir' => true, |
198 'lang' => true, |
238 'lang' => true, |
|
239 'style' => true, |
|
240 'xml:lang' => true, |
199 'xml:lang' => true, |
241 ), |
200 ), |
242 'hr' => array ( |
201 'hr' => array( |
243 'align' => true, |
202 'align' => true, |
244 'class' => true, |
|
245 'noshade' => true, |
203 'noshade' => true, |
246 'size' => true, |
204 'size' => true, |
247 'width' => true, |
205 'width' => true, |
248 ), |
206 ), |
249 'i' => array(), |
207 'i' => array(), |
250 'img' => array( |
208 'img' => array( |
251 'alt' => true, |
209 'alt' => true, |
252 'align' => true, |
210 'align' => true, |
253 'border' => true, |
211 'border' => true, |
254 'class' => true, |
|
255 'height' => true, |
212 'height' => true, |
256 'hspace' => true, |
213 'hspace' => true, |
257 'longdesc' => true, |
214 'longdesc' => true, |
258 'vspace' => true, |
215 'vspace' => true, |
259 'src' => true, |
216 'src' => true, |
260 'style' => true, |
217 'usemap' => true, |
261 'width' => true, |
218 'width' => true, |
262 ), |
219 ), |
263 'ins' => array( |
220 'ins' => array( |
264 'datetime' => true, |
221 'datetime' => true, |
265 'cite' => true, |
222 'cite' => true, |
269 'for' => true, |
226 'for' => true, |
270 ), |
227 ), |
271 'legend' => array( |
228 'legend' => array( |
272 'align' => true, |
229 'align' => true, |
273 ), |
230 ), |
274 'li' => array ( |
231 'li' => array( |
275 'align' => true, |
232 'align' => true, |
276 'class' => true, |
233 ), |
277 ), |
234 'map' => array( |
278 'menu' => array ( |
235 'name' => true, |
279 'class' => true, |
236 ), |
280 'style' => true, |
237 'menu' => array( |
281 'type' => true, |
238 'type' => true, |
282 ), |
239 ), |
283 'nav' => array( |
240 'nav' => array( |
284 'align' => true, |
241 'align' => true, |
285 'class' => true, |
242 'dir' => true, |
286 'dir' => true, |
243 'lang' => true, |
287 'lang' => true, |
|
288 'style' => true, |
|
289 'xml:lang' => true, |
244 'xml:lang' => true, |
290 ), |
245 ), |
291 'p' => array( |
246 'p' => array( |
292 'class' => true, |
247 'align' => true, |
293 'align' => true, |
248 'dir' => true, |
294 'dir' => true, |
249 'lang' => true, |
295 'lang' => true, |
|
296 'style' => true, |
|
297 'xml:lang' => true, |
250 'xml:lang' => true, |
298 ), |
251 ), |
299 'pre' => array( |
252 'pre' => array( |
300 'style' => true, |
|
301 'width' => true, |
253 'width' => true, |
302 ), |
254 ), |
303 'q' => array( |
255 'q' => array( |
304 'cite' => true, |
256 'cite' => true, |
305 ), |
257 ), |
306 's' => array(), |
258 's' => array(), |
307 'span' => array ( |
259 'span' => array( |
308 'class' => true, |
260 'dir' => true, |
309 'dir' => true, |
261 'align' => true, |
310 'align' => true, |
262 'lang' => true, |
311 'lang' => true, |
|
312 'style' => true, |
|
313 'title' => true, |
|
314 'xml:lang' => true, |
263 'xml:lang' => true, |
315 ), |
264 ), |
316 'section' => array( |
265 'section' => array( |
317 'align' => true, |
266 'align' => true, |
318 'class' => true, |
267 'dir' => true, |
319 'dir' => true, |
268 'lang' => true, |
320 'lang' => true, |
|
321 'style' => true, |
|
322 'xml:lang' => true, |
269 'xml:lang' => true, |
323 ), |
270 ), |
271 'small' => array(), |
|
324 'strike' => array(), |
272 'strike' => array(), |
325 'strong' => array(), |
273 'strong' => array(), |
326 'sub' => array(), |
274 'sub' => array(), |
327 'summary' => array( |
275 'summary' => array( |
328 'align' => true, |
276 'align' => true, |
329 'class' => true, |
277 'dir' => true, |
330 'dir' => true, |
278 'lang' => true, |
331 'lang' => true, |
|
332 'style' => true, |
|
333 'xml:lang' => true, |
279 'xml:lang' => true, |
334 ), |
280 ), |
335 'sup' => array(), |
281 'sup' => array(), |
336 'table' => array( |
282 'table' => array( |
337 'align' => true, |
283 'align' => true, |
338 'bgcolor' => true, |
284 'bgcolor' => true, |
339 'border' => true, |
285 'border' => true, |
340 'cellpadding' => true, |
286 'cellpadding' => true, |
341 'cellspacing' => true, |
287 'cellspacing' => true, |
342 'class' => true, |
288 'dir' => true, |
343 'dir' => true, |
|
344 'id' => true, |
|
345 'rules' => true, |
289 'rules' => true, |
346 'style' => true, |
|
347 'summary' => true, |
290 'summary' => true, |
348 'width' => true, |
291 'width' => true, |
349 ), |
292 ), |
350 'tbody' => array( |
293 'tbody' => array( |
351 'align' => true, |
294 'align' => true, |
358 'align' => true, |
301 'align' => true, |
359 'axis' => true, |
302 'axis' => true, |
360 'bgcolor' => true, |
303 'bgcolor' => true, |
361 'char' => true, |
304 'char' => true, |
362 'charoff' => true, |
305 'charoff' => true, |
363 'class' => true, |
|
364 'colspan' => true, |
306 'colspan' => true, |
365 'dir' => true, |
307 'dir' => true, |
366 'headers' => true, |
308 'headers' => true, |
367 'height' => true, |
309 'height' => true, |
368 'nowrap' => true, |
310 'nowrap' => true, |
369 'rowspan' => true, |
311 'rowspan' => true, |
370 'scope' => true, |
312 'scope' => true, |
371 'style' => true, |
|
372 'valign' => true, |
313 'valign' => true, |
373 'width' => true, |
314 'width' => true, |
374 ), |
315 ), |
375 'textarea' => array( |
316 'textarea' => array( |
376 'cols' => true, |
317 'cols' => true, |
380 'readonly' => true, |
321 'readonly' => true, |
381 ), |
322 ), |
382 'tfoot' => array( |
323 'tfoot' => array( |
383 'align' => true, |
324 'align' => true, |
384 'char' => true, |
325 'char' => true, |
385 'class' => true, |
|
386 'charoff' => true, |
326 'charoff' => true, |
387 'valign' => true, |
327 'valign' => true, |
388 ), |
328 ), |
389 'th' => array( |
329 'th' => array( |
390 'abbr' => true, |
330 'abbr' => true, |
391 'align' => true, |
331 'align' => true, |
392 'axis' => true, |
332 'axis' => true, |
393 'bgcolor' => true, |
333 'bgcolor' => true, |
394 'char' => true, |
334 'char' => true, |
395 'charoff' => true, |
335 'charoff' => true, |
396 'class' => true, |
|
397 'colspan' => true, |
336 'colspan' => true, |
398 'headers' => true, |
337 'headers' => true, |
399 'height' => true, |
338 'height' => true, |
400 'nowrap' => true, |
339 'nowrap' => true, |
401 'rowspan' => true, |
340 'rowspan' => true, |
405 ), |
344 ), |
406 'thead' => array( |
345 'thead' => array( |
407 'align' => true, |
346 'align' => true, |
408 'char' => true, |
347 'char' => true, |
409 'charoff' => true, |
348 'charoff' => true, |
410 'class' => true, |
|
411 'valign' => true, |
349 'valign' => true, |
412 ), |
350 ), |
413 'title' => array(), |
351 'title' => array(), |
414 'tr' => array( |
352 'tr' => array( |
415 'align' => true, |
353 'align' => true, |
416 'bgcolor' => true, |
354 'bgcolor' => true, |
417 'char' => true, |
355 'char' => true, |
418 'charoff' => true, |
356 'charoff' => true, |
419 'class' => true, |
|
420 'style' => true, |
|
421 'valign' => true, |
357 'valign' => true, |
422 ), |
358 ), |
423 'tt' => array(), |
359 'tt' => array(), |
424 'u' => array(), |
360 'u' => array(), |
425 'ul' => array ( |
361 'ul' => array( |
426 'class' => true, |
|
427 'style' => true, |
|
428 'type' => true, |
362 'type' => true, |
429 ), |
363 ), |
430 'ol' => array ( |
364 'ol' => array( |
431 'class' => true, |
|
432 'start' => true, |
365 'start' => true, |
433 'style' => true, |
|
434 'type' => true, |
366 'type' => true, |
435 ), |
367 ), |
436 'var' => array(), |
368 'var' => array(), |
437 ); |
369 ); |
438 |
370 |
455 ), |
387 ), |
456 'b' => array(), |
388 'b' => array(), |
457 'blockquote' => array( |
389 'blockquote' => array( |
458 'cite' => true, |
390 'cite' => true, |
459 ), |
391 ), |
460 // 'br' => array(), |
|
461 'cite' => array(), |
392 'cite' => array(), |
462 'code' => array(), |
393 'code' => array(), |
463 'del' => array( |
394 'del' => array( |
464 'datetime' => true, |
395 'datetime' => true, |
465 ), |
396 ), |
466 // 'dd' => array(), |
397 'em' => array(), |
467 // 'dl' => array(), |
398 'i' => array(), |
468 // 'dt' => array(), |
|
469 'em' => array (), 'i' => array (), |
|
470 // 'ins' => array('datetime' => array(), 'cite' => array()), |
|
471 // 'li' => array(), |
|
472 // 'ol' => array(), |
|
473 // 'p' => array(), |
|
474 'q' => array( |
399 'q' => array( |
475 'cite' => true, |
400 'cite' => true, |
476 ), |
401 ), |
477 'strike' => array(), |
402 'strike' => array(), |
478 'strong' => array(), |
403 'strong' => array(), |
479 // 'sub' => array(), |
|
480 // 'sup' => array(), |
|
481 // 'u' => array(), |
|
482 // 'ul' => array(), |
|
483 ); |
404 ); |
484 |
405 |
485 $allowedentitynames = array( |
406 $allowedentitynames = array( |
486 'nbsp', 'iexcl', 'cent', 'pound', 'curren', 'yen', |
407 'nbsp', 'iexcl', 'cent', 'pound', 'curren', 'yen', |
487 'brvbar', 'sect', 'uml', 'copy', 'ordf', 'laquo', |
408 'brvbar', 'sect', 'uml', 'copy', 'ordf', 'laquo', |
523 'ne', 'equiv', 'le', 'ge', 'sub', 'sup', |
444 'ne', 'equiv', 'le', 'ge', 'sub', 'sup', |
524 'nsub', 'sube', 'supe', 'oplus', 'otimes', 'perp', |
445 'nsub', 'sube', 'supe', 'oplus', 'otimes', 'perp', |
525 'sdot', 'lceil', 'rceil', 'lfloor', 'rfloor', 'lang', |
446 'sdot', 'lceil', 'rceil', 'lfloor', 'rfloor', 'lang', |
526 'rang', 'loz', 'spades', 'clubs', 'hearts', 'diams', |
447 'rang', 'loz', 'spades', 'clubs', 'hearts', 'diams', |
527 ); |
448 ); |
449 |
|
450 $allowedposttags = array_map( '_wp_add_global_attributes', $allowedposttags ); |
|
451 } else { |
|
452 $allowedtags = wp_kses_array_lc( $allowedtags ); |
|
453 $allowedposttags = wp_kses_array_lc( $allowedposttags ); |
|
528 } |
454 } |
529 |
455 |
530 /** |
456 /** |
531 * Filters content and keeps only allowable HTML elements. |
457 * Filters content and keeps only allowable HTML elements. |
532 * |
458 * |
545 * @param string $string Content to filter through kses |
471 * @param string $string Content to filter through kses |
546 * @param array $allowed_html List of allowed HTML elements |
472 * @param array $allowed_html List of allowed HTML elements |
547 * @param array $allowed_protocols Optional. Allowed protocol in links. |
473 * @param array $allowed_protocols Optional. Allowed protocol in links. |
548 * @return string Filtered content with only allowed HTML elements |
474 * @return string Filtered content with only allowed HTML elements |
549 */ |
475 */ |
550 function wp_kses($string, $allowed_html, $allowed_protocols = array ()) { |
476 function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) { |
551 if ( empty( $allowed_protocols ) ) |
477 if ( empty( $allowed_protocols ) ) |
552 $allowed_protocols = wp_allowed_protocols(); |
478 $allowed_protocols = wp_allowed_protocols(); |
553 $string = wp_kses_no_null($string); |
479 $string = wp_kses_no_null($string); |
554 $string = wp_kses_js_entities($string); |
480 $string = wp_kses_js_entities($string); |
555 $string = wp_kses_normalize_entities($string); |
481 $string = wp_kses_normalize_entities($string); |
556 $allowed_html_fixed = wp_kses_array_lc($allowed_html); |
482 $string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook |
557 $string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook |
483 return wp_kses_split($string, $allowed_html, $allowed_protocols); |
558 return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols); |
484 } |
485 |
|
486 /** |
|
487 * Return a list of allowed tags and attributes for a given context. |
|
488 * |
|
489 * @since 3.5.0 |
|
490 * |
|
491 * @param string $context The context for which to retrieve tags. Allowed values are |
|
492 * post | strip | data | entities or the name of a field filter such as pre_user_description. |
|
493 * @return array List of allowed tags and their allowed attributes. |
|
494 */ |
|
495 function wp_kses_allowed_html( $context = '' ) { |
|
496 global $allowedposttags, $allowedtags, $allowedentitynames; |
|
497 |
|
498 if ( is_array( $context ) ) |
|
499 return apply_filters( 'wp_kses_allowed_html', $context, 'explicit' ); |
|
500 |
|
501 switch ( $context ) { |
|
502 case 'post': |
|
503 return apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context ); |
|
504 break; |
|
505 case 'user_description': |
|
506 case 'pre_user_description': |
|
507 $tags = $allowedtags; |
|
508 $tags['a']['rel'] = true; |
|
509 return apply_filters( 'wp_kses_allowed_html', $tags, $context ); |
|
510 break; |
|
511 case 'strip': |
|
512 return apply_filters( 'wp_kses_allowed_html', array(), $context ); |
|
513 break; |
|
514 case 'entities': |
|
515 return apply_filters( 'wp_kses_allowed_html', $allowedentitynames, $context); |
|
516 break; |
|
517 case 'data': |
|
518 default: |
|
519 return apply_filters( 'wp_kses_allowed_html', $allowedtags, $context ); |
|
520 } |
|
559 } |
521 } |
560 |
522 |
561 /** |
523 /** |
562 * You add any kses hooks here. |
524 * You add any kses hooks here. |
563 * |
525 * |
569 * @param string $string Content to filter through kses |
531 * @param string $string Content to filter through kses |
570 * @param array $allowed_html List of allowed HTML elements |
532 * @param array $allowed_html List of allowed HTML elements |
571 * @param array $allowed_protocols Allowed protocol in links |
533 * @param array $allowed_protocols Allowed protocol in links |
572 * @return string Filtered content through 'pre_kses' hook |
534 * @return string Filtered content through 'pre_kses' hook |
573 */ |
535 */ |
574 function wp_kses_hook($string, $allowed_html, $allowed_protocols) { |
536 function wp_kses_hook( $string, $allowed_html, $allowed_protocols ) { |
575 $string = apply_filters('pre_kses', $string, $allowed_html, $allowed_protocols); |
537 $string = apply_filters('pre_kses', $string, $allowed_html, $allowed_protocols); |
576 return $string; |
538 return $string; |
577 } |
539 } |
578 |
540 |
579 /** |
541 /** |
597 * @param string $string Content to filter |
559 * @param string $string Content to filter |
598 * @param array $allowed_html Allowed HTML elements |
560 * @param array $allowed_html Allowed HTML elements |
599 * @param array $allowed_protocols Allowed protocols to keep |
561 * @param array $allowed_protocols Allowed protocols to keep |
600 * @return string Content with fixed HTML tags |
562 * @return string Content with fixed HTML tags |
601 */ |
563 */ |
602 function wp_kses_split($string, $allowed_html, $allowed_protocols) { |
564 function wp_kses_split( $string, $allowed_html, $allowed_protocols ) { |
603 global $pass_allowed_html, $pass_allowed_protocols; |
565 global $pass_allowed_html, $pass_allowed_protocols; |
604 $pass_allowed_html = $allowed_html; |
566 $pass_allowed_html = $allowed_html; |
605 $pass_allowed_protocols = $allowed_protocols; |
567 $pass_allowed_protocols = $allowed_protocols; |
606 return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string ); |
568 return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string ); |
607 } |
569 } |
665 |
627 |
666 $slash = trim($matches[1]); |
628 $slash = trim($matches[1]); |
667 $elem = $matches[2]; |
629 $elem = $matches[2]; |
668 $attrlist = $matches[3]; |
630 $attrlist = $matches[3]; |
669 |
631 |
632 if ( ! is_array( $allowed_html ) ) |
|
633 $allowed_html = wp_kses_allowed_html( $allowed_html ); |
|
634 |
|
670 if ( ! isset($allowed_html[strtolower($elem)]) ) |
635 if ( ! isset($allowed_html[strtolower($elem)]) ) |
671 return ''; |
636 return ''; |
672 # They are using a not allowed HTML element |
637 # They are using a not allowed HTML element |
673 |
638 |
674 if ($slash != '') |
639 if ($slash != '') |
695 * @param array $allowed_protocols Allowed protocols to keep |
660 * @param array $allowed_protocols Allowed protocols to keep |
696 * @return string Sanitized HTML element |
661 * @return string Sanitized HTML element |
697 */ |
662 */ |
698 function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) { |
663 function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) { |
699 # Is there a closing XHTML slash at the end of the attributes? |
664 # Is there a closing XHTML slash at the end of the attributes? |
665 |
|
666 if ( ! is_array( $allowed_html ) ) |
|
667 $allowed_html = wp_kses_allowed_html( $allowed_html ); |
|
700 |
668 |
701 $xhtml_slash = ''; |
669 $xhtml_slash = ''; |
702 if (preg_match('%\s*/\s*$%', $attr)) |
670 if (preg_match('%\s*/\s*$%', $attr)) |
703 $xhtml_slash = ' /'; |
671 $xhtml_slash = ' /'; |
704 |
672 |
774 * @param string $attr Attribute list from HTML element to closing HTML element tag |
742 * @param string $attr Attribute list from HTML element to closing HTML element tag |
775 * @param array $allowed_protocols Allowed protocols to keep |
743 * @param array $allowed_protocols Allowed protocols to keep |
776 * @return array List of attributes after parsing |
744 * @return array List of attributes after parsing |
777 */ |
745 */ |
778 function wp_kses_hair($attr, $allowed_protocols) { |
746 function wp_kses_hair($attr, $allowed_protocols) { |
779 $attrarr = array (); |
747 $attrarr = array(); |
780 $mode = 0; |
748 $mode = 0; |
781 $attrname = ''; |
749 $attrname = ''; |
782 $uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action'); |
750 $uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action'); |
783 |
751 |
784 # Loop through the whole attribute list |
752 # Loop through the whole attribute list |
1283 * @uses $allowedtags |
1251 * @uses $allowedtags |
1284 * |
1252 * |
1285 * @param string $data Content to filter, expected to be escaped with slashes |
1253 * @param string $data Content to filter, expected to be escaped with slashes |
1286 * @return string Filtered content |
1254 * @return string Filtered content |
1287 */ |
1255 */ |
1288 function wp_filter_kses($data) { |
1256 function wp_filter_kses( $data ) { |
1289 global $allowedtags; |
1257 return addslashes( wp_kses( stripslashes( $data ), current_filter() ) ); |
1290 return addslashes( wp_kses(stripslashes( $data ), $allowedtags) ); |
|
1291 } |
1258 } |
1292 |
1259 |
1293 /** |
1260 /** |
1294 * Sanitize content with allowed HTML Kses rules. |
1261 * Sanitize content with allowed HTML Kses rules. |
1295 * |
1262 * |
1297 * @uses $allowedtags |
1264 * @uses $allowedtags |
1298 * |
1265 * |
1299 * @param string $data Content to filter, expected to not be escaped |
1266 * @param string $data Content to filter, expected to not be escaped |
1300 * @return string Filtered content |
1267 * @return string Filtered content |
1301 */ |
1268 */ |
1302 function wp_kses_data($data) { |
1269 function wp_kses_data( $data ) { |
1303 global $allowedtags; |
1270 return wp_kses( $data , current_filter() ); |
1304 return wp_kses( $data , $allowedtags ); |
|
1305 } |
1271 } |
1306 |
1272 |
1307 /** |
1273 /** |
1308 * Sanitize content for allowed HTML tags for post content. |
1274 * Sanitize content for allowed HTML tags for post content. |
1309 * |
1275 * |
1310 * Post content refers to the page contents of the 'post' type and not $_POST |
1276 * Post content refers to the page contents of the 'post' type and not $_POST |
1311 * data from forms. |
1277 * data from forms. |
1312 * |
1278 * |
1313 * @since 2.0.0 |
1279 * @since 2.0.0 |
1314 * @uses $allowedposttags |
|
1315 * |
1280 * |
1316 * @param string $data Post content to filter, expected to be escaped with slashes |
1281 * @param string $data Post content to filter, expected to be escaped with slashes |
1317 * @return string Filtered post content with allowed HTML tags and attributes intact. |
1282 * @return string Filtered post content with allowed HTML tags and attributes intact. |
1318 */ |
1283 */ |
1319 function wp_filter_post_kses($data) { |
1284 function wp_filter_post_kses($data) { |
1320 global $allowedposttags; |
1285 return addslashes ( wp_kses( stripslashes( $data ), 'post' ) ); |
1321 return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) ); |
|
1322 } |
1286 } |
1323 |
1287 |
1324 /** |
1288 /** |
1325 * Sanitize content for allowed HTML tags for post content. |
1289 * Sanitize content for allowed HTML tags for post content. |
1326 * |
1290 * |
1327 * Post content refers to the page contents of the 'post' type and not $_POST |
1291 * Post content refers to the page contents of the 'post' type and not $_POST |
1328 * data from forms. |
1292 * data from forms. |
1329 * |
1293 * |
1330 * @since 2.9.0 |
1294 * @since 2.9.0 |
1331 * @uses $allowedposttags |
|
1332 * |
1295 * |
1333 * @param string $data Post content to filter |
1296 * @param string $data Post content to filter |
1334 * @return string Filtered post content with allowed HTML tags and attributes intact. |
1297 * @return string Filtered post content with allowed HTML tags and attributes intact. |
1335 */ |
1298 */ |
1336 function wp_kses_post($data) { |
1299 function wp_kses_post($data) { |
1337 global $allowedposttags; |
1300 return wp_kses( $data , 'post' ); |
1338 return wp_kses( $data , $allowedposttags ); |
|
1339 } |
1301 } |
1340 |
1302 |
1341 /** |
1303 /** |
1342 * Strips all of the HTML in the content. |
1304 * Strips all of the HTML in the content. |
1343 * |
1305 * |
1344 * @since 2.1.0 |
1306 * @since 2.1.0 |
1345 * |
1307 * |
1346 * @param string $data Content to strip all HTML from |
1308 * @param string $data Content to strip all HTML from |
1347 * @return string Filtered content without any HTML |
1309 * @return string Filtered content without any HTML |
1348 */ |
1310 */ |
1349 function wp_filter_nohtml_kses($data) { |
1311 function wp_filter_nohtml_kses( $data ) { |
1350 return addslashes ( wp_kses(stripslashes( $data ), array()) ); |
1312 return addslashes ( wp_kses( stripslashes( $data ), 'strip' ) ); |
1351 } |
1313 } |
1352 |
1314 |
1353 /** |
1315 /** |
1354 * Adds all Kses input form content filters. |
1316 * Adds all Kses input form content filters. |
1355 * |
1317 * |
1481 } |
1443 } |
1482 } |
1444 } |
1483 |
1445 |
1484 return $css; |
1446 return $css; |
1485 } |
1447 } |
1448 |
|
1449 /** |
|
1450 * Helper function to add global attributes to a tag in the allowed html list. |
|
1451 * |
|
1452 * @since 3.5.0 |
|
1453 * @access private |
|
1454 * |
|
1455 * @param array $value An array of attributes. |
|
1456 * @return array The array of attributes with global attributes added. |
|
1457 */ |
|
1458 function _wp_add_global_attributes( $value ) { |
|
1459 $global_attributes = array( |
|
1460 'class' => true, |
|
1461 'id' => true, |
|
1462 'style' => true, |
|
1463 'title' => true, |
|
1464 ); |
|
1465 |
|
1466 if ( true === $value ) |
|
1467 $value = array(); |
|
1468 |
|
1469 if ( is_array( $value ) ) |
|
1470 return array_merge( $value, $global_attributes ); |
|
1471 |
|
1472 return $value; |
|
1473 } |