773 * @param array $allowed_protocols Allowed protocols to keep |
773 * @param array $allowed_protocols Allowed protocols to keep |
774 * @return string Filtered content |
774 * @return string Filtered content |
775 */ |
775 */ |
776 function wp_kses_bad_protocol($string, $allowed_protocols) { |
776 function wp_kses_bad_protocol($string, $allowed_protocols) { |
777 $string = wp_kses_no_null($string); |
777 $string = wp_kses_no_null($string); |
778 $string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature" |
|
779 $string2 = $string.'a'; |
778 $string2 = $string.'a'; |
780 |
779 |
781 while ($string != $string2) { |
780 while ($string != $string2) { |
782 $string2 = $string; |
781 $string2 = $string; |
783 $string = wp_kses_bad_protocol_once($string, $allowed_protocols); |
782 $string = wp_kses_bad_protocol_once($string, $allowed_protocols); |
918 } |
917 } |
919 |
918 |
920 $string2 = wp_kses_decode_entities($string); |
919 $string2 = wp_kses_decode_entities($string); |
921 $string2 = preg_replace('/\s/', '', $string2); |
920 $string2 = preg_replace('/\s/', '', $string2); |
922 $string2 = wp_kses_no_null($string2); |
921 $string2 = wp_kses_no_null($string2); |
923 $string2 = preg_replace('/\xad+/', '', $string2); |
|
924 # deals with Opera "feature" |
|
925 $string2 = strtolower($string2); |
922 $string2 = strtolower($string2); |
926 |
923 |
927 $allowed = false; |
924 $allowed = false; |
928 foreach ( (array) $_kses_allowed_protocols as $one_protocol) |
925 foreach ( (array) $_kses_allowed_protocols as $one_protocol) |
929 if (strtolower($one_protocol) == $string2) { |
926 if (strtolower($one_protocol) == $string2) { |
1025 * |
1022 * |
1026 * @param string $string Content to change entities |
1023 * @param string $string Content to change entities |
1027 * @return string Content after decoded entities |
1024 * @return string Content after decoded entities |
1028 */ |
1025 */ |
1029 function wp_kses_decode_entities($string) { |
1026 function wp_kses_decode_entities($string) { |
1030 $string = preg_replace_callback('/&#([0-9]+);/', create_function('$match', 'return chr($match[1]);'), $string); |
1027 $string = preg_replace_callback('/&#([0-9]+);/', '_wp_kses_decode_entities_chr', $string); |
1031 $string = preg_replace_callback('/&#[Xx]([0-9A-Fa-f]+);/', create_function('$match', 'return chr(hexdec($match[1]));'), $string); |
1028 $string = preg_replace_callback('/&#[Xx]([0-9A-Fa-f]+);/', '_wp_kses_decode_entities_chr_hexdec', $string); |
1032 |
1029 |
1033 return $string; |
1030 return $string; |
1034 } |
1031 } |
1035 |
1032 |
1036 /** |
1033 /** |
|
1034 * Regex callback for wp_kses_decode_entities() |
|
1035 * |
|
1036 * @param array $match preg match |
|
1037 * @return string |
|
1038 */ |
|
1039 function _wp_kses_decode_entities_chr( $match ) { |
|
1040 return chr( $match[1] ); |
|
1041 } |
|
1042 |
|
1043 /** |
|
1044 * Regex callback for wp_kses_decode_entities() |
|
1045 * |
|
1046 * @param array $match preg match |
|
1047 * @return string |
|
1048 */ |
|
1049 function _wp_kses_decode_entities_chr_hexdec( $match ) { |
|
1050 return chr( hexdec( $match[1] ) ); |
|
1051 } |
|
1052 |
|
1053 /** |
1037 * Sanitize content with allowed HTML Kses rules. |
1054 * Sanitize content with allowed HTML Kses rules. |
1038 * |
1055 * |
1039 * @since 1.0.0 |
1056 * @since 1.0.0 |
1040 * @uses $allowedtags |
1057 * @uses $allowedtags |
1041 * |
1058 * |
1042 * @param string $data Content to filter |
1059 * @param string $data Content to filter, expected to be escaped with slashes |
1043 * @return string Filtered content |
1060 * @return string Filtered content |
1044 */ |
1061 */ |
1045 function wp_filter_kses($data) { |
1062 function wp_filter_kses($data) { |
1046 global $allowedtags; |
1063 global $allowedtags; |
1047 return addslashes( wp_kses(stripslashes( $data ), $allowedtags) ); |
1064 return addslashes( wp_kses(stripslashes( $data ), $allowedtags) ); |
1048 } |
1065 } |
1049 |
1066 |
1050 /** |
1067 /** |
|
1068 * Sanitize content with allowed HTML Kses rules. |
|
1069 * |
|
1070 * @since 2.9.0 |
|
1071 * @uses $allowedtags |
|
1072 * |
|
1073 * @param string $data Content to filter, expected to not be escaped |
|
1074 * @return string Filtered content |
|
1075 */ |
|
1076 function wp_kses_data($data) { |
|
1077 global $allowedtags; |
|
1078 return wp_kses( $data , $allowedtags ); |
|
1079 } |
|
1080 |
|
1081 /** |
1051 * Sanitize content for allowed HTML tags for post content. |
1082 * Sanitize content for allowed HTML tags for post content. |
1052 * |
1083 * |
1053 * Post content refers to the page contents of the 'post' type and not $_POST |
1084 * Post content refers to the page contents of the 'post' type and not $_POST |
1054 * data from forms. |
1085 * data from forms. |
1055 * |
1086 * |
1056 * @since 2.0.0 |
1087 * @since 2.0.0 |
1057 * @uses $allowedposttags |
1088 * @uses $allowedposttags |
1058 * |
1089 * |
1059 * @param string $data Post content to filter |
1090 * @param string $data Post content to filter, expected to be escaped with slashes |
1060 * @return string Filtered post content with allowed HTML tags and attributes intact. |
1091 * @return string Filtered post content with allowed HTML tags and attributes intact. |
1061 */ |
1092 */ |
1062 function wp_filter_post_kses($data) { |
1093 function wp_filter_post_kses($data) { |
1063 global $allowedposttags; |
1094 global $allowedposttags; |
1064 return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) ); |
1095 return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) ); |
|
1096 } |
|
1097 |
|
1098 /** |
|
1099 * Sanitize content for allowed HTML tags for post content. |
|
1100 * |
|
1101 * Post content refers to the page contents of the 'post' type and not $_POST |
|
1102 * data from forms. |
|
1103 * |
|
1104 * @since 2.9.0 |
|
1105 * @uses $allowedposttags |
|
1106 * |
|
1107 * @param string $data Post content to filter |
|
1108 * @return string Filtered post content with allowed HTML tags and attributes intact. |
|
1109 */ |
|
1110 function wp_kses_post($data) { |
|
1111 global $allowedposttags; |
|
1112 return wp_kses( $data , $allowedposttags ); |
1065 } |
1113 } |
1066 |
1114 |
1067 /** |
1115 /** |
1068 * Strips all of the HTML in the content. |
1116 * Strips all of the HTML in the content. |
1069 * |
1117 * |
1154 |
1202 |
1155 if ( preg_match( '%[\\(&]|/\*%', $css ) ) // remove any inline css containing \ ( & or comments |
1203 if ( preg_match( '%[\\(&]|/\*%', $css ) ) // remove any inline css containing \ ( & or comments |
1156 return ''; |
1204 return ''; |
1157 |
1205 |
1158 $css_array = split( ';', trim( $css ) ); |
1206 $css_array = split( ';', trim( $css ) ); |
1159 $allowed_attr = apply_filters( 'safe_style_css', array( 'text-align', 'margin', 'color', 'float', |
1207 $allowed_attr = apply_filters( 'safe_style_css', array( 'text-align', 'margin', 'color', 'float', |
1160 'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', |
1208 'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', |
1161 'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left', |
1209 'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left', |
1162 'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', |
1210 'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', |
1163 'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', |
1211 'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', |
1164 'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', |
1212 'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', |
1165 'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', |
1213 'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', |
1166 'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', |
1214 'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', |
1167 'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', |
1215 'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', |
1168 'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', |
1216 'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', |
1169 'width' ) ); |
1217 'width' ) ); |
1170 |
1218 |
1171 if ( empty($allowed_attr) ) |
1219 if ( empty($allowed_attr) ) |
1172 return $css; |
1220 return $css; |
1173 |
1221 |