kses optimizations. Props duck_. fixes #17045
git-svn-id: http://svn.automattic.com/wordpress/trunk@17730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
5628ced76f
commit
c5fb371ec6
|
|
@ -554,7 +554,7 @@ function wp_kses_split($string, $allowed_html, $allowed_protocols) {
|
|||
global $pass_allowed_html, $pass_allowed_protocols;
|
||||
$pass_allowed_html = $allowed_html;
|
||||
$pass_allowed_protocols = $allowed_protocols;
|
||||
return preg_replace_callback( '%((<!--.*?(-->|$))|(<[^>]*(>|$)|>))%', '_wp_kses_split_callback', $string );
|
||||
return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -565,7 +565,7 @@ function wp_kses_split($string, $allowed_html, $allowed_protocols) {
|
|||
*/
|
||||
function _wp_kses_split_callback( $match ) {
|
||||
global $pass_allowed_html, $pass_allowed_protocols;
|
||||
return wp_kses_split2( $match[1], $pass_allowed_html, $pass_allowed_protocols );
|
||||
return wp_kses_split2( $match[0], $pass_allowed_html, $pass_allowed_protocols );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -596,9 +596,9 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
|
|||
return '>';
|
||||
# It matched a ">" character
|
||||
|
||||
if (preg_match('%^<!--(.*?)(-->)?$%', $string, $matches)) {
|
||||
$string = str_replace(array('<!--', '-->'), '', $matches[1]);
|
||||
while ( $string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols) )
|
||||
if ( '<!--' == substr( $string, 0, 4 ) ) {
|
||||
$string = str_replace( array('<!--', '-->'), '', $string );
|
||||
while ( $string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols)) )
|
||||
$string = $newstring;
|
||||
if ( $string == '' )
|
||||
return '';
|
||||
|
|
@ -618,15 +618,15 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
|
|||
$elem = $matches[2];
|
||||
$attrlist = $matches[3];
|
||||
|
||||
if (!@isset($allowed_html[strtolower($elem)]))
|
||||
if ( ! isset($allowed_html[strtolower($elem)]) )
|
||||
return '';
|
||||
# They are using a not allowed HTML element
|
||||
|
||||
if ($slash != '')
|
||||
return "<$slash$elem>";
|
||||
return "</$elem>";
|
||||
# No attributes are allowed for closing elements
|
||||
|
||||
return wp_kses_attr("$slash$elem", $attrlist, $allowed_html, $allowed_protocols);
|
||||
return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -654,50 +654,47 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
|
|||
$xhtml_slash = ' /';
|
||||
|
||||
# Are any attributes allowed at all for this element?
|
||||
|
||||
if (@ count($allowed_html[strtolower($element)]) == 0)
|
||||
if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 )
|
||||
return "<$element$xhtml_slash>";
|
||||
|
||||
# Split it
|
||||
|
||||
$attrarr = wp_kses_hair($attr, $allowed_protocols);
|
||||
|
||||
# Go through $attrarr, and save the allowed attributes for this element
|
||||
# in $attr2
|
||||
|
||||
$attr2 = '';
|
||||
|
||||
$allowed_attr = $allowed_html[strtolower($element)];
|
||||
foreach ($attrarr as $arreach) {
|
||||
if (!@ isset ($allowed_html[strtolower($element)][strtolower($arreach['name'])]))
|
||||
if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) )
|
||||
continue; # the attribute is not allowed
|
||||
|
||||
$current = $allowed_html[strtolower($element)][strtolower($arreach['name'])];
|
||||
if ($current == '')
|
||||
$current = $allowed_attr[strtolower($arreach['name'])];
|
||||
if ( $current == '' )
|
||||
continue; # the attribute is not allowed
|
||||
|
||||
if (!is_array($current))
|
||||
if ( ! is_array($current) ) {
|
||||
$attr2 .= ' '.$arreach['whole'];
|
||||
# there are no checks
|
||||
|
||||
else {
|
||||
} else {
|
||||
# there are some checks
|
||||
$ok = true;
|
||||
foreach ($current as $currkey => $currval)
|
||||
if (!wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval)) {
|
||||
foreach ($current as $currkey => $currval) {
|
||||
if ( ! wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval) ) {
|
||||
$ok = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ( strtolower($arreach['name']) == 'style' ) {
|
||||
$orig_value = $arreach['value'];
|
||||
|
||||
$value = safecss_filter_attr($orig_value);
|
||||
|
||||
if ( empty($value) )
|
||||
continue;
|
||||
|
||||
$arreach['value'] = $value;
|
||||
|
||||
$arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']);
|
||||
}
|
||||
|
||||
|
|
@ -707,7 +704,6 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
|
|||
} # foreach
|
||||
|
||||
# Remove any "<" or ">" characters
|
||||
|
||||
$attr2 = preg_replace('/[<>]/', '', $attr2);
|
||||
|
||||
return "<$element$attr2$xhtml_slash>";
|
||||
|
|
|
|||
Loading…
Reference in New Issue