iandunn
614df6b5cc
KSES: Make the URI attributes DRY.
...
This commit introduces the `wp_kses_uri_attributes` function and filter. The function centralizes the list of attributes, in order to prevent inconsistency, and the filter provides a way for plugins to customize the attributes.
Merges [44014] and [44017] to `trunk`.
Built from https://develop.svn.wordpress.org/trunk@44207
git-svn-id: http://core.svn.wordpress.org/trunk@44037 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-15 11:18:25 +00:00
Gary Pendergast
e740c695e6
KSES: Allow the `download` attribute on `<a>` tags.
...
To avoid this being a vector for bypassing the filetypes that are allowed to be uploaded, this attribute is only allowed to be added without a value.
Merges [43813] from the 5.0 branch to trunk.
Props kalpshit, arshidkv12, welcher, peterwilsoncc, marina_wp, pento.
Fixes #44724 .
Built from https://develop.svn.wordpress.org/trunk@44156
git-svn-id: http://core.svn.wordpress.org/trunk@43986 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 03:28:38 +00:00
Gary Pendergast
1947e4424a
KSES: Allow `url()` to be used in inline CSS.
...
The cover image block uses the `url()` function in its inline CSS, to show the cover image. KSES didn't allow this, causing the block to not save correctly for Author and Contributor users. As KSES does already check each attribute name against an allowed list, we're able to add an extra check for certain attributes to be able to use the `url()` function, too.
Merges [43781] from the 5.0 branch to core.
Props peterwilsoncc, azaozz, pento, dd32.
Fixes #45067 .
Built from https://develop.svn.wordpress.org/trunk@44136
git-svn-id: http://core.svn.wordpress.org/trunk@43966 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-14 01:41:36 +00:00
Jeremy Felt
32e9dea3ea
KSES: Add selected ARIA attributes support.
...
Allow low-privileged users to use the ARIA attributes `aria-describedby`, `aria-details`, `aria-label`, `aria-labelledby` and `aria-hidden`.
Merges [43731] to trunk.
Props mattheu, swissspidy, rianrietveld, afercia, GaryJ.
See #30421 .
Built from https://develop.svn.wordpress.org/trunk@43984
git-svn-id: http://core.svn.wordpress.org/trunk@43816 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 03:15:24 +00:00
Jeremy Felt
a0309e80b6
KSES: Allow HTML data-* attributes.
...
Add global support for HTML attributes prefixed `data-` for authors and contributors, as required by the new editor.
Merges [43727] to trunk.
Props azaozz, peterwilsoncc.
Fixes #33121 .
Built from https://develop.svn.wordpress.org/trunk@43981
git-svn-id: http://core.svn.wordpress.org/trunk@43813 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-12-12 02:39:25 +00:00
Gary Pendergast
56c162fbc9
Coding Standards: Upgrade WPCS to 1.0.0
...
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes #44600 .
Built from https://develop.svn.wordpress.org/trunk@43571
git-svn-id: http://core.svn.wordpress.org/trunk@43400 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-08-17 01:51:36 +00:00
John Blackbourn
4ccca7a835
Formatting: Begin the process of improving the docs for KSES related functions.
...
See #33801
Built from https://develop.svn.wordpress.org/trunk@43016
git-svn-id: http://core.svn.wordpress.org/trunk@42845 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-04-28 13:58:21 +00:00
Sergey Biryukov
0e9549d424
Formatting: Permit use of `text-transform` in `safecss_filter_attr()`.
...
Add unit tests for `safecss_filter_attr()`.
Props birgire, juiiee8487, danielbachhuber.
Fixes #42729 .
Built from https://develop.svn.wordpress.org/trunk@42880
git-svn-id: http://core.svn.wordpress.org/trunk@42710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-27 00:54:34 +00:00
Sergey Biryukov
8a701e5b3f
Formatting: Avoid a PHP 7.2 warning in `wp_kses_attr()` when one of `$allowedtags` elements is an uncountable value.
...
Props andrei0x309, soulseekah, SergeyBiryukov.
Fixes #43312 .
Built from https://develop.svn.wordpress.org/trunk@42860
git-svn-id: http://core.svn.wordpress.org/trunk@42690 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-03-20 21:35:31 +00:00
Sergey Biryukov
5d1e06f939
Docs: Move inline comments in `wp_kses_split2()` before the blocks they apply to.
...
See #42505 .
Built from https://develop.svn.wordpress.org/trunk@42712
git-svn-id: http://core.svn.wordpress.org/trunk@42540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-02-14 11:46:33 +00:00
Gary Pendergast
aaf99e6913
Code is Poetry.
...
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057 .
Built from https://develop.svn.wordpress.org/trunk@42343
git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Gary Pendergast
882db52bdd
General: Add inline PHPCS options to leave regex indentation.
...
We have a handful of super long regexen that are written over multiple lines, as a collection of strings concatenated together. Each string is indented appropriately for the regex, but PHPCS doesn't recognised this, so defaults to removing the extra whitespace.
Disabling the `Squiz.Strings.ConcatenationSpacing.PaddingFound` rule for these blocks stops the extra whitespace from being removed.
See #41057 .
Built from https://develop.svn.wordpress.org/trunk@42249
git-svn-id: http://core.svn.wordpress.org/trunk@42078 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-28 04:24:57 +00:00
Gary Pendergast
c90cfa3b50
General: Fix some precision alignment formatting warnings.
...
The WPCS `WordPress.WhiteSpace.PrecisionAlignment` rule throws warnings for a bunch of code that will likely cause issues for `wpcbf`. Fixing these manually beforehand gives us better auto-fixed results later.
See #41057 .
Built from https://develop.svn.wordpress.org/trunk@42228
git-svn-id: http://core.svn.wordpress.org/trunk@42057 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-26 23:57:55 +00:00
Drew Jaynes
474711aac1
Docs: Adjust notation for the `$context` parameter in the DocBlocks for the `wp_kses_allowed_html()` function and its associated `wp_kses_allowed_html` filter.
...
`$context|$allowedtags` can be either a string or array.
Props bor0.
Fixes #40575 .
Built from https://develop.svn.wordpress.org/trunk@40950
git-svn-id: http://core.svn.wordpress.org/trunk@40800 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-06-25 22:16:40 +00:00
Dominik Schilling
77858f4b92
KSES: Support `'tag' => true` as a shorthand for `'tag' => array()` in `wp_kses_attr()`.
...
`Automatic_Upgrader_Skin::feedback()` had always assumed that this is already the case, now it is.
See #20017 .
Fixes #40680 .
Built from https://develop.svn.wordpress.org/trunk@40637
git-svn-id: http://core.svn.wordpress.org/trunk@40498 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 19:23:43 +00:00
John Blackbourn
d327c92e4b
Docs: Add and correct `@since` docs for a variety of functions and methods.
...
Props keesiemeijer, chris_dev
Fixes #39343 , #39357 , #39344
See #39130
Built from https://develop.svn.wordpress.org/trunk@39638
git-svn-id: http://core.svn.wordpress.org/trunk@39578 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:21:44 +00:00
Gary Pendergast
456f8015b7
KSES: Deprecate `wp_kses_js_entities()`.
...
This function was originally introduced to fix an XSS attack in Netscape 4, which never affected any other browsers, or later versions of Netscape.
I'm willing to go out on a limb, and say that we've officially dropped security support for Netscape 4.
Props dmsnell, desrosj.
Fixes #33848 .
Built from https://develop.svn.wordpress.org/trunk@38785
git-svn-id: http://core.svn.wordpress.org/trunk@38728 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-13 22:25:31 +00:00
Aaron Jorbin
dd983343d3
Formatting: Allow KSES custom elements with hyphens
...
The W3C Custom Elements spec (http://www.w3.org/TR/custom-elements/#concepts ) allows you to use your own custom DOM elements/tags. One of the main requirements is that the tag name "must contain a U+002D HYPHEN-MINUS character". This adjusts KSES to allow it.
Fixes #34105 .
Props batmoo.
Built from https://develop.svn.wordpress.org/trunk@38511
git-svn-id: http://core.svn.wordpress.org/trunk@38452 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-02 04:16:28 +00:00
Drew Jaynes
6cc13f0c54
Docs: Fix formatting, tense, verb conjugation, and other syntax for wp-includes/* elements introduced or changed in 4.6.
...
Part 1/2.
See #37318 .
Built from https://develop.svn.wordpress.org/trunk@38121
git-svn-id: http://core.svn.wordpress.org/trunk@38062 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-07-20 16:57:32 +00:00
Drew Jaynes
5e467a2774
Docs: Add changelog entries to the hook doc for the `safe_style_css` filter denoting recent CSS attribute additions.
...
* `min-height`, `max-height`, `min-width`, and `max-width` were added in 4.4, see [33739].
* `list-style-type` was added in 4.6, see [37898].
See #35877 . See #32246 .
Built from https://develop.svn.wordpress.org/trunk@37931
git-svn-id: http://core.svn.wordpress.org/trunk@37872 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-30 17:02:30 +00:00
Jeremy Felt
571f70c60a
KSES: Add `list-style-type` to the list of allowed CSS attributes.
...
Props azaozz.
Fixes #35877 .
Built from https://develop.svn.wordpress.org/trunk@37898
git-svn-id: http://core.svn.wordpress.org/trunk@37839 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-28 22:10:31 +00:00
Jeremy Felt
d9d7e5fa63
KSES: Adjust the list of safecss attributes for readability.
...
Props azaozz.
See #35877 .
Built from https://develop.svn.wordpress.org/trunk@37897
git-svn-id: http://core.svn.wordpress.org/trunk@37838 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-28 22:06:31 +00:00
Drew Jaynes
d28f1a08ef
Docs: Apply inline `@see` tags to hooks referenced in DocBlocks in a variety of wp-includes/* files.
...
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.
See #36921 .
Built from https://develop.svn.wordpress.org/trunk@37543
git-svn-id: http://core.svn.wordpress.org/trunk@37511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-23 19:01:27 +00:00
Drew Jaynes
9cb5247392
Docs: Standardize filter docs in remaining wp-includes/* files to use third-person singular verbs per the inline documentation standards for PHP.
...
See #36913 .
Built from https://develop.svn.wordpress.org/trunk@37518
git-svn-id: http://core.svn.wordpress.org/trunk@37486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:50:28 +00:00
Drew Jaynes
fe3b007fdd
Docs: Remove inline `@see` tags from function, class, and method references in inline docs.
...
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.
Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.
See #32246 .
Built from https://develop.svn.wordpress.org/trunk@37342
git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-02 04:00:28 +00:00
Drew Jaynes
6a94d3e2e3
Docs: Use the correct parameter name in the DocBlock for `wp_kses_post_deep()`, introduced in [36429].
...
Props sebastianpisula.
Fixes #35700 . See #35316 .
Built from https://develop.svn.wordpress.org/trunk@36489
git-svn-id: http://core.svn.wordpress.org/trunk@36456 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-07 00:18:26 +00:00
Dominik Schilling
cd892b86b4
Media: In `wp_read_image_metadata()` make sure that IPTC keywords are UTF8 encoded.
...
Prevents missing `_wp_attachment_metadata` when an image contains keywords with latin extended characters.
Fixes #35316 .
Built from https://develop.svn.wordpress.org/trunk@36429
git-svn-id: http://core.svn.wordpress.org/trunk@36396 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-01 14:53:27 +00:00
John Blackbourn
a5d44337b2
Docs: `@param` fixes for a variety of docblocks.
...
See #32246
Built from https://develop.svn.wordpress.org/trunk@36232
git-svn-id: http://core.svn.wordpress.org/trunk@36199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-09 01:45:26 +00:00
Sergey Biryukov
ae37057114
KSES: Allow the `reversed` attribute for `<ol>`.
...
Props lancewillett.
Fixes #35079 .
Built from https://develop.svn.wordpress.org/trunk@35960
git-svn-id: http://core.svn.wordpress.org/trunk@35924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-12-16 09:54:26 +00:00
Scott Taylor
55e16aa98a
KSES: have you ever heard of the `<bdo>` HTML tag? Same. http://www.w3schools.com/tags/tag_bdo.asp
...
Adds unit test.
Props iandunn.
Fixes #34063 .
Built from https://develop.svn.wordpress.org/trunk@35141
git-svn-id: http://core.svn.wordpress.org/trunk@35106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-10-13 17:18:25 +00:00
Scott Taylor
8d27055b0c
Allow these CSS properties in KSES: `min-height', 'max-height', 'min-width', 'max-width'`
...
Props MikeHansenMe.
Fixes #31949 .
Built from https://develop.svn.wordpress.org/trunk@33739
git-svn-id: http://core.svn.wordpress.org/trunk@33707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-25 21:46:20 +00:00
Gary Pendergast
c3e0ed7e03
Shortcodes: Improve the reliablity of shortcodes inside HTML tags.
...
Props miqrogroove.
See #15694 .
Built from https://develop.svn.wordpress.org/trunk@33359
git-svn-id: http://core.svn.wordpress.org/trunk@33331 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 05:15:25 +00:00
Scott Taylor
32dabc1f90
Don't strip `\0` (backslash+zero) from post content for users without "unfiltered_html"
...
Adds unit tests.
Props miqrogroove.
Fixes #28699 .
Built from https://develop.svn.wordpress.org/trunk@32860
git-svn-id: http://core.svn.wordpress.org/trunk@32831 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-19 18:47:27 +00:00
Scott Taylor
f888767c73
`$status` shouldn't be loosely compared to `true` in `wp_xmlrpc_server::wp_deleteComment()`.
...
`$initial` shouldn't be loosely compared to `true` in `get_calendar()`.
`current_user_can()` shouldn't be loosely compared to `false` in `kses_init()`
`$get_all` shouldn't be loosely compared to `true` in `get_blog_details()`.
`is_array()` and `in_array()` shouldn't be loosely compared in `wpmu_validate_user_signup()`.
`$result` should by strictly compared in `check_ajax_referer()`.
`wp_verify_nonce()` should by strictly compared in `_show_post_preview()`.
`is_user_logged_in()` should not be loosly compared against `false` in `wp-signup.php`.
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32733
git-svn-id: http://core.svn.wordpress.org/trunk@32704 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:48:26 +00:00
Scott Taylor
4b24007353
Add missing doc blocks to `kses.php` - also fix some unfortunate whitespace issues in related funcs.
...
See #32444 .
Built from https://develop.svn.wordpress.org/trunk@32603
git-svn-id: http://core.svn.wordpress.org/trunk@32573 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-26 18:06:24 +00:00
Scott Taylor
86f29795a4
Add `<s>` to `$allowedtags` in KSES.
...
From https://developer.mozilla.org/en-US/docs/Web/HTML/Element/s :
"The <strike> element, alter ego of the <s> element is obsolete and should not be used on Web sites any more."
`<strike>` shall remain for BC, but `<s>` should not be stripped from the author (et al) role's HTML input.
Props paulschreiber.
Fixes #30954 .
Built from https://develop.svn.wordpress.org/trunk@31205
git-svn-id: http://core.svn.wordpress.org/trunk@31186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 16:07:23 +00:00
Scott Taylor
fc843ce4d0
There are some random `add_action()` and `add_filter()` calls littered around some files in `wp-includes/`. These should be moved to `wp-includes/default-filters.php` with the rest of the registered hooks. It seems like this was the best practice for awhile and then we randomly stopped. This file loads way before any of the includes, so the hooks will be registered for any request that loads WordPress, even `SHORTINIT` - a lot of the hooks registered won't run anyways (that's already the case).
...
See #30947 .
Built from https://develop.svn.wordpress.org/trunk@31168
git-svn-id: http://core.svn.wordpress.org/trunk@31149 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-12 16:40:23 +00:00
Scott Taylor
4a1ad9acec
Jump statements should not be followed by other statements (there were 5 lingering).
...
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31100
git-svn-id: http://core.svn.wordpress.org/trunk@31081 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 21:15:22 +00:00
Scott Taylor
ac4e67b82e
Perl-style comments should not be used
...
See #30799 .
Built from https://develop.svn.wordpress.org/trunk@31079
git-svn-id: http://core.svn.wordpress.org/trunk@31060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 05:52:24 +00:00
Drew Jaynes
ad1ecf88c5
Only backtick-escape individual HTML entities in the DocBlock for `wp_kses_normalize_entities()`.
...
Props TobiasBg.
Fixes #30473 .
Built from https://develop.svn.wordpress.org/trunk@30726
git-svn-id: http://core.svn.wordpress.org/trunk@30716 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-03 11:47:23 +00:00
Drew Jaynes
3d77f9a816
Remove some now-unnecessary double quotes around HTML entities used in DocBlock comments.
...
See #30473 .
Built from https://develop.svn.wordpress.org/trunk@30721
git-svn-id: http://core.svn.wordpress.org/trunk@30711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-03 08:49:23 +00:00
Drew Jaynes
8e5543da53
Backtick-escape three sets of HTML entities used in DocBlock descriptions in wp-includes/kses.php.
...
Without the escaping, the Code Reference/browser may inadvertently attempt to convert and display entities.
Fixes #30473 .
Built from https://develop.svn.wordpress.org/trunk@30720
git-svn-id: http://core.svn.wordpress.org/trunk@30710 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-03 08:47:22 +00:00
Andrew Nacin
e7614d6c45
Fix typo in style filter. props miqrogroove
...
Built from https://develop.svn.wordpress.org/trunk@30425
git-svn-id: http://core.svn.wordpress.org/trunk@30420 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-20 13:15:24 +00:00
Drew Jaynes
f8657d5890
Remove redundant and erroneous `@uses` tag from most core inline documentation.
...
Per our inline documentation standards, no further use of the `@uses` tag is recommended as used and used-by relationships can be derived through other means. This removes most uses of the tag in core documentation, with remaining tags to be converted to `@global` or `@see` as they apply.
Fixes #30191 .
Built from https://develop.svn.wordpress.org/trunk@30105
git-svn-id: http://core.svn.wordpress.org/trunk@30105 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-30 01:05:24 +00:00
Scott Taylor
2ad420dddf
Add `audio`, `video`, and `track` to `$allowedposttags` (KSES).
...
Props jwenerd, wonderboymusic.
Fixes #29826 .
Built from https://develop.svn.wordpress.org/trunk@30064
git-svn-id: http://core.svn.wordpress.org/trunk@30064 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-28 19:36:23 +00:00
Andrew Nacin
ae21b1884d
kses: Add colgroup.
...
props collinsinternet.
fixes #29433 .
Built from https://develop.svn.wordpress.org/trunk@29740
git-svn-id: http://core.svn.wordpress.org/trunk@29514 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-09-12 05:51:17 +00:00
Sergey Biryukov
788597141a
Make wp_kses_no_null() remove any invalid control characters in a string.
...
props mauteri, miqrogroove.
fixes #28506 .
Built from https://develop.svn.wordpress.org/trunk@28942
git-svn-id: http://core.svn.wordpress.org/trunk@28740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-01 18:01:17 +00:00
Scott Taylor
38e39c93ea
In `kses.php`, ensure that `$allowedposttags`, `$allowedtags`, and `$allowedentitynames` are added to the global namespace.
...
Props Jaza613.
Fixes #28582 .
Built from https://develop.svn.wordpress.org/trunk@28845
git-svn-id: http://core.svn.wordpress.org/trunk@28649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-06-26 02:14:15 +00:00
Andrew Nacin
fbbc31f3c5
Inline documentation for hooks in wp-includes/kses.php.
...
props siobhyb, DrewAPicture.
fixes #25800 .
Built from https://develop.svn.wordpress.org/trunk@27739
git-svn-id: http://core.svn.wordpress.org/trunk@27576 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-26 14:57:15 +00:00
Andrew Nacin
f9fd129f28
Allow XML attributes with colons to be read by kses.
...
The attribute would still need to be whitelisted to get through the filters.
props jorbin.
fixes #17847 .
Built from https://develop.svn.wordpress.org/trunk@27707
git-svn-id: http://core.svn.wordpress.org/trunk@27546 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-25 12:53:16 +00:00
Andrew Nacin
5fd175300c
Allow the role attribute in kses for all elements.
...
props mikecorkum.
fixes #24098 .
Built from https://develop.svn.wordpress.org/trunk@27388
git-svn-id: http://core.svn.wordpress.org/trunk@27236 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-04 02:11:16 +00:00
Andrew Nacin
8ec592f244
Add dfn, mark, and samp to kses.
...
props kraftbj.
fixes #24950 .
Built from https://develop.svn.wordpress.org/trunk@26973
git-svn-id: http://core.svn.wordpress.org/trunk@26852 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-01-17 08:38:09 +00:00
Peter Westwood
e1e79ddf64
KSES: Extend support in wp_kses_normalize_entities to named entities with up to two numbers on the end of the name so as to support a wider list of valid entities.
...
Fixes â#26290
Built from https://develop.svn.wordpress.org/trunk@26440
git-svn-id: http://core.svn.wordpress.org/trunk@26338 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-27 22:32:09 +00:00
Andrew Nacin
d362dc1e49
Allow the value attribute for list items processed by kses.
...
props kraftbj.
fixes #24293 .
Built from https://develop.svn.wordpress.org/trunk@25460
git-svn-id: http://core.svn.wordpress.org/trunk@25381 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-16 20:49:10 +00:00
Ryan Boren
43a7e695e9
Revert 23416, 23419, 23445 except for wp_reset_vars() changes. We are going a different direction with the slashing cleanup, so resetting to a clean slate. see #21767
...
git-svn-id: http://core.svn.wordpress.org/trunk@23554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-03-01 16:28:40 +00:00
Ryan Boren
cc5ed3a485
Change all core API to expect unslashed rather than slashed arguments.
...
The exceptions to this are update_post_meta() and add_post_meta() which are often used by plugins in POST handlers and will continue accepting slashed data for now.
Introduce wp_upate_post_meta() and wp_add_post_meta() as unslashed alternatives to update_post_meta() and add_post_meta(). These functions could become methods in WP_Post so don't use them too heavily yet.
Remove all escape() calls from wp_xmlrpc_server. Now that core expects unslashed data this is no longer needed.
Remove addslashes(), addslashes_gpc(), add_magic_quotes() calls on data being prepared for handoff to core functions that until now expected slashed data. Adding slashes in no longer necessary.
Introduce wp_unslash() and use to it remove slashes from GPCS data before using it in core API. Almost every instance of stripslashes() in core should now be wp_unslash(). In the future (a release or three) when GPCS is no longer slashed, wp_unslash() will stop stripping slashes and simply return what is passed. At this point wp_unslash() calls can be removed from core.
Introduce wp_slash() for slashing GPCS data. This will also turn into a noop once GPCS is no longer slashed. wp_slash() should almost never be used. It is mainly of use in unit tests.
Plugins should use wp_unslash() on data being passed to core API.
Plugins should no longer slash data being passed to core. So when you get_post() and then wp_insert_post() the post data from get_post() no longer needs addslashes(). Most plugins were not bothering with this. They will magically start doing the right thing. Unfortunately, those few souls who did it properly will now have to avoid calling addslashes() for 3.6 and newer.
Use wp_kses_post() and wp_kses_data(), which expect unslashed data, instead of wp_filter_post_kses() and wp_filter_kses(), which expect slashed data. Filters are no longer passed slashed data.
Remove many no longer necessary calls to $wpdb->escape() and esc_sql().
In wp_get_referer() and wp_get_original_referer(), return unslashed data.
Remove old stripslashes() calls from WP_Widget::update() handlers. These haven't been necessary since WP_Widget.
Switch several queries over to prepare().
Expect something to break.
Props alexkingorg
see #21767
git-svn-id: http://core.svn.wordpress.org/trunk@23416 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-02-14 22:51:06 +00:00
Andrew Nacin
40543db45f
Recommend the wp_kses_allowed_html filter over CUSTOM_TAGS. Soft deprecate CUSTOM_TAGS. see #17977 , #20210 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21796 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-10 18:00:41 +00:00
Andrew Nacin
ed375f4106
Remove kses allowedtags that were commented out long ago. see #17977 .
...
git-svn-id: http://core.svn.wordpress.org/trunk@21795 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-10 17:53:46 +00:00
Ryan Boren
ffac99eadc
* Introduce wp_kses_allowed_html() which accepts a context string and returns an array of allowed tags.
...
* Remove explicit declarations of class, id, style, and title from $allowedposttags
* Dynamicallly add global attributes to every tag for the 'post' context
* No longer calls wp_kses_array_lc() every time wp_kses() runs. Instead it runs once if CUSTOM_TAGS is true. Plugins directly passing a custom allowed_html array will no longer get the lc treatment. Keep an eye out for problems with this.
* wp_kses_data() and wp_filter_kses() pass current_filter() for the $allowed_html argument to wp_kses().
* wp_kses_allowed_html() handles being passed a filter name for a context. If the filter is not a recognized one it defaults to using $allowedtags as was done before for wp_kses_data() and wp_filter_kses().
* wp_kses_allowed_html() recognizes user_description and pre_user_description out of the box. For these it takes $allowedtags and inserts rel attribute support.
* wp_kses_allowed_html() allows plugins to override the return values for the default contexts and support arbitrary contexts via a wp_kses_allowed_html filter.
* wp_kses_hook() can now pass a string context for $allowed_html to the pre_kses filter. We might have to pass the result of wp_kses_allowed_html() instead if it turns out that plugins are digging in $allowed_html.
fixes #17977
see #20210
git-svn-id: http://core.svn.wordpress.org/trunk@21790 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-10 16:19:54 +00:00
Mark Jaquith
a0736b43ba
Add <small> to KSES, to hang out with its <big> brother. props SergeyBiryukov. fixes #18573
...
git-svn-id: http://core.svn.wordpress.org/trunk@21777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-09-06 19:08:42 +00:00
ryan
01dd4131b8
Don't allow unfiltered HTML comments from a frame. Props nacin. fixes #20812
...
git-svn-id: http://core.svn.wordpress.org/trunk@20974 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-06-01 20:47:08 +00:00
nacin
a7ef8337be
Handle multiple feed: schemes.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@20540 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-04-19 21:48:12 +00:00
duck_
f62dac2756
Reduce memory usage in wp-includes/kses.php by switching unnecessary empty arrays to boolean. Fixes #20017 .
...
safecss_filter_attr() block for style tags must be moved out of the is_array() only branch of wp_kses_attr() to accommodate for this.
git-svn-id: http://svn.automattic.com/wordpress/trunk@19976 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-02-21 20:33:44 +00:00
duck_
81a7ad2c81
split was deprecated in PHP 5.3.0, so use explode instead. Props garyc40. Fixes #16325 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19726 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-09 21:20:51 +00:00
ryan
83b131f8e3
User lowercase true, false, null instead of uppercase. Props c3mdigital, mfields. fixes #16302
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19687 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-01-05 20:50:54 +00:00
ryan
07ff8b216b
Use one space, not two, after trailing punctuation. fixes #19537
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@19593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-12-13 23:45:31 +00:00
ryan
8e8847e303
Don't use wp_parse_args() on non associative array. Props SergeyBiryukov. see #18268
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18856 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-10-01 15:54:52 +00:00
ryan
32e25b6aec
phpdoc typo and readability fixes. Props SergeyBiryukov. fixes #18560
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 22:57:43 +00:00
duck_
4171ea192b
Introduce wp_allowed_protocols() for use in wp_kses() and esc_url(). See #18268 .
...
This allows plugins to filter the list of protocols used for esc_url() too, and helps us keep the list of protocols in sync.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18826 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-09-29 22:33:51 +00:00
nacin
70ba819afd
i before e except after c. props trepmal, fixes #17730 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18208 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-06-09 09:13:00 +00:00
nacin
95279728ae
Upddate FSF address in kses. props mcepl, fixes #14967 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@18052 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-05-25 22:15:12 +00:00
ryan
c5fb371ec6
kses optimizations. Props duck_. fixes #17045
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-04-27 21:50:39 +00:00
ryan
85f1feed84
Bring out the shears.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17228 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2011-01-06 04:11:14 +00:00
ryan
607c8bf12a
Update @author tag contact info. Props hakre. see #16039
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-30 20:07:12 +00:00
ryan
4fd6561b1c
Add Copyright Statement, Licensing Information and Disclaimer to kses. Props hakre. Thanks Ulf Harnhammar. fixes #16039
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17181 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-30 18:37:18 +00:00
ryan
81cd855720
Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-29 20:45:37 +00:00
ryan
4f9846e1f3
Don't be so sensitive.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@17119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-23 15:26:49 +00:00
nacin
5f4a583fb1
Remove more create_function calls. props huichen, see #14424 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@16313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 22:50:36 +00:00
ryan
44e222d5ae
Add equal sign to blacklist. Props Pádraic Brady. for 3.1
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-12 14:30:39 +00:00
ryan
ffba502e8c
Don't use deprecated function. Blacklist curlies.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@15356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-30 17:46:37 +00:00
markjaquith
0c1ce4e9bc
Add some new protocols for KSES. Make the list of protocols filterable. Start esc_url() with the same list. fixes #10914 . props technosailor
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@14412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 21:20:20 +00:00
nacin
0cd84fba21
Add HTML 5 elements to kses, first pass. props rmccue. see #12835 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@14406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 20:34:49 +00:00
nacin
30d6eb32c6
Remove redundant isset() and empty() checks.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-19 21:29:21 +00:00
ryan
624731b93f
Fix numeric entity logic in kses. Props miqrogroove. see #12284
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-10 18:45:28 +00:00
westi
3775882493
Improve kses handling of attributes in valid XHTML self closed img tags. Fixes #12394 props dougal.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-02 22:11:08 +00:00
nacin
8bcc5969dc
Spelling and grammar fun. Fixes #11875 props cnorris23
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 20:13:23 +00:00
nacin
cddfbdd914
Coil the kses entities whitelist. See #12284
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 07:33:14 +00:00
ryan
0a81feaaeb
Whitelist entities. Props miqrogroove. see #12284
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@13358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 05:37:20 +00:00
westi
bf4a5241e1
Add missing version numbers to _deprecated_argument() calls.
...
Remove deprecated argument from xfn_check() calls.
Pass version number to deprecated_file_included, deprecated_function_run and deprecated_argument_run actions.
Fixes #11386 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-09 10:03:55 +00:00
westi
ff7831207c
Updates and improvements to _depreceated_argument. See #11386 props nacin.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-30 16:23:39 +00:00
ryan
cdf11d3479
Allow 0xAD in URI attributes. Props nbachiyski. fixes #9823 #10859
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-17 20:18:48 +00:00
ryan
4ec1d4bc32
Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data. Fixes slashing of displayed fields. fixes #10949
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@12125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-29 17:15:58 +00:00
ryan
8e3808bce2
Remove trailing whitespace
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-14 14:03:32 +00:00
azaozz
613aeb5316
Do not use lambda functions in wp_kses_decode_entities(), props mdawaffe, fixes #10623
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-16 05:58:39 +00:00
azaozz
49f9fb716c
Fix deprecated arg. in safecss_filter_attr(), for trunk
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-08 09:54:34 +00:00
ryan
df5809a0cc
Allow class, id, and style on headers. Props matt.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-06 14:37:48 +00:00
azaozz
e0e697974e
Inline CSS filter for kses, for trunk, fixes #10336
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-04 04:49:39 +00:00
ryan
44777c3352
Revert accidental fxn rename
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 23:32:16 +00:00
markjaquith
6c2ffddf31
_a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 19:43:53 +00:00
ryan
0858d9b0c2
Use preg_replace_callback instead of preg_replace with eval. Props beaulebens. see #8689
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-09 19:29:35 +00:00
ryan
e89192b1a8
Strip trailing whitespace
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@10150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-09 18:03:31 +00:00
westi
3ba1e08741
phpDoc corrections for KSES. Fixes #7550 props jacobsantos.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-06 06:53:45 +00:00
ryan
3911137835
Apply kses bad-protocol checks only to URI typed attributes. Props takayukister. fixes #5917 #6888 #6910 #7512
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-19 18:43:21 +00:00
markjaquith
74c46749cb
Cast to array when using foreach(). Props santosj (and thanks for your perseverance!). fixes #2784
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-06 20:31:54 +00:00
westi
1452266770
Mark kses callbacks as private. Fixes #7363 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-23 08:36:15 +00:00
azaozz
e13c015e92
kses - don't use create_function in preg_replace_callback. Fixes #7363 .
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 05:11:00 +00:00
azaozz
40abfce30c
kses - properly escape non-Unicode entities. Fixes #6583 . Props schiller.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 03:21:09 +00:00
azaozz
6c31b19627
Take first attribute and ignore later duplicate attributes. Fixes #6602 for trunk. Props schiller.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 01:12:49 +00:00
azaozz
eb1f1ece79
Prevent adjacent hyphens in a HTML/XML comment. Fixes #6642 for trunk. Props schiller.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@8382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 00:32:43 +00:00
ryan
d0e696c185
Allow lang and xml:lang for span. Props MtDewVirus. fixes #7003
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-20 23:56:28 +00:00
ryan
5f6bc326a4
Better protocol check from Łukasz Pilorz.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-18 01:53:36 +00:00
westi
7039083a89
Update the allowed attributes for html list elements. Fixes #6253 props andy and lloydbudd.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-16 22:16:27 +00:00
ryan
03170d477f
Use preg_replace_callback instead of 'e' modifier. see #5644
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-29 18:28:32 +00:00
ryan
6fe2cd5873
Use preg_replace_callback instead of 'e' modifier. see #5644
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@7106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-29 17:49:50 +00:00
ryan
0aee557b68
phpdoc for kses from darkdragon. fixes #5641
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@6630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-01-16 19:15:07 +00:00
ryan
076634d99b
Allow more tags in kses. Props lloydbudd. fixes #5617
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@6617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-01-14 23:56:53 +00:00
ryan
321c310717
Remove trailing whitespace
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@6026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-09-03 23:32:58 +00:00
markjaquith
b721942f26
Pass extra args to pre_kses hook. Props mdawaffe. see #4409
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-07-06 22:47:24 +00:00
markjaquith
2304077c2b
Entitize lone less-than characters. Props mdawaffe. fixes #4409
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-07-06 12:53:15 +00:00
ryan
2f09416258
Trim empty lines. Nothing but newline.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-14 02:25:30 +00:00
rob1n
0a8b69c947
Don't take out class attribute for <abbr />, for hReview. fixes #3420
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-04 03:52:11 +00:00
rob1n
2fff1e5671
Add lang and xml:lang attributes to allowed list for p, div and blockquote. fixes #4128
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-02 04:31:30 +00:00
rob1n
37745efcae
Spring cleaning, extreme edition.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-02 04:26:57 +00:00
rob1n
e5fb2523b4
Clean that mess up so it's more easily managed.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@5373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-02 04:17:43 +00:00
markjaquith
d99f7eaf96
Reverse backport (?) from 2.0.x of KSES filters
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@4654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-12-21 04:44:34 +00:00
ryan
832953ade7
Update allowed protocols. fixes #2726
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@4550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-11-30 01:50:48 +00:00
ryan
30af9648b5
Filter post_content_filtered
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@4533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-11-25 17:54:41 +00:00
ryan
619da18f1c
Bump kses to 0.2.2. Props westi. fixes #2661
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-07-05 22:40:05 +00:00
ryan
25c2dcac3c
More comment cookie sanitation.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-28 09:49:06 +00:00
ryan
672530a9da
Strip all html from comment author name, email, and url.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-28 04:22:24 +00:00
ryan
5322fc2faa
current user cleanup
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-22 19:08:55 +00:00
ryan
cb093369a1
Make the xmlrpc user the current user. fixes #2273
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-13 19:19:09 +00:00
ryan
558711072b
kses regex tweakage for better comment filtering. fixes #2130
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-13 07:28:47 +00:00
ryan
107326dcd9
Rerun comment text back through kses.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-10 01:27:36 +00:00
ryan
ea84ce4551
Pass comments through kses. Props tsimmons. fixes #2130 #2167
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@3417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-09 23:49:56 +00:00
ryan
85a85a8aaf
Filter title with kses. fixes #1788
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-10-25 14:46:23 +00:00
ryan
721b7746a2
Add ordered list tags to kses. fixes #1761
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-10-14 18:52:44 +00:00
ryan
e56c5d190d
Add kses_init_filters(). Call it when running importers.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-10-05 23:58:16 +00:00
matt
e2b904c714
Some of that really shouldn't be in posts.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-27 21:23:02 +00:00
matt
b226483656
We had reverted this fix from [1253]
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-26 16:06:58 +00:00
ryan
18c673c275
stripslashes before running kses. Props donncha. fixes #1697
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-21 16:35:35 +00:00
ryan
1d16b58059
Remove extra line. fixes #1694
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-21 02:38:47 +00:00
ryan
42d6530c36
Filter posts with kses for users who do not have the unfiltered_html cap. Props donncha. fixes #1674
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-20 22:18:47 +00:00
saxmatt
10792f3274
More filters and KSES cleanup.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-01-26 22:29:18 +00:00
saxmatt
f6d6435f63
User-generated rel attributes shouldn't be allowed in comments (doesn't make sense for any current uses of rel.)
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@2116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-01-21 07:53:02 +00:00
saxmatt
65bbec71d0
Comments refactoring and cleanup
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@1964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-12-16 02:57:05 +00:00
saxmatt
b4a1cc7ea4
Fix so KSES works with Japanese encoding.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@1253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-05-09 23:25:24 +00:00
saxmatt
cc421db53d
Add blockquote to tags allowed by default.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@1238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-05-07 23:30:44 +00:00
saxmatt
91b753594d
Logic error when checking for define.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-02-05 15:25:00 +00:00
saxmatt
ebf9f84acd
Let people override the allowedtags variable.
...
git-svn-id: http://svn.automattic.com/wordpress/trunk@832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-02-05 14:40:32 +00:00