Commit Graph

232 Commits

Author SHA1 Message Date
ryan 81cd855720 Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). Props Mauro Gentile, duck_, miqrogroove
git-svn-id: http://svn.automattic.com/wordpress/trunk@17171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-29 20:45:37 +00:00
ryan 4f9846e1f3 Don't be so sensitive.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-12-23 15:26:49 +00:00
nacin 5f4a583fb1 Remove more create_function calls. props huichen, see #14424.
git-svn-id: http://svn.automattic.com/wordpress/trunk@16313 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-11-11 22:50:36 +00:00
ryan 44e222d5ae Add equal sign to blacklist. Props Pádraic Brady. for 3.1
git-svn-id: http://svn.automattic.com/wordpress/trunk@15383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-07-12 14:30:39 +00:00
ryan ffba502e8c Don't use deprecated function. Blacklist curlies.
git-svn-id: http://svn.automattic.com/wordpress/trunk@15356 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-06-30 17:46:37 +00:00
markjaquith 0c1ce4e9bc Add some new protocols for KSES. Make the list of protocols filterable. Start esc_url() with the same list. fixes #10914. props technosailor
git-svn-id: http://svn.automattic.com/wordpress/trunk@14412 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 21:20:20 +00:00
nacin 0cd84fba21 Add HTML 5 elements to kses, first pass. props rmccue. see #12835.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-05-03 20:34:49 +00:00
nacin 30d6eb32c6 Remove redundant isset() and empty() checks.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13770 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-19 21:29:21 +00:00
ryan 624731b93f Fix numeric entity logic in kses. Props miqrogroove. see #12284
git-svn-id: http://svn.automattic.com/wordpress/trunk@13648 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-10 18:45:28 +00:00
westi 3775882493 Improve kses handling of attributes in valid XHTML self closed img tags. Fixes #12394 props dougal.
git-svn-id: http://svn.automattic.com/wordpress/trunk@13561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-03-02 22:11:08 +00:00
nacin 8bcc5969dc Spelling and grammar fun. Fixes #11875 props cnorris23
git-svn-id: http://svn.automattic.com/wordpress/trunk@13382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 20:13:23 +00:00
nacin cddfbdd914 Coil the kses entities whitelist. See #12284
git-svn-id: http://svn.automattic.com/wordpress/trunk@13363 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 07:33:14 +00:00
ryan 0a81feaaeb Whitelist entities. Props miqrogroove. see #12284
git-svn-id: http://svn.automattic.com/wordpress/trunk@13358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-02-24 05:37:20 +00:00
westi bf4a5241e1 Add missing version numbers to _deprecated_argument() calls.
Remove deprecated argument from xfn_check() calls.
Pass version number to deprecated_file_included, deprecated_function_run and deprecated_argument_run actions.
Fixes #11386 props nacin.

git-svn-id: http://svn.automattic.com/wordpress/trunk@12680 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-01-09 10:03:55 +00:00
westi ff7831207c Updates and improvements to _depreceated_argument. See #11386 props nacin.
git-svn-id: http://svn.automattic.com/wordpress/trunk@12584 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-12-30 16:23:39 +00:00
ryan cdf11d3479 Allow 0xAD in URI attributes. Props nbachiyski. fixes #9823 #10859
git-svn-id: http://svn.automattic.com/wordpress/trunk@12199 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-11-17 20:18:48 +00:00
ryan 4ec1d4bc32 Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data. Fixes slashing of displayed fields. fixes #10949
git-svn-id: http://svn.automattic.com/wordpress/trunk@12125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-10-29 17:15:58 +00:00
ryan 8e3808bce2 Remove trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@11930 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-14 14:03:32 +00:00
azaozz 613aeb5316 Do not use lambda functions in wp_kses_decode_entities(), props mdawaffe, fixes #10623
git-svn-id: http://svn.automattic.com/wordpress/trunk@11828 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-08-16 05:58:39 +00:00
azaozz 49f9fb716c Fix deprecated arg. in safecss_filter_attr(), for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@11699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-08 09:54:34 +00:00
ryan df5809a0cc Allow class, id, and style on headers. Props matt.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11692 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-06 14:37:48 +00:00
azaozz e0e697974e Inline CSS filter for kses, for trunk, fixes #10336
git-svn-id: http://svn.automattic.com/wordpress/trunk@11689 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-07-04 04:49:39 +00:00
ryan 44777c3352 Revert accidental fxn rename
git-svn-id: http://svn.automattic.com/wordpress/trunk@11212 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 23:32:16 +00:00
markjaquith 6c2ffddf31 _a(), _ea(), _xa(), attr() are now esc_attr__(), esc_attr_e(), esc_attr_x(), esc_attr() -- still short, but less cryptic. see #9650
git-svn-id: http://svn.automattic.com/wordpress/trunk@11204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-05-05 19:43:53 +00:00
ryan 0858d9b0c2 Use preg_replace_callback instead of preg_replace with eval. Props beaulebens. see #8689
git-svn-id: http://svn.automattic.com/wordpress/trunk@10339 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-01-09 19:29:35 +00:00
ryan e89192b1a8 Strip trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@10150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-12-09 18:03:31 +00:00
westi 3ba1e08741 phpDoc corrections for KSES. Fixes #7550 props jacobsantos.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-09-06 06:53:45 +00:00
ryan 3911137835 Apply kses bad-protocol checks only to URI typed attributes. Props takayukister. fixes #5917 #6888 #6910 #7512
git-svn-id: http://svn.automattic.com/wordpress/trunk@8671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-19 18:43:21 +00:00
markjaquith 74c46749cb Cast to array when using foreach(). Props santosj (and thanks for your perseverance!). fixes #2784
git-svn-id: http://svn.automattic.com/wordpress/trunk@8572 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-08-06 20:31:54 +00:00
westi 1452266770 Mark kses callbacks as private. Fixes #7363.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8410 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-23 08:36:15 +00:00
azaozz e13c015e92 kses - don't use create_function in preg_replace_callback. Fixes #7363.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 05:11:00 +00:00
azaozz 40abfce30c kses - properly escape non-Unicode entities. Fixes #6583. Props schiller.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8386 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 03:21:09 +00:00
azaozz 6c31b19627 Take first attribute and ignore later duplicate attributes. Fixes #6602 for trunk. Props schiller.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8384 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 01:12:49 +00:00
azaozz eb1f1ece79 Prevent adjacent hyphens in a HTML/XML comment. Fixes #6642 for trunk. Props schiller.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-07-21 00:32:43 +00:00
ryan d0e696c185 Allow lang and xml:lang for span. Props MtDewVirus. fixes #7003
git-svn-id: http://svn.automattic.com/wordpress/trunk@7969 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-05-20 23:56:28 +00:00
ryan 5f6bc326a4 Better protocol check from Łukasz Pilorz.
git-svn-id: http://svn.automattic.com/wordpress/trunk@7370 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-18 01:53:36 +00:00
westi 7039083a89 Update the allowed attributes for html list elements. Fixes #6253 props andy and lloydbudd.
git-svn-id: http://svn.automattic.com/wordpress/trunk@7337 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-03-16 22:16:27 +00:00
ryan 03170d477f Use preg_replace_callback instead of 'e' modifier. see #5644
git-svn-id: http://svn.automattic.com/wordpress/trunk@7107 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-29 18:28:32 +00:00
ryan 6fe2cd5873 Use preg_replace_callback instead of 'e' modifier. see #5644
git-svn-id: http://svn.automattic.com/wordpress/trunk@7106 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-02-29 17:49:50 +00:00
ryan 0aee557b68 phpdoc for kses from darkdragon. fixes #5641
git-svn-id: http://svn.automattic.com/wordpress/trunk@6630 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-01-16 19:15:07 +00:00
ryan 076634d99b Allow more tags in kses. Props lloydbudd. fixes #5617
git-svn-id: http://svn.automattic.com/wordpress/trunk@6617 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2008-01-14 23:56:53 +00:00
ryan 321c310717 Remove trailing whitespace
git-svn-id: http://svn.automattic.com/wordpress/trunk@6026 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-09-03 23:32:58 +00:00
markjaquith b721942f26 Pass extra args to pre_kses hook. Props mdawaffe. see #4409
git-svn-id: http://svn.automattic.com/wordpress/trunk@5787 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-07-06 22:47:24 +00:00
markjaquith 2304077c2b Entitize lone less-than characters. Props mdawaffe. fixes #4409
git-svn-id: http://svn.automattic.com/wordpress/trunk@5783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-07-06 12:53:15 +00:00
ryan 2f09416258 Trim empty lines. Nothing but newline.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5700 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-06-14 02:25:30 +00:00
rob1n 0a8b69c947 Don't take out class attribute for <abbr />, for hReview. fixes #3420
git-svn-id: http://svn.automattic.com/wordpress/trunk@5383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-04 03:52:11 +00:00
rob1n 2fff1e5671 Add lang and xml:lang attributes to allowed list for p, div and blockquote. fixes #4128
git-svn-id: http://svn.automattic.com/wordpress/trunk@5375 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-02 04:31:30 +00:00
rob1n 37745efcae Spring cleaning, extreme edition.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5374 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-02 04:26:57 +00:00
rob1n e5fb2523b4 Clean that mess up so it's more easily managed.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5373 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2007-05-02 04:17:43 +00:00
markjaquith d99f7eaf96 Reverse backport (?) from 2.0.x of KSES filters
git-svn-id: http://svn.automattic.com/wordpress/trunk@4654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-12-21 04:44:34 +00:00
ryan 832953ade7 Update allowed protocols. fixes #2726
git-svn-id: http://svn.automattic.com/wordpress/trunk@4550 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-11-30 01:50:48 +00:00
ryan 30af9648b5 Filter post_content_filtered
git-svn-id: http://svn.automattic.com/wordpress/trunk@4533 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-11-25 17:54:41 +00:00
ryan 619da18f1c Bump kses to 0.2.2. Props westi. fixes #2661
git-svn-id: http://svn.automattic.com/wordpress/trunk@3989 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-07-05 22:40:05 +00:00
ryan 25c2dcac3c More comment cookie sanitation.
git-svn-id: http://svn.automattic.com/wordpress/trunk@3577 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-28 09:49:06 +00:00
ryan 672530a9da Strip all html from comment author name, email, and url.
git-svn-id: http://svn.automattic.com/wordpress/trunk@3574 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-28 04:22:24 +00:00
ryan 5322fc2faa current user cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@3566 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-02-22 19:08:55 +00:00
ryan cb093369a1 Make the xmlrpc user the current user. fixes #2273
git-svn-id: http://svn.automattic.com/wordpress/trunk@3430 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-13 19:19:09 +00:00
ryan 558711072b kses regex tweakage for better comment filtering. fixes #2130
git-svn-id: http://svn.automattic.com/wordpress/trunk@3429 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-13 07:28:47 +00:00
ryan 107326dcd9 Rerun comment text back through kses.
git-svn-id: http://svn.automattic.com/wordpress/trunk@3418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-10 01:27:36 +00:00
ryan ea84ce4551 Pass comments through kses. Props tsimmons. fixes #2130 #2167
git-svn-id: http://svn.automattic.com/wordpress/trunk@3417 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-01-09 23:49:56 +00:00
ryan 85a85a8aaf Filter title with kses. fixes #1788
git-svn-id: http://svn.automattic.com/wordpress/trunk@2963 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-10-25 14:46:23 +00:00
ryan 721b7746a2 Add ordered list tags to kses. fixes #1761
git-svn-id: http://svn.automattic.com/wordpress/trunk@2950 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-10-14 18:52:44 +00:00
ryan e56c5d190d Add kses_init_filters(). Call it when running importers.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-10-05 23:58:16 +00:00
matt e2b904c714 Some of that really shouldn't be in posts.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2924 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-27 21:23:02 +00:00
matt b226483656 We had reverted this fix from [1253]
git-svn-id: http://svn.automattic.com/wordpress/trunk@2919 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-26 16:06:58 +00:00
ryan 18c673c275 stripslashes before running kses. Props donncha. fixes #1697
git-svn-id: http://svn.automattic.com/wordpress/trunk@2902 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-21 16:35:35 +00:00
ryan 1d16b58059 Remove extra line. fixes #1694
git-svn-id: http://svn.automattic.com/wordpress/trunk@2899 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-21 02:38:47 +00:00
ryan 42d6530c36 Filter posts with kses for users who do not have the unfiltered_html cap. Props donncha. fixes #1674
git-svn-id: http://svn.automattic.com/wordpress/trunk@2896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-09-20 22:18:47 +00:00
saxmatt 10792f3274 More filters and KSES cleanup.
git-svn-id: http://svn.automattic.com/wordpress/trunk@2151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-01-26 22:29:18 +00:00
saxmatt f6d6435f63 User-generated rel attributes shouldn't be allowed in comments (doesn't make sense for any current uses of rel.)
git-svn-id: http://svn.automattic.com/wordpress/trunk@2116 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2005-01-21 07:53:02 +00:00
saxmatt 65bbec71d0 Comments refactoring and cleanup
git-svn-id: http://svn.automattic.com/wordpress/trunk@1964 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-12-16 02:57:05 +00:00
saxmatt b4a1cc7ea4 Fix so KSES works with Japanese encoding.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-05-09 23:25:24 +00:00
saxmatt cc421db53d Add blockquote to tags allowed by default.
git-svn-id: http://svn.automattic.com/wordpress/trunk@1238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-05-07 23:30:44 +00:00
saxmatt 91b753594d Logic error when checking for define.
git-svn-id: http://svn.automattic.com/wordpress/trunk@834 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-02-05 15:25:00 +00:00
saxmatt ebf9f84acd Let people override the allowedtags variable.
git-svn-id: http://svn.automattic.com/wordpress/trunk@832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-02-05 14:40:32 +00:00
saxmatt 28298145c8 Tag cleanup.
git-svn-id: http://svn.automattic.com/wordpress/trunk@767 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-01-12 22:09:07 +00:00
emc3 6f5b19cc85 Added a few tags. Pretty formatting.
git-svn-id: http://svn.automattic.com/wordpress/trunk@766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-01-12 18:15:09 +00:00
saxmatt 119f72da24 KSES fixes.
git-svn-id: http://svn.automattic.com/wordpress/trunk@731 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-01-07 01:28:30 +00:00
saxmatt f4e3970ec1 Comment_allowed_tags fixup.
git-svn-id: http://svn.automattic.com/wordpress/trunk@709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-01-03 23:48:16 +00:00
saxmatt 3a2f87a2d4 KSES fixes.
git-svn-id: http://svn.automattic.com/wordpress/trunk@663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2003-12-30 08:34:57 +00:00
saxmatt 52e1d45f45 Add kses HTML cleaning to comment functions.
git-svn-id: http://svn.automattic.com/wordpress/trunk@650 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2003-12-24 20:43:04 +00:00
saxmatt 3f71149d19 Add kses HTML cleaning.
git-svn-id: http://svn.automattic.com/wordpress/trunk@649 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2003-12-23 22:09:02 +00:00