Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data. Fixes slashing of displayed fields. fixes #10949

git-svn-id: http://svn.automattic.com/wordpress/trunk@12125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-10-29 17:15:58 +00:00
parent f089f96723
commit 4ec1d4bc32
2 changed files with 40 additions and 4 deletions

View File

@ -26,11 +26,16 @@ foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target',
add_filter( $filter, '_wp_specialchars', 30 );
}
// Kses only for textarea saves and displays
foreach ( array( 'pre_term_description', 'term_description', 'pre_link_description', 'link_description', 'pre_link_notes', 'link_notes', 'pre_user_description', 'user_description' ) as $filter ) {
// Kses only for textarea saves
foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
add_filter( $filter, 'wp_filter_kses' );
}
// Kses only for textarea saves displays
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
add_filter( $filter, 'wp_kses_data' );
}
// Email saves
foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
add_filter( $filter, 'trim' );

View File

@ -1059,7 +1059,7 @@ function _wp_kses_decode_entities_chr_hexdec( $match ) {
* @since 1.0.0
* @uses $allowedtags
*
* @param string $data Content to filter
* @param string $data Content to filter, expected to be escaped with slashes
* @return string Filtered content
*/
function wp_filter_kses($data) {
@ -1067,6 +1067,20 @@ function wp_filter_kses($data) {
return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );
}
/**
* Sanitize content with allowed HTML Kses rules.
*
* @since 2.9.0
* @uses $allowedtags
*
* @param string $data Content to filter, expected to not be escaped
* @return string Filtered content
*/
function wp_kses_data($data) {
global $allowedtags;
return wp_kses( $data , $allowedtags );
}
/**
* Sanitize content for allowed HTML tags for post content.
*
@ -1076,7 +1090,7 @@ function wp_filter_kses($data) {
* @since 2.0.0
* @uses $allowedposttags
*
* @param string $data Post content to filter
* @param string $data Post content to filter, expected to be escaped with slashes
* @return string Filtered post content with allowed HTML tags and attributes intact.
*/
function wp_filter_post_kses($data) {
@ -1084,6 +1098,23 @@ function wp_filter_post_kses($data) {
return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
}
/**
* Sanitize content for allowed HTML tags for post content.
*
* Post content refers to the page contents of the 'post' type and not $_POST
* data from forms.
*
* @since 2.9.0
* @uses $allowedposttags
*
* @param string $data Post content to filter
* @return string Filtered post content with allowed HTML tags and attributes intact.
*/
function wp_kses_post($data) {
global $allowedposttags;
return wp_kses( $data , $allowedposttags );
}
/**
* Strips all of the HTML in the content.
*