diff --git a/wp-includes/kses.php b/wp-includes/kses.php index bf963abe67..93fc9dd00b 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -971,11 +971,12 @@ function _wp_kses_split_callback( $match ) { function wp_kses_split2( $string, $allowed_html, $allowed_protocols ) { $string = wp_kses_stripslashes( $string ); + // It matched a ">" character. if ( substr( $string, 0, 1 ) != '<' ) { return '>'; } - // It matched a ">" character + // Allow HTML comments. if ( '' ), '', $string ); while ( $string != ( $newstring = wp_kses( $string, $allowed_html, $allowed_protocols ) ) ) { @@ -990,12 +991,11 @@ function wp_kses_split2( $string, $allowed_html, $allowed_protocols ) { $string = preg_replace( '/-$/', '', $string ); return ""; } - // Allow HTML comments + // It's seriously malformed. if ( ! preg_match( '%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches ) ) { return ''; } - // It's seriously malformed $slash = trim( $matches[1] ); $elem = $matches[2]; @@ -1005,15 +1005,15 @@ function wp_kses_split2( $string, $allowed_html, $allowed_protocols ) { $allowed_html = wp_kses_allowed_html( $allowed_html ); } + // They are using a not allowed HTML element. if ( ! isset( $allowed_html[ strtolower( $elem ) ] ) ) { return ''; } - // They are using a not allowed HTML element + // No attributes are allowed for closing elements. if ( $slash != '' ) { return ""; } - // No attributes are allowed for closing elements return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index 4045797f90..b49181b628 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '5.0-alpha-42711'; +$wp_version = '5.0-alpha-42712'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.