kses - don't use create_function in preg_replace_callback. Fixes #7363.
git-svn-id: http://svn.automattic.com/wordpress/trunk@8387 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
azaozz
parent
40abfce30c
commit
e13c015e92
|
|
@ -850,9 +850,9 @@ function wp_kses_bad_protocol_once($string, $allowed_protocols) {
|
|||
|
||||
$string2 = preg_split('/:|:|:/i', $string, 2);
|
||||
if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) )
|
||||
$string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]);
|
||||
$string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]);
|
||||
else
|
||||
$string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string);
|
||||
$string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string);
|
||||
|
||||
return $string;
|
||||
}
|
||||
|
|
@ -865,11 +865,21 @@ function wp_kses_bad_protocol_once($string, $allowed_protocols) {
|
|||
*
|
||||
* @since 1.0.0
|
||||
*
|
||||
* @param string $string Content to check for bad protocols
|
||||
* @param array $allowed_protocols Allowed protocols
|
||||
* @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols
|
||||
* @return string Sanitized content
|
||||
*/
|
||||
function wp_kses_bad_protocol_once2($string, $allowed_protocols) {
|
||||
function wp_kses_bad_protocol_once2($matches) {
|
||||
global $_kses_allowed_protocols;
|
||||
|
||||
if ( is_array($matches) ) {
|
||||
if ( ! isset($matches[1]) || empty($matches[1]) )
|
||||
return '';
|
||||
|
||||
$string = $matches[1];
|
||||
} else {
|
||||
$string = $matches;
|
||||
}
|
||||
|
||||
$string2 = wp_kses_decode_entities($string);
|
||||
$string2 = preg_replace('/\s/', '', $string2);
|
||||
$string2 = wp_kses_no_null($string2);
|
||||
|
|
@ -878,7 +888,7 @@ function wp_kses_bad_protocol_once2($string, $allowed_protocols) {
|
|||
$string2 = strtolower($string2);
|
||||
|
||||
$allowed = false;
|
||||
foreach ($allowed_protocols as $one_protocol)
|
||||
foreach ( (array) $_kses_allowed_protocols as $one_protocol)
|
||||
if (strtolower($one_protocol) == $string2) {
|
||||
$allowed = true;
|
||||
break;
|
||||
|
|
@ -910,8 +920,8 @@ function wp_kses_normalize_entities($string) {
|
|||
# Change back the allowed entities in our entity whitelist
|
||||
|
||||
$string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string);
|
||||
$string = preg_replace_callback('/&#0*([0-9]{1,5});/', create_function('$matches', 'return wp_kses_normalize_entities2($matches[1]);'), $string);
|
||||
$string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', create_function('$matches', 'return wp_kses_normalize_entities3($matches[2]);'), $string);
|
||||
$string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);
|
||||
$string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);
|
||||
|
||||
return $string;
|
||||
}
|
||||
|
|
@ -924,11 +934,15 @@ function wp_kses_normalize_entities($string) {
|
|||
*
|
||||
* @since 1.0.0
|
||||
*
|
||||
* @param int $i Number encoded entity
|
||||
* @param array $matches preg_replace_callback() matches array
|
||||
* @return string Correctly encoded entity
|
||||
*/
|
||||
function wp_kses_normalize_entities2($i) {
|
||||
return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;");
|
||||
function wp_kses_normalize_entities2($matches) {
|
||||
if ( ! isset($matches[1]) || empty($matches[1]) )
|
||||
return '';
|
||||
|
||||
$i = $matches[1];
|
||||
return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -937,11 +951,15 @@ function wp_kses_normalize_entities2($i) {
|
|||
* This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities
|
||||
* in hex form.
|
||||
*
|
||||
* @param string $h Hex string of encoded entity
|
||||
* @param array $matches preg_replace_callback() matches array
|
||||
* @return string Correctly encoded entity
|
||||
*/
|
||||
function wp_kses_normalize_entities3($hexchars) {
|
||||
return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;");
|
||||
function wp_kses_normalize_entities3($matches) {
|
||||
if ( ! isset($matches[2]) || empty($matches[2]) )
|
||||
return '';
|
||||
|
||||
$hexchars = $matches[2];
|
||||
return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue