From 35657e8988e66d8bcbfd81ea9dccfe62bc18ac93 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Tue, 19 Aug 2008 18:43:21 +0000
Subject: [PATCH] Apply kses bad-protocol checks only to URI typed attributes. 
 Props takayukister.  fixes #5917 #6888 #6910 #7512

git-svn-id: https://develop.svn.wordpress.org/trunk@8671 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/kses.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index af5892b959..429d1b2794 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -551,6 +551,7 @@ function wp_kses_hair($attr, $allowed_protocols) {
 	$attrarr = array ();
 	$mode = 0;
 	$attrname = '';
+	$uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
 
 	# Loop through the whole attribute list
 
@@ -595,7 +596,9 @@ function wp_kses_hair($attr, $allowed_protocols) {
 				if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match))
 					# "value"
 					{
-					$thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
+					$thisval = $match[1];
+					if ( in_array($attrname, $uris) )		
+						$thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
 
 					if(FALSE === array_key_exists($attrname, $attrarr)) {
 						$attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
@@ -609,7 +612,9 @@ function wp_kses_hair($attr, $allowed_protocols) {
 				if (preg_match("/^'([^']*)'(\s+|$)/", $attr, $match))
 					# 'value'
 					{
-					$thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
+					$thisval = $match[1];
+					if ( in_array($attrname, $uris) )		
+						$thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
 
 					if(FALSE === array_key_exists($attrname, $attrarr)) {
 						$attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
@@ -623,7 +628,9 @@ function wp_kses_hair($attr, $allowed_protocols) {
 				if (preg_match("%^([^\s\"']+)(\s+|$)%", $attr, $match))
 					# value
 					{
-					$thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
+					$thisval = $match[1];
+					if ( in_array($attrname, $uris) )		
+						$thisval = wp_kses_bad_protocol($thisval, $allowed_protocols);
 
 					if(FALSE === array_key_exists($attrname, $attrarr)) {
 						$attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');