kses - don't use create_function in preg_replace_callback. Fixes #7363.
git-svn-id: https://develop.svn.wordpress.org/trunk@8387 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Ozz
parent
11bac00854
commit
e5655cff31
@ -850,9 +850,9 @@ function wp_kses_bad_protocol_once($string, $allowed_protocols) {
|
|||||||
|
|
||||||
$string2 = preg_split('/:|:|:/i', $string, 2);
|
$string2 = preg_split('/:|:|:/i', $string, 2);
|
||||||
if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) )
|
if ( isset($string2[1]) && !preg_match('%/\?%', $string2[0]) )
|
||||||
$string = wp_kses_bad_protocol_once2($string2[0], $allowed_protocols) . trim($string2[1]);
|
$string = wp_kses_bad_protocol_once2($string2[0]) . trim($string2[1]);
|
||||||
else
|
else
|
||||||
$string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', create_function('$matches', 'global $_kses_allowed_protocols; return wp_kses_bad_protocol_once2($matches[1], $_kses_allowed_protocols);'), $string);
|
$string = preg_replace_callback('/^((&[^;]*;|[\sA-Za-z0-9])*)'.'(:|:|&#[Xx]3[Aa];)\s*/', 'wp_kses_bad_protocol_once2', $string);
|
||||||
|
|
||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
@ -865,11 +865,21 @@ function wp_kses_bad_protocol_once($string, $allowed_protocols) {
|
|||||||
*
|
*
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
*
|
*
|
||||||
* @param string $string Content to check for bad protocols
|
* @param mixed $matches string or preg_replace_callback() matches array to check for bad protocols
|
||||||
* @param array $allowed_protocols Allowed protocols
|
|
||||||
* @return string Sanitized content
|
* @return string Sanitized content
|
||||||
*/
|
*/
|
||||||
function wp_kses_bad_protocol_once2($string, $allowed_protocols) {
|
function wp_kses_bad_protocol_once2($matches) {
|
||||||
|
global $_kses_allowed_protocols;
|
||||||
|
|
||||||
|
if ( is_array($matches) ) {
|
||||||
|
if ( ! isset($matches[1]) || empty($matches[1]) )
|
||||||
|
return '';
|
||||||
|
|
||||||
|
$string = $matches[1];
|
||||||
|
} else {
|
||||||
|
$string = $matches;
|
||||||
|
}
|
||||||
|
|
||||||
$string2 = wp_kses_decode_entities($string);
|
$string2 = wp_kses_decode_entities($string);
|
||||||
$string2 = preg_replace('/\s/', '', $string2);
|
$string2 = preg_replace('/\s/', '', $string2);
|
||||||
$string2 = wp_kses_no_null($string2);
|
$string2 = wp_kses_no_null($string2);
|
||||||
@ -878,7 +888,7 @@ function wp_kses_bad_protocol_once2($string, $allowed_protocols) {
|
|||||||
$string2 = strtolower($string2);
|
$string2 = strtolower($string2);
|
||||||
|
|
||||||
$allowed = false;
|
$allowed = false;
|
||||||
foreach ($allowed_protocols as $one_protocol)
|
foreach ( (array) $_kses_allowed_protocols as $one_protocol)
|
||||||
if (strtolower($one_protocol) == $string2) {
|
if (strtolower($one_protocol) == $string2) {
|
||||||
$allowed = true;
|
$allowed = true;
|
||||||
break;
|
break;
|
||||||
@ -910,8 +920,8 @@ function wp_kses_normalize_entities($string) {
|
|||||||
# Change back the allowed entities in our entity whitelist
|
# Change back the allowed entities in our entity whitelist
|
||||||
|
|
||||||
$string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string);
|
$string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string);
|
||||||
$string = preg_replace_callback('/&#0*([0-9]{1,5});/', create_function('$matches', 'return wp_kses_normalize_entities2($matches[1]);'), $string);
|
$string = preg_replace_callback('/&#0*([0-9]{1,5});/', 'wp_kses_normalize_entities2', $string);
|
||||||
$string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', create_function('$matches', 'return wp_kses_normalize_entities3($matches[2]);'), $string);
|
$string = preg_replace_callback('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', 'wp_kses_normalize_entities3', $string);
|
||||||
|
|
||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
@ -924,11 +934,15 @@ function wp_kses_normalize_entities($string) {
|
|||||||
*
|
*
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
*
|
*
|
||||||
* @param int $i Number encoded entity
|
* @param array $matches preg_replace_callback() matches array
|
||||||
* @return string Correctly encoded entity
|
* @return string Correctly encoded entity
|
||||||
*/
|
*/
|
||||||
function wp_kses_normalize_entities2($i) {
|
function wp_kses_normalize_entities2($matches) {
|
||||||
return ( (!valid_unicode($i)) || ($i > 65535) ? "&#$i;" : "&#$i;");
|
if ( ! isset($matches[1]) || empty($matches[1]) )
|
||||||
|
return '';
|
||||||
|
|
||||||
|
$i = $matches[1];
|
||||||
|
return ( ( ! valid_unicode($i) ) || ($i > 65535) ? "&#$i;" : "&#$i;" );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -937,11 +951,15 @@ function wp_kses_normalize_entities2($i) {
|
|||||||
* This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities
|
* This function helps wp_kses_normalize_entities() to only accept valid Unicode numeric entities
|
||||||
* in hex form.
|
* in hex form.
|
||||||
*
|
*
|
||||||
* @param string $h Hex string of encoded entity
|
* @param array $matches preg_replace_callback() matches array
|
||||||
* @return string Correctly encoded entity
|
* @return string Correctly encoded entity
|
||||||
*/
|
*/
|
||||||
function wp_kses_normalize_entities3($hexchars) {
|
function wp_kses_normalize_entities3($matches) {
|
||||||
return ( (!valid_unicode(hexdec($hexchars))) ? "&#x$hexchars;" : "&#x$hexchars;");
|
if ( ! isset($matches[2]) || empty($matches[2]) )
|
||||||
|
return '';
|
||||||
|
|
||||||
|
$hexchars = $matches[2];
|
||||||
|
return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user