Introduce wp_kses_post() and wp_kses_data() for filtering unescaped data. Fixes slashing of displayed fields. fixes #10949
git-svn-id: http://svn.automattic.com/wordpress/trunk@12125 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
f089f96723
commit
4ec1d4bc32
|
@ -26,11 +26,16 @@ foreach ( array( 'term_name', 'comment_author_name', 'link_name', 'link_target',
|
||||||
add_filter( $filter, '_wp_specialchars', 30 );
|
add_filter( $filter, '_wp_specialchars', 30 );
|
||||||
}
|
}
|
||||||
|
|
||||||
// Kses only for textarea saves and displays
|
// Kses only for textarea saves
|
||||||
foreach ( array( 'pre_term_description', 'term_description', 'pre_link_description', 'link_description', 'pre_link_notes', 'link_notes', 'pre_user_description', 'user_description' ) as $filter ) {
|
foreach ( array( 'pre_term_description', 'pre_link_description', 'pre_link_notes', 'pre_user_description' ) as $filter ) {
|
||||||
add_filter( $filter, 'wp_filter_kses' );
|
add_filter( $filter, 'wp_filter_kses' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Kses only for textarea saves displays
|
||||||
|
foreach ( array( 'term_description', 'link_description', 'link_notes', 'user_description' ) as $filter ) {
|
||||||
|
add_filter( $filter, 'wp_kses_data' );
|
||||||
|
}
|
||||||
|
|
||||||
// Email saves
|
// Email saves
|
||||||
foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
|
foreach ( array( 'pre_comment_author_email', 'pre_user_email' ) as $filter ) {
|
||||||
add_filter( $filter, 'trim' );
|
add_filter( $filter, 'trim' );
|
||||||
|
|
|
@ -1059,7 +1059,7 @@ function _wp_kses_decode_entities_chr_hexdec( $match ) {
|
||||||
* @since 1.0.0
|
* @since 1.0.0
|
||||||
* @uses $allowedtags
|
* @uses $allowedtags
|
||||||
*
|
*
|
||||||
* @param string $data Content to filter
|
* @param string $data Content to filter, expected to be escaped with slashes
|
||||||
* @return string Filtered content
|
* @return string Filtered content
|
||||||
*/
|
*/
|
||||||
function wp_filter_kses($data) {
|
function wp_filter_kses($data) {
|
||||||
|
@ -1067,6 +1067,20 @@ function wp_filter_kses($data) {
|
||||||
return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );
|
return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sanitize content with allowed HTML Kses rules.
|
||||||
|
*
|
||||||
|
* @since 2.9.0
|
||||||
|
* @uses $allowedtags
|
||||||
|
*
|
||||||
|
* @param string $data Content to filter, expected to not be escaped
|
||||||
|
* @return string Filtered content
|
||||||
|
*/
|
||||||
|
function wp_kses_data($data) {
|
||||||
|
global $allowedtags;
|
||||||
|
return wp_kses( $data , $allowedtags );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sanitize content for allowed HTML tags for post content.
|
* Sanitize content for allowed HTML tags for post content.
|
||||||
*
|
*
|
||||||
|
@ -1076,7 +1090,7 @@ function wp_filter_kses($data) {
|
||||||
* @since 2.0.0
|
* @since 2.0.0
|
||||||
* @uses $allowedposttags
|
* @uses $allowedposttags
|
||||||
*
|
*
|
||||||
* @param string $data Post content to filter
|
* @param string $data Post content to filter, expected to be escaped with slashes
|
||||||
* @return string Filtered post content with allowed HTML tags and attributes intact.
|
* @return string Filtered post content with allowed HTML tags and attributes intact.
|
||||||
*/
|
*/
|
||||||
function wp_filter_post_kses($data) {
|
function wp_filter_post_kses($data) {
|
||||||
|
@ -1084,6 +1098,23 @@ function wp_filter_post_kses($data) {
|
||||||
return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
|
return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sanitize content for allowed HTML tags for post content.
|
||||||
|
*
|
||||||
|
* Post content refers to the page contents of the 'post' type and not $_POST
|
||||||
|
* data from forms.
|
||||||
|
*
|
||||||
|
* @since 2.9.0
|
||||||
|
* @uses $allowedposttags
|
||||||
|
*
|
||||||
|
* @param string $data Post content to filter
|
||||||
|
* @return string Filtered post content with allowed HTML tags and attributes intact.
|
||||||
|
*/
|
||||||
|
function wp_kses_post($data) {
|
||||||
|
global $allowedposttags;
|
||||||
|
return wp_kses( $data , $allowedposttags );
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Strips all of the HTML in the content.
|
* Strips all of the HTML in the content.
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in New Issue