golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

kses optimizations. Props duck_. fixes #17045 

git-svn-id: http://svn.automattic.com/wordpress/trunk@17730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2011-04-27 21:50:39 +00:00
parent 5628ced76f
commit c5fb371ec6
1 changed files with 18 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
wp-includes/kses.php
View File

@ -554,7 +554,7 @@ function wp_kses_split($string, $allowed_html, $allowed_protocols) {
global $pass_allowed_html, $pass_allowed_protocols; global $pass_allowed_html, $pass_allowed_protocols;
$pass_allowed_html = $allowed_html; $pass_allowed_html = $allowed_html;
$pass_allowed_protocols = $allowed_protocols; $pass_allowed_protocols = $allowed_protocols;
return preg_replace_callback( '%((<!--.*?(-->|$))|(<[^>]*(>|$)|>))%', '_wp_kses_split_callback', $string ); return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', '_wp_kses_split_callback', $string );
} }
/** /**
@ -565,7 +565,7 @@ function wp_kses_split($string, $allowed_html, $allowed_protocols) {
*/ */
function _wp_kses_split_callback( $match ) { function _wp_kses_split_callback( $match ) {
global $pass_allowed_html, $pass_allowed_protocols; global $pass_allowed_html, $pass_allowed_protocols;
return wp_kses_split2( $match[1], $pass_allowed_html, $pass_allowed_protocols ); return wp_kses_split2( $match[0], $pass_allowed_html, $pass_allowed_protocols );
} }
/** /**
@ -596,9 +596,9 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
return '&gt;'; return '&gt;';
# It matched a ">" character # It matched a ">" character
if (preg_match('%^<!--(.*?)(-->)?$%', $string, $matches)) { if ( '<!--' == substr( $string, 0, 4 ) ) {
$string = str_replace(array('<!--', '-->'), '', $matches[1]); $string = str_replace( array('<!--', '-->'), '', $string );
while ( $string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols) ) while ( $string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols)) )
$string = $newstring; $string = $newstring;
if ( $string == '' ) if ( $string == '' )
return ''; return '';
@ -618,15 +618,15 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
$elem = $matches[2]; $elem = $matches[2];
$attrlist = $matches[3]; $attrlist = $matches[3];
if (!@isset($allowed_html[strtolower($elem)])) if ( ! isset($allowed_html[strtolower($elem)]) )
return ''; return '';
# They are using a not allowed HTML element # They are using a not allowed HTML element
if ($slash != '') if ($slash != '')
return "<$slash$elem>"; return "</$elem>";
# No attributes are allowed for closing elements # No attributes are allowed for closing elements
return wp_kses_attr("$slash$elem", $attrlist, $allowed_html, $allowed_protocols); return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
} }
/** /**
@ -654,50 +654,47 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
$xhtml_slash = ' /'; $xhtml_slash = ' /';
# Are any attributes allowed at all for this element? # Are any attributes allowed at all for this element?
if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 )
if (@ count($allowed_html[strtolower($element)]) == 0)
return "<$element$xhtml_slash>"; return "<$element$xhtml_slash>";
# Split it # Split it
$attrarr = wp_kses_hair($attr, $allowed_protocols); $attrarr = wp_kses_hair($attr, $allowed_protocols);
# Go through $attrarr, and save the allowed attributes for this element # Go through $attrarr, and save the allowed attributes for this element
# in $attr2 # in $attr2
$attr2 = ''; $attr2 = '';
$allowed_attr = $allowed_html[strtolower($element)];
foreach ($attrarr as $arreach) { foreach ($attrarr as $arreach) {
if (!@ isset ($allowed_html[strtolower($element)][strtolower($arreach['name'])])) if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) )
continue; # the attribute is not allowed continue; # the attribute is not allowed
$current = $allowed_html[strtolower($element)][strtolower($arreach['name'])]; $current = $allowed_attr[strtolower($arreach['name'])];
if ($current == '') if ( $current == '' )
continue; # the attribute is not allowed continue; # the attribute is not allowed
if (!is_array($current)) if ( ! is_array($current) ) {
$attr2 .= ' '.$arreach['whole']; $attr2 .= ' '.$arreach['whole'];
# there are no checks # there are no checks
else { } else {
# there are some checks # there are some checks
$ok = true; $ok = true;
foreach ($current as $currkey => $currval) foreach ($current as $currkey => $currval) {
if (!wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval)) { if ( ! wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval) ) {
$ok = false; $ok = false;
break; break;
} }
}
if ( strtolower($arreach['name']) == 'style' ) { if ( strtolower($arreach['name']) == 'style' ) {
$orig_value = $arreach['value']; $orig_value = $arreach['value'];
$value = safecss_filter_attr($orig_value); $value = safecss_filter_attr($orig_value);
if ( empty($value) ) if ( empty($value) )
continue; continue;
$arreach['value'] = $value; $arreach['value'] = $value;
$arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']); $arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']);
} }
@ -707,7 +704,6 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
} # foreach } # foreach
# Remove any "<" or ">" characters # Remove any "<" or ">" characters
$attr2 = preg_replace('/[<>]/', '', $attr2); $attr2 = preg_replace('/[<>]/', '', $attr2);
return "<$element$attr2$xhtml_slash>"; return "<$element$attr2$xhtml_slash>";