<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[21790] trunk/wp-includes/kses.php: * Introduce wp_kses_allowed_html() which accepts a context string and returns an array of allowed tags.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg > ul, #logmsg > ol { margin-left: 0; margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://core.trac.wordpress.org/changeset/21790">21790</a></dd>
<dt>Author</dt> <dd>ryan</dd>
<dt>Date</dt> <dd>2012-09-10 16:19:54 +0000 (Mon, 10 Sep 2012)</dd>
</dl>
<h3>Log Message</h3>
<pre> * Introduce wp_kses_allowed_html() which accepts a context string and returns an array of allowed tags.
* Remove explicit declarations of class, id, style, and title from $allowedposttags
* Dynamicallly add global attributes to every tag for the 'post' context
* No longer calls wp_kses_array_lc() every time wp_kses() runs. Instead it runs once if CUSTOM_TAGS is true. Plugins directly passing a custom allowed_html array will no longer get the lc treatment. Keep an eye out for problems with this.
* wp_kses_data() and wp_filter_kses() pass current_filter() for the $allowed_html argument to wp_kses().
* wp_kses_allowed_html() handles being passed a filter name for a context. If the filter is not a recognized one it defaults to using $allowedtags as was done before for wp_kses_data() and wp_filter_kses().
* wp_kses_allowed_html() recognizes user_description and pre_user_description out of the box. For these it takes $allowedtags and inserts rel attribute support.
* wp_kses_allowed_html() allows plugins to override the return values for the default contexts and support arbitrary contexts via a wp_kses_allowed_html filter.
* wp_kses_hook() can now pass a string context for $allowed_html to the pre_kses filter. We might have to pass the result of wp_kses_allowed_html() instead if it turns out that plugins are digging in $allowed_html.
fixes <a href="http://core.trac.wordpress.org/ticket/17977">#17977</a>
see <a href="http://core.trac.wordpress.org/ticket/20210">#20210</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpincludesksesphp">trunk/wp-includes/kses.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpincludesksesphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-includes/kses.php (21789 => 21790)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-includes/kses.php 2012-09-08 04:58:34 UTC (rev 21789)
+++ trunk/wp-includes/kses.php 2012-09-10 16:19:54 UTC (rev 21790)
</span><span class="lines">@@ -51,50 +51,42 @@
</span><span class="cx"> $allowedposttags = array(
</span><span class="cx"> 'address' => array(),
</span><span class="cx"> 'a' => array(
</span><del>- 'class' => true,
</del><span class="cx"> 'href' => true,
</span><del>- 'id' => true,
- 'title' => true,
</del><span class="cx"> 'rel' => true,
</span><span class="cx"> 'rev' => true,
</span><span class="cx"> 'name' => true,
</span><span class="cx"> 'target' => true,
</span><span class="cx"> ),
</span><del>- 'abbr' => array(
- 'class' => true,
- 'title' => true,
</del><ins>+ 'abbr' => array(),
+ 'acronym' => array(),
+ 'area' => array(
+ 'alt' => true,
+ 'coords' => true,
+ 'href' => true,
+ 'nohref' => true,
+ 'shape' => true,
+ 'target' => true,
</ins><span class="cx"> ),
</span><del>- 'acronym' => array(
- 'title' => true,
- ),
</del><span class="cx"> 'article' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'aside' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'b' => array(),
</span><span class="cx"> 'big' => array(),
</span><span class="cx"> 'blockquote' => array(
</span><del>- 'id' => true,
</del><span class="cx"> 'cite' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'lang' => true,
</span><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><del>- 'br' => array (
- 'class' => true,
- ),
</del><ins>+ 'br' => array(),
</ins><span class="cx"> 'button' => array(
</span><span class="cx"> 'disabled' => true,
</span><span class="cx"> 'name' => true,
</span><span class="lines">@@ -103,24 +95,18 @@
</span><span class="cx"> ),
</span><span class="cx"> 'caption' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> ),
</span><del>- 'cite' => array (
- 'class' => true,
</del><ins>+ 'cite' => array(
</ins><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'title' => true,
</del><span class="cx"> ),
</span><del>- 'code' => array (
- 'style' => true,
- ),
</del><ins>+ 'code' => array(),
</ins><span class="cx"> 'col' => array(
</span><span class="cx"> 'align' => true,
</span><span class="cx"> 'char' => true,
</span><span class="cx"> 'charoff' => true,
</span><span class="cx"> 'span' => true,
</span><span class="cx"> 'dir' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'valign' => true,
</span><span class="cx"> 'width' => true,
</span><span class="cx"> ),
</span><span class="lines">@@ -130,19 +116,15 @@
</span><span class="cx"> 'dd' => array(),
</span><span class="cx"> 'details' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><span class="cx"> 'open' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'div' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'dl' => array(),
</span><span class="lines">@@ -151,18 +133,14 @@
</span><span class="cx"> 'fieldset' => array(),
</span><span class="cx"> 'figure' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'figcaption' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'font' => array(
</span><span class="lines">@@ -172,10 +150,8 @@
</span><span class="cx"> ),
</span><span class="cx"> 'footer' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'form' => array(
</span><span class="lines">@@ -189,59 +165,36 @@
</span><span class="cx"> ),
</span><span class="cx"> 'h1' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
- 'id' => true,
- 'style' => true,
</del><span class="cx"> ),
</span><del>- 'h2' => array (
</del><ins>+ 'h2' => array(
</ins><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
- 'id' => true,
- 'style' => true,
</del><span class="cx"> ),
</span><del>- 'h3' => array (
</del><ins>+ 'h3' => array(
</ins><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
- 'id' => true,
- 'style' => true,
</del><span class="cx"> ),
</span><del>- 'h4' => array (
</del><ins>+ 'h4' => array(
</ins><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
- 'id' => true,
- 'style' => true,
</del><span class="cx"> ),
</span><del>- 'h5' => array (
</del><ins>+ 'h5' => array(
</ins><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
- 'id' => true,
- 'style' => true,
</del><span class="cx"> ),
</span><del>- 'h6' => array (
</del><ins>+ 'h6' => array(
</ins><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
- 'id' => true,
- 'style' => true,
</del><span class="cx"> ),
</span><span class="cx"> 'header' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'hgroup' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><del>- 'hr' => array (
</del><ins>+ 'hr' => array(
</ins><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'noshade' => true,
</span><span class="cx"> 'size' => true,
</span><span class="cx"> 'width' => true,
</span><span class="lines">@@ -251,13 +204,12 @@
</span><span class="cx"> 'alt' => true,
</span><span class="cx"> 'align' => true,
</span><span class="cx"> 'border' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'height' => true,
</span><span class="cx"> 'hspace' => true,
</span><span class="cx"> 'longdesc' => true,
</span><span class="cx"> 'vspace' => true,
</span><span class="cx"> 'src' => true,
</span><del>- 'style' => true,
</del><ins>+ 'usemap' => true,
</ins><span class="cx"> 'width' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'ins' => array(
</span><span class="lines">@@ -271,54 +223,44 @@
</span><span class="cx"> 'legend' => array(
</span><span class="cx"> 'align' => true,
</span><span class="cx"> ),
</span><del>- 'li' => array (
</del><ins>+ 'li' => array(
</ins><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> ),
</span><del>- 'menu' => array (
- 'class' => true,
- 'style' => true,
</del><ins>+ 'map' => array(
+ 'name' => true,
+ ),
+ 'menu' => array(
</ins><span class="cx"> 'type' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'nav' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'p' => array(
</span><del>- 'class' => true,
</del><span class="cx"> 'align' => true,
</span><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'pre' => array(
</span><del>- 'style' => true,
</del><span class="cx"> 'width' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'q' => array(
</span><span class="cx"> 'cite' => true,
</span><span class="cx"> ),
</span><span class="cx"> 's' => array(),
</span><del>- 'span' => array (
- 'class' => true,
</del><ins>+ 'span' => array(
</ins><span class="cx"> 'dir' => true,
</span><span class="cx"> 'align' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
- 'title' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'section' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'small' => array(),
</span><span class="lines">@@ -327,10 +269,8 @@
</span><span class="cx"> 'sub' => array(),
</span><span class="cx"> 'summary' => array(
</span><span class="cx"> 'align' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><span class="cx"> 'lang' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'xml:lang' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'sup' => array(),
</span><span class="lines">@@ -340,11 +280,8 @@
</span><span class="cx"> 'border' => true,
</span><span class="cx"> 'cellpadding' => true,
</span><span class="cx"> 'cellspacing' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'dir' => true,
</span><del>- 'id' => true,
</del><span class="cx"> 'rules' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'summary' => true,
</span><span class="cx"> 'width' => true,
</span><span class="cx"> ),
</span><span class="lines">@@ -361,7 +298,6 @@
</span><span class="cx"> 'bgcolor' => true,
</span><span class="cx"> 'char' => true,
</span><span class="cx"> 'charoff' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'colspan' => true,
</span><span class="cx"> 'dir' => true,
</span><span class="cx"> 'headers' => true,
</span><span class="lines">@@ -369,7 +305,6 @@
</span><span class="cx"> 'nowrap' => true,
</span><span class="cx"> 'rowspan' => true,
</span><span class="cx"> 'scope' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'valign' => true,
</span><span class="cx"> 'width' => true,
</span><span class="cx"> ),
</span><span class="lines">@@ -383,7 +318,6 @@
</span><span class="cx"> 'tfoot' => array(
</span><span class="cx"> 'align' => true,
</span><span class="cx"> 'char' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'charoff' => true,
</span><span class="cx"> 'valign' => true,
</span><span class="cx"> ),
</span><span class="lines">@@ -394,7 +328,6 @@
</span><span class="cx"> 'bgcolor' => true,
</span><span class="cx"> 'char' => true,
</span><span class="cx"> 'charoff' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'colspan' => true,
</span><span class="cx"> 'headers' => true,
</span><span class="cx"> 'height' => true,
</span><span class="lines">@@ -408,7 +341,6 @@
</span><span class="cx"> 'align' => true,
</span><span class="cx"> 'char' => true,
</span><span class="cx"> 'charoff' => true,
</span><del>- 'class' => true,
</del><span class="cx"> 'valign' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'title' => array(),
</span><span class="lines">@@ -417,21 +349,15 @@
</span><span class="cx"> 'bgcolor' => true,
</span><span class="cx"> 'char' => true,
</span><span class="cx"> 'charoff' => true,
</span><del>- 'class' => true,
- 'style' => true,
</del><span class="cx"> 'valign' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'tt' => array(),
</span><span class="cx"> 'u' => array(),
</span><del>- 'ul' => array (
- 'class' => true,
- 'style' => true,
</del><ins>+ 'ul' => array(
</ins><span class="cx"> 'type' => true,
</span><span class="cx"> ),
</span><del>- 'ol' => array (
- 'class' => true,
</del><ins>+ 'ol' => array(
</ins><span class="cx"> 'start' => true,
</span><del>- 'style' => true,
</del><span class="cx"> 'type' => true,
</span><span class="cx"> ),
</span><span class="cx"> 'var' => array(),
</span><span class="lines">@@ -467,7 +393,8 @@
</span><span class="cx"> // 'dd' => array(),
</span><span class="cx"> // 'dl' => array(),
</span><span class="cx"> // 'dt' => array(),
</span><del>- 'em' => array (), 'i' => array (),
</del><ins>+ 'em' => array(),
+ 'i' => array(),
</ins><span class="cx"> // 'ins' => array('datetime' => array(), 'cite' => array()),
</span><span class="cx"> // 'li' => array(),
</span><span class="cx"> // 'ol' => array(),
</span><span class="lines">@@ -526,6 +453,11 @@
</span><span class="cx"> 'sdot', 'lceil', 'rceil', 'lfloor', 'rfloor', 'lang',
</span><span class="cx"> 'rang', 'loz', 'spades', 'clubs', 'hearts', 'diams',
</span><span class="cx"> );
</span><ins>+
+ $allowedposttags = array_map( '_wp_add_global_attributes', $allowedposttags );
+} else {
+ $allowedtags = wp_kses_array_lc( $allowedtags );
+ $allowedposttags = wp_kses_array_lc( $allowedposttags );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -548,18 +480,54 @@
</span><span class="cx"> * @param array $allowed_protocols Optional. Allowed protocol in links.
</span><span class="cx"> * @return string Filtered content with only allowed HTML elements
</span><span class="cx"> */
</span><del>-function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {
</del><ins>+function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
</ins><span class="cx"> if ( empty( $allowed_protocols ) )
</span><span class="cx"> $allowed_protocols = wp_allowed_protocols();
</span><span class="cx"> $string = wp_kses_no_null($string);
</span><span class="cx"> $string = wp_kses_js_entities($string);
</span><span class="cx"> $string = wp_kses_normalize_entities($string);
</span><del>- $allowed_html_fixed = wp_kses_array_lc($allowed_html);
- $string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
- return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
</del><ins>+ $string = wp_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
+ return wp_kses_split($string, $allowed_html, $allowed_protocols);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><ins>+ * Return a list of allowed tags and attributes for a given context.
+ *
+ * @since 3.5.0
+ *
+ * @param string $context The context for which to retrieve tags. Allowed values are
+ * post | strip | data | entities or the name of a field filter such as pre_user_description.
+ * @return array List of allowed tags and their allowed attributes.
+ */
+function wp_kses_allowed_html( $context = '' ) {
+ global $allowedposttags, $allowedtags, $allowedentitynames;
+
+ if ( is_array( $context ) )
+ return apply_filters( 'wp_kses_allowed_html', $context, 'explicit' );
+
+ switch ( $context ) {
+ case 'post':
+ return apply_filters( 'wp_kses_allowed_html', $allowedposttags, $context );
+ break;
+ case 'user_description':
+ case 'pre_user_description':
+ $tags = $allowedtags;
+ $tags['a']['rel'] = true;
+ return apply_filters( 'wp_kses_allowed_html', $tags, $context );
+ break;
+ case 'strip':
+ return apply_filters( 'wp_kses_allowed_html', array(), $context );
+ break;
+ case 'entities':
+ return apply_filters( 'wp_kses_allowed_html', $allowedentitynames, $context);
+ break;
+ case 'data':
+ default:
+ return apply_filters( 'wp_kses_allowed_html', $allowedtags, $context );
+ }
+}
+
+/**
</ins><span class="cx"> * You add any kses hooks here.
</span><span class="cx"> *
</span><span class="cx"> * There is currently only one kses WordPress hook and it is called here. All
</span><span class="lines">@@ -572,7 +540,7 @@
</span><span class="cx"> * @param array $allowed_protocols Allowed protocol in links
</span><span class="cx"> * @return string Filtered content through 'pre_kses' hook
</span><span class="cx"> */
</span><del>-function wp_kses_hook($string, $allowed_html, $allowed_protocols) {
</del><ins>+function wp_kses_hook( $string, $allowed_html, $allowed_protocols ) {
</ins><span class="cx"> $string = apply_filters('pre_kses', $string, $allowed_html, $allowed_protocols);
</span><span class="cx"> return $string;
</span><span class="cx"> }
</span><span class="lines">@@ -600,7 +568,7 @@
</span><span class="cx"> * @param array $allowed_protocols Allowed protocols to keep
</span><span class="cx"> * @return string Content with fixed HTML tags
</span><span class="cx"> */
</span><del>-function wp_kses_split($string, $allowed_html, $allowed_protocols) {
</del><ins>+function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
</ins><span class="cx"> global $pass_allowed_html, $pass_allowed_protocols;
</span><span class="cx"> $pass_allowed_html = $allowed_html;
</span><span class="cx"> $pass_allowed_protocols = $allowed_protocols;
</span><span class="lines">@@ -668,6 +636,9 @@
</span><span class="cx"> $elem = $matches[2];
</span><span class="cx"> $attrlist = $matches[3];
</span><span class="cx">
</span><ins>+ if ( ! is_array( $allowed_html ) )
+ $allowed_html = wp_kses_allowed_html( $allowed_html );
+
</ins><span class="cx"> if ( ! isset($allowed_html[strtolower($elem)]) )
</span><span class="cx"> return '';
</span><span class="cx"> # They are using a not allowed HTML element
</span><span class="lines">@@ -699,6 +670,9 @@
</span><span class="cx"> function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
</span><span class="cx"> # Is there a closing XHTML slash at the end of the attributes?
</span><span class="cx">
</span><ins>+ if ( ! is_array( $allowed_html ) )
+ $allowed_html = wp_kses_allowed_html( $allowed_html );
+
</ins><span class="cx"> $xhtml_slash = '';
</span><span class="cx"> if (preg_match('%\s*/\s*$%', $attr))
</span><span class="cx"> $xhtml_slash = ' /';
</span><span class="lines">@@ -777,7 +751,7 @@
</span><span class="cx"> * @return array List of attributes after parsing
</span><span class="cx"> */
</span><span class="cx"> function wp_kses_hair($attr, $allowed_protocols) {
</span><del>- $attrarr = array ();
</del><ins>+ $attrarr = array();
</ins><span class="cx"> $mode = 0;
</span><span class="cx"> $attrname = '';
</span><span class="cx"> $uris = array('xmlns', 'profile', 'href', 'src', 'cite', 'classid', 'codebase', 'data', 'usemap', 'longdesc', 'action');
</span><span class="lines">@@ -1286,9 +1260,8 @@
</span><span class="cx"> * @param string $data Content to filter, expected to be escaped with slashes
</span><span class="cx"> * @return string Filtered content
</span><span class="cx"> */
</span><del>-function wp_filter_kses($data) {
- global $allowedtags;
- return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );
</del><ins>+function wp_filter_kses( $data ) {
+ return addslashes( wp_kses( stripslashes( $data ), current_filter() ) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -1300,9 +1273,8 @@
</span><span class="cx"> * @param string $data Content to filter, expected to not be escaped
</span><span class="cx"> * @return string Filtered content
</span><span class="cx"> */
</span><del>-function wp_kses_data($data) {
- global $allowedtags;
- return wp_kses( $data , $allowedtags );
</del><ins>+function wp_kses_data( $data ) {
+ return wp_kses( $data , current_filter() );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -1312,14 +1284,12 @@
</span><span class="cx"> * data from forms.
</span><span class="cx"> *
</span><span class="cx"> * @since 2.0.0
</span><del>- * @uses $allowedposttags
</del><span class="cx"> *
</span><span class="cx"> * @param string $data Post content to filter, expected to be escaped with slashes
</span><span class="cx"> * @return string Filtered post content with allowed HTML tags and attributes intact.
</span><span class="cx"> */
</span><span class="cx"> function wp_filter_post_kses($data) {
</span><del>- global $allowedposttags;
- return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
</del><ins>+ return addslashes ( wp_kses( stripslashes( $data ), 'post' ) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -1329,14 +1299,12 @@
</span><span class="cx"> * data from forms.
</span><span class="cx"> *
</span><span class="cx"> * @since 2.9.0
</span><del>- * @uses $allowedposttags
</del><span class="cx"> *
</span><span class="cx"> * @param string $data Post content to filter
</span><span class="cx"> * @return string Filtered post content with allowed HTML tags and attributes intact.
</span><span class="cx"> */
</span><span class="cx"> function wp_kses_post($data) {
</span><del>- global $allowedposttags;
- return wp_kses( $data , $allowedposttags );
</del><ins>+ return wp_kses( $data , 'post' );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -1347,8 +1315,8 @@
</span><span class="cx"> * @param string $data Content to strip all HTML from
</span><span class="cx"> * @return string Filtered content without any HTML
</span><span class="cx"> */
</span><del>-function wp_filter_nohtml_kses($data) {
- return addslashes ( wp_kses(stripslashes( $data ), array()) );
</del><ins>+function wp_filter_nohtml_kses( $data ) {
+ return addslashes ( wp_kses( stripslashes( $data ), 'strip' ) );
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> /**
</span><span class="lines">@@ -1484,3 +1452,29 @@
</span><span class="cx">
</span><span class="cx"> return $css;
</span><span class="cx"> }
</span><ins>+
+/**
+ * Helper function to add global attributes to a tag in the allowed html list.
+ *
+ * @since 3.5.0
+ * @access private
+ *
+ * @param array $value An array of attributes.
+ * @return array The array of attributes with global attributes added.
+ */
+function _wp_add_global_attributes( $value ) {
+ $global_attributes = array(
+ 'class' => true,
+ 'id' => true,
+ 'style' => true,
+ 'title' => true,
+ );
+
+ if ( true === $value )
+ $value = array();
+
+ if ( is_array( $value ) )
+ return array_merge( $value, $global_attributes );
+
+ return $value;
+}
</ins></span></pre>
</div>
</div>
</body>
</html>