A HitchHackers guide through WordPress

wp_kses_bad_protocol_once

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_kses_bad_protocol_once($string, $allowed_protocols) {}

Sanitizes content from bad protocols and other characters.

This function searches for URL protocols at the beginning of $string, while handling whitespace and HTML entities.

Parameters

string $string: Content to check for bad protocols
string $allowed_protocols: Allowed protocols

Return values

returns:Sanitized content

Source code

function wp_kses_bad_protocol_once($string, $allowed_protocols) {

	$string2 = preg_split( '/:|&#0*58;|&#x0*3a;/i', $string, 2 );

	if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) )

		$string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] );



	return $string;

}

3819

/wp-includes/kses.php, Documentation, Files, Functions, Functions by letter w

codex, id75d37d629be482d89ae76951507b33c7, wp_kses_bad_protocol_once

wp_kses_bad_protocol

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_kses_bad_protocol($string, $allowed_protocols) {}

Sanitize string from bad protocols.

This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won’t be fooled by a string like "javascript:javascript:alert(57)".

Parameters

string $string: Content to filter bad protocols from
array $allowed_protocols: Allowed protocols to keep

Return values

returns:Filtered content

Source code

function wp_kses_bad_protocol($string, $allowed_protocols) {

	$string = wp_kses_no_null($string);

	$string2 = $string.'a';



	while ($string != $string2) {

		$string2 = $string;

		$string = wp_kses_bad_protocol_once($string, $allowed_protocols);

	} # while



	return $string;

}

3817

/wp-includes/kses.php, Documentation, Files, Functions, Functions by letter w

codex, iddd4170f98f75076a4a98f3bf2478dbf0, wp_kses_bad_protocol

wp_kses_attr

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {}

Removes all attributes, if none are allowed for this element.

If some are allowed it calls wp_kses_hair() to split them further, and then it builds up new HTML code from the data that kses_hair() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well.

Parameters

string $element: HTML element/tag
string $attr: HTML attributes from HTML element to closing HTML element tag
array $allowed_html: Allowed HTML elements
array $allowed_protocols: Allowed protocols to keep

Return values

returns:Sanitized HTML element

Source code

function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {

	# Is there a closing XHTML slash at the end of the attributes?



	$xhtml_slash = '';

	if (preg_match('%\s*/\s*$%', $attr))

		$xhtml_slash = ' /';



	# Are any attributes allowed at all for this element?

	if ( ! isset($allowed_html[strtolower($element)]) || count($allowed_html[strtolower($element)]) == 0 )

		return "<$element$xhtml_slash>";



	# Split it

	$attrarr = wp_kses_hair($attr, $allowed_protocols);



	# Go through $attrarr, and save the allowed attributes for this element

	# in $attr2

	$attr2 = '';



	$allowed_attr = $allowed_html[strtolower($element)];

	foreach ($attrarr as $arreach) {

		if ( ! isset( $allowed_attr[strtolower($arreach['name'])] ) )

			continue; # the attribute is not allowed



		$current = $allowed_attr[strtolower($arreach['name'])];

		if ( $current == '' )

			continue; # the attribute is not allowed



		if ( ! is_array($current) ) {

			$attr2 .= ' '.$arreach['whole'];

		# there are no checks



		} else {

			# there are some checks

			$ok = true;

			foreach ($current as $currkey => $currval) {

				if ( ! wp_kses_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval) ) {

					$ok = false;

					break;

				}

			}



			if ( strtolower($arreach['name']) == 'style' ) {

				$orig_value = $arreach['value'];

				$value = safecss_filter_attr($orig_value);



				if ( empty($value) )

					continue;



				$arreach['value'] = $value;

				$arreach['whole'] = str_replace($orig_value, $value, $arreach['whole']);

			}



			if ($ok)

				$attr2 .= ' '.$arreach['whole']; # it passed them

		} # if !is_array($current)

	} # foreach



	# Remove any "<" or ">" characters

	$attr2 = preg_replace('/[<>]/', '', $attr2);



	return "<$element$attr2$xhtml_slash>";

}

3815

/wp-includes/kses.php, Documentation, Files, Functions, Functions by letter w

codex, id12fab8944e357aef39463f1220805a79, wp_kses_attr

wp_kses_array_lc

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_kses_array_lc($inarray) {}

Goes through an array and changes the keys to all lower case.

Parameters

array $inarray: Unfiltered array

Return values

returns:Fixed array with all lowercase keys

Source code

function wp_kses_array_lc($inarray) {

	$outarray = array ();



	foreach ( (array) $inarray as $inkey => $inval) {

		$outkey = strtolower($inkey);

		$outarray[$outkey] = array ();



		foreach ( (array) $inval as $inkey2 => $inval2) {

			$outkey2 = strtolower($inkey2);

			$outarray[$outkey][$outkey2] = $inval2;

		} # foreach $inval

	} # foreach $inarray



	return $outarray;

}

3813

/wp-includes/kses.php, Documentation, Files, Functions, Functions by letter w

codex, idcb3bf3634d76c8fb4df921fe5955ccc8, wp_kses_array_lc

wp_kses

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_kses($string, $allowed_html, $allowed_protocols = array () {}

Filters content and keeps only allowable HTML elements.

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP’s magic quotes before you call this function.

Parameters

string $string: Content to filter through kses
array $allowed_html: List of allowed HTML elements
array $allowed_protocols: Optional. Allowed protocol in links.

Return values

returns:Filtered content with only allowed HTML elements

Source code

function wp_kses($string, $allowed_html, $allowed_protocols = array ()) {

	if ( empty( $allowed_protocols ) )

		$allowed_protocols = wp_allowed_protocols();

	$string = wp_kses_no_null($string);

	$string = wp_kses_js_entities($string);

	$string = wp_kses_normalize_entities($string);

	$allowed_html_fixed = wp_kses_array_lc($allowed_html);

	$string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook

	return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);

}

3811

/wp-includes/kses.php, Documentation, Files, Functions, Functions by letter w

codex, id07d7a94ee9d48fe69ab2457ea41f418d, wp_kses

Newer Entries

Older Entries

Ouch, we don’t have this here!

It seems that we do not have anything about this topic here, but you might want to do one of the following. If you were searching for a php function head over to the php manual and use one of their entry points

If you were searching for a WordPress related topic and did not find it here try one of the following options.

Use the search form in the navigation bar above
Use the WordPress search

If nothing like this helps try using Google or an other search engine

Google
Bing

Golden Q&A rules

Search first

Be sure that you first search in Google, the WordPress forums, Codex or this site ( using the form in the menu ). Sharing your previous results helps narrowing down the problem if you also tell us what you found and why it didn’t serve your needs.

Be specific

Give as much details about your problem as possible. Make sure to include examples, links and context related to your problem.

Be WordPress related

This site focuses on WordPress and related topics. Please make sure that your question is related to WordPress code, functionality or other related topics.

Be nice

Please keep in mind that this is a voluntary service. Answers might not always be correct or what you expect. Please be nice and let us know if any inappropriate answers come to your attention.