]> scripts.mit.edu Git - autoinstalls/wordpress.git/blobdiff - wp-includes/kses.php
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Wordpress 2.6.2-scripts
[autoinstalls/wordpress.git] / wp-includes / kses.php
diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index ae37fc26c55ed6a93d947488c4a1568d38fa931f..c7538b983b4002ad713f5fe06ef6e1ec74407821 100644 (file)
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -182,8 +182,10 @@ if (!CUSTOM_TAGS) {
                        'class' => array (),
                        'dir' => array (),
                        'align' => array (),
                        'class' => array (),
                        'dir' => array (),
                        'align' => array (),
+                       'lang' => array (),
                        'style' => array (),
                        'style' => array (),
-                       'title' => array ()),
+                       'title' => array (),
+                       'xml:lang' => array()),
                'strike' => array(),
                'strong' => array(),
                'sub' => array(),
                'strike' => array(),
                'strong' => array(),
                'sub' => array(),
@@ -429,6 +431,10 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
                        $string = $newstring;
                if ( $string == '' )
                        return '';
                        $string = $newstring;
                if ( $string == '' )
                        return '';
+               // prevent multiple dashes in comments
+               $string = preg_replace('/--+/', '-', $string);
+               // prevent three dashes closing a comment
+               $string = preg_replace('/-$/', '', $string);
                return "<!--{$string}-->";
        }
        # Allow HTML comments
                return "<!--{$string}-->";
        }
        # Allow HTML comments
@@ -531,7 +537,8 @@ function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
  * input. It will add quotes around attribute values that don't have any quotes
  * or apostrophes around them, to make it easier to produce HTML code that will
  * conform to W3C's HTML specification. It will also remove bad URL protocols
  * input. It will add quotes around attribute values that don't have any quotes
  * or apostrophes around them, to make it easier to produce HTML code that will
  * conform to W3C's HTML specification. It will also remove bad URL protocols
- * from attribute values.
+ * from attribute values.  It also reduces duplicate attributes by using the
+ * attribute defined first (foo='bar' foo='baz' will result in foo='bar').
  *
  * @since 1.0.0
  *
  *
  * @since 1.0.0
  *
@@ -574,7 +581,9 @@ function wp_kses_hair($attr, $allowed_protocols) {
                                        {
                                        $working = 1;
                                        $mode = 0;
                                        {
                                        $working = 1;
                                        $mode = 0;
-                                       $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
+                                       if(FALSE === array_key_exists($attrname, $attrarr)) {
+                                               $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
+                                       }
                                        $attr = preg_replace('/^\s+/', '', $attr);
                                }
 
                                        $attr = preg_replace('/^\s+/', '', $attr);
                                }
 
@@ -587,7 +596,9 @@ function wp_kses_hair($attr, $allowed_protocols) {
                                        {
                                        $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
                                        {
                                        $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
-                                       $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                                       if(FALSE === array_key_exists($attrname, $attrarr)) {
+                                               $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                                       }
                                        $working = 1;
                                        $mode = 0;
                                        $attr = preg_replace('/^"[^"]*"(\s+|$)/', '', $attr);
                                        $working = 1;
                                        $mode = 0;
                                        $attr = preg_replace('/^"[^"]*"(\s+|$)/', '', $attr);
@@ -599,7 +610,9 @@ function wp_kses_hair($attr, $allowed_protocols) {
                                        {
                                        $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
                                        {
                                        $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
-                                       $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
+                                       if(FALSE === array_key_exists($attrname, $attrarr)) {
+                                               $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n');
+                                       }
                                        $working = 1;
                                        $mode = 0;
                                        $attr = preg_replace("/^'[^']*'(\s+|$)/", '', $attr);
                                        $working = 1;
                                        $mode = 0;
                                        $attr = preg_replace("/^'[^']*'(\s+|$)/", '', $attr);
@@ -611,7 +624,9 @@ function wp_kses_hair($attr, $allowed_protocols) {
                                        {
                                        $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
                                        {
                                        $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols);
 
-                                       $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                                       if(FALSE === array_key_exists($attrname, $attrarr)) {
+                                               $attrarr[$attrname] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n');
+                                       }
                                        # We add quotes to conform to W3C's HTML spec.
                                        $working = 1;
                                        $mode = 0;
                                        # We add quotes to conform to W3C's HTML spec.
                                        $working = 1;
                                        $mode = 0;
@@ -628,10 +643,10 @@ function wp_kses_hair($attr, $allowed_protocols) {
                }
        } # while
 
                }
        } # while
 
-       if ($mode == 1)
+       if ($mode == 1 && FALSE === array_key_exists($attrname, $attrarr))
                # special case, for when the attribute list ends with a valueless
                # attribute like "selected"
                # special case, for when the attribute list ends with a valueless
                # attribute like "selected"
-               $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
+               $attrarr[$attrname] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y');
 
        return $attrarr;
 }
 
        return $attrarr;
 }
@@ -1050,4 +1065,4 @@ function kses_init() {
 
 add_action('init', 'kses_init');
 add_action('set_current_user', 'kses_init');
 
 add_action('init', 'kses_init');
 add_action('set_current_user', 'kses_init');
-?>
\ No newline at end of file
+?>
WordPress autoinstaller for phpBB