Wordpress 3.5.2
[autoinstalls/wordpress.git] / wp-includes / class-feed.php
index 067f36c2c65bd295baecb94e5d106adbb9ad8dd1..491d775e144491eaf2e7156e65fd39cc79f83643 100644 (file)
@@ -66,7 +66,11 @@ class WP_SimplePie_File extends SimplePie_File {
                $this->method = SIMPLEPIE_FILE_SOURCE_REMOTE;
 
                if ( preg_match('/^http(s)?:\/\//i', $url) ) {
-                       $args = array( 'timeout' => $this->timeout, 'redirection' => $this->redirects);
+                       $args = array(
+                               'timeout' => $this->timeout,
+                               'redirection' => $this->redirects,
+                               'reject_unsafe_urls' => true,
+                       );
 
                        if ( !empty($this->headers) )
                                $args['headers'] = $this->headers;
@@ -85,10 +89,43 @@ class WP_SimplePie_File extends SimplePie_File {
                                $this->status_code = wp_remote_retrieve_response_code( $res );
                        }
                } else {
-                       if ( ! $this->body = file_get_contents($url) ) {
-                               $this->error = 'file_get_contents could not read the file';
-                               $this->success = false;
+                       $this->error = '';
+                       $this->success = false;
+               }
+       }
+}
+
+/**
+ * WordPress SimplePie Sanitization Class
+ *
+ * Extension of the SimplePie_Sanitize class to use KSES, because
+ * we cannot universally count on DOMDocument being available
+ *
+ * @package WordPress
+ * @since 3.5.0
+ */
+class WP_SimplePie_Sanitize_KSES extends SimplePie_Sanitize {
+       public function sanitize( $data, $type, $base = '' ) {
+               $data = trim( $data );
+               if ( $type & SIMPLEPIE_CONSTRUCT_MAYBE_HTML ) {
+                       if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data)) {
+                               $type |= SIMPLEPIE_CONSTRUCT_HTML;
                        }
+                       else {
+                               $type |= SIMPLEPIE_CONSTRUCT_TEXT;
+                       }
+               }
+               if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) {
+                       $data = base64_decode( $data );
+               }
+               if ( $type & ( SIMPLEPIE_CONSTRUCT_HTML | SIMPLEPIE_CONSTRUCT_XHTML ) ) {
+                       $data = wp_kses_post( $data );
+                       if ( $this->output_encoding !== 'UTF-8' ) {
+                               $data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) );
+                       }
+                       return $data;
+               } else {
+                       return parent::sanitize( $data, $type, $base );
                }
        }
 }