*/
function wp_kses_bad_protocol($string, $allowed_protocols) {
$string = wp_kses_no_null($string);
- $string2 = $string.'a';
+ $iterations = 0;
- while ($string != $string2) {
- $string2 = $string;
+ do {
+ $original_string = $string;
$string = wp_kses_bad_protocol_once($string, $allowed_protocols);
- } # while
+ } while ( $original_string != $string && ++$iterations < 6 );
+
+ if ( $original_string != $string )
+ return '';
return $string;
}
* @param string $allowed_protocols Allowed protocols
* @return string Sanitized content
*/
-function wp_kses_bad_protocol_once($string, $allowed_protocols) {
+function wp_kses_bad_protocol_once($string, $allowed_protocols, $count = 1 ) {
$string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
- if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) )
- $string = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols ) . trim( $string2[1] );
+ if ( isset($string2[1]) && ! preg_match('%/\?%', $string2[0]) ) {
+ $string = trim( $string2[1] );
+ $protocol = wp_kses_bad_protocol_once2( $string2[0], $allowed_protocols );
+ if ( 'feed:' == $protocol ) {
+ if ( $count > 2 )
+ return '';
+ $string = wp_kses_bad_protocol_once( $string, $allowed_protocols, ++$count );
+ if ( empty( $string ) )
+ return $string;
+ }
+ $string = $protocol . $string;
+ }
return $string;
}