- * This function decodes numeric HTML entities (A and A). It
- * doesn't do anything with other entities like ä, but we don't need
- * them in the URL protocol whitelisting system anyway.
+ * @access private
+ *
+ * @param array $matches preg_replace_callback() matches array
+ * @return string Correctly encoded entity
+ */
+function wp_kses_normalize_entities3($matches) {
+ if ( ! isset($matches[2]) || empty($matches[2]) )
+ return '';
+
+ $hexchars = $matches[2];
+ return ( ( ! valid_unicode(hexdec($hexchars)) ) ? "&#x$hexchars;" : "&#x$hexchars;" );
+}
+
+/**
+ * Helper function to determine if a Unicode value is valid.
+ *
+ * @param int $i Unicode value
+ * @return bool true if the value was a valid Unicode number
+ */
+function valid_unicode($i) {
+ return ( $i == 0x9 || $i == 0xa || $i == 0xd ||
+ ($i >= 0x20 && $i <= 0xd7ff) ||
+ ($i >= 0xe000 && $i <= 0xfffd) ||
+ ($i >= 0x10000 && $i <= 0x10ffff) );
+}
+
+/**
+ * Convert all entities to their character counterparts.
+ *
+ * This function decodes numeric HTML entities (A and A). It doesn't do
+ * anything with other entities like ä, but we don't need them in the URL
+ * protocol whitelisting system anyway.