Wordpress 2.0.11

[autoinstalls/wordpress.git] / wp-includes / kses.php

diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index a0bdf2c8daba245d4577b5a44eec4d4c9322cae7..072a96a723822d645c0b2af910b0541df27af033 100644 (file)
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -1,8 +1,8 @@
 <?php
 
 // Added wp_ prefix to avoid conflicts with existing kses users
-# kses 0.2.1 - HTML/XHTML filter that only allows some elements and attributes
-# Copyright (C) 2002, 2003  Ulf Harnhammar
+# kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
+# Copyright (C) 2002, 2003, 2005  Ulf Harnhammar
 # *** CONTACT INFORMATION ***
 #
 # E-mail:      metaur at users dot sourceforge dot net
@@ -113,7 +113,7 @@ function wp_kses_split2($string, $allowed_html, $allowed_protocols)
        $elem = $matches[2];
        $attrlist = $matches[3];
 
-       if (!@ is_array($allowed_html[strtolower($elem)]))
+       if (!@isset($allowed_html[strtolower($elem)]))
                return '';
        # They are using a not allowed HTML element
 
@@ -366,6 +366,7 @@ function wp_kses_bad_protocol($string, $allowed_protocols)
 ###############################################################################
 {
        $string = wp_kses_no_null($string);
+       $string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
        $string2 = $string.'a';
 
        while ($string != $string2) {
@@ -378,7 +379,7 @@ function wp_kses_bad_protocol($string, $allowed_protocols)
 
 function wp_kses_no_null($string)
 ###############################################################################
-# This function removes any NULL or chr(173) characters in $string.
+# This function removes any NULL characters in $string.
 ###############################################################################
 {
        $string = preg_replace('/\0+/', '', $string);
@@ -454,6 +455,8 @@ function wp_kses_bad_protocol_once2($string, $allowed_protocols)
        $string2 = wp_kses_decode_entities($string);
        $string2 = preg_replace('/\s/', '', $string2);
        $string2 = wp_kses_no_null($string2);
+       $string2 = preg_replace('/\xad+/', '', $string2);
+       # deals with Opera "feature"
        $string2 = strtolower($string2);
 
        $allowed = false;
@@ -521,26 +524,34 @@ function wp_filter_post_kses($data) {
 }
 
 function kses_init_filters() {
-               add_filter('pre_comment_author', 'wp_filter_kses');
-               add_filter('pre_comment_content', 'wp_filter_kses');
-               add_filter('content_save_pre', 'wp_filter_post_kses');
-               add_filter('title_save_pre', 'wp_filter_kses');
+       // Normal filtering.
+       add_filter('pre_comment_content', 'wp_filter_kses');
+       add_filter('title_save_pre', 'wp_filter_kses');
+
+       // Post filtering
+       add_filter('content_save_pre', 'wp_filter_post_kses');
+       add_filter('excerpt_save_pre', 'wp_filter_post_kses');
+       add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
 }
 
-function kses_init() {
-       global $current_user;
-
-       remove_filter('pre_comment_author', 'wp_filter_kses');
+function kses_remove_filters() {
+       // Normal filtering.
        remove_filter('pre_comment_content', 'wp_filter_kses');
-       remove_filter('content_save_pre', 'wp_filter_post_kses');
        remove_filter('title_save_pre', 'wp_filter_kses');
 
-       if (! defined('XMLRPC_REQUEST') )
-               get_currentuserinfo();
+       // Post filtering
+       remove_filter('content_save_pre', 'wp_filter_post_kses');
+       remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
+       remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
+}
+
+function kses_init() {
+       kses_remove_filters();
 
        if (current_user_can('unfiltered_html') == false)
                kses_init_filters();
 }
+
 add_action('init', 'kses_init');
 add_action('set_current_user', 'kses_init');
 ?>