<?php
// Added wp_ prefix to avoid conflicts with existing kses users
-# kses 0.2.1 - HTML/XHTML filter that only allows some elements and attributes
-# Copyright (C) 2002, 2003 Ulf Harnhammar
+# kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
+# Copyright (C) 2002, 2003, 2005 Ulf Harnhammar
# *** CONTACT INFORMATION ***
#
# E-mail: metaur at users dot sourceforge dot net
// You can override this in your my-hacks.php file
if (!CUSTOM_TAGS) {
- $allowedposttags = array ('address' => array (), 'a' => array ('href' => array (), 'title' => array (), 'rel' => array (), 'rev' => array (), 'name' => array ()), 'abbr' => array ('title' => array ()), 'acronym' => array ('title' => array ()), 'b' => array (), 'big' => array (), 'blockquote' => array ('cite' => array ()), 'br' => array (), 'button' => array ('disabled' => array (), 'name' => array (), 'type' => array (), 'value' => array ()), 'caption' => array ('align' => array ()), 'code' => array (), 'col' => array ('align' => array (), 'char' => array (), 'charoff' => array (), 'span' => array (), 'valign' => array (), 'width' => array ()), 'del' => array ('datetime' => array ()), 'dd' => array (), 'div' => array ('align' => array ()), 'dl' => array (), 'dt' => array (), 'em' => array (), 'fieldset' => array (), 'font' => array ('color' => array (), 'face' => array (), 'size' => array ()), 'form' => array ('action' => array (), 'accept' => array (), 'accept-charset' => array (), 'enctype' => array (), 'method' => array (), 'name' => array (), 'target' => array ()), 'h1' => array ('align' => array ()), 'h2' => array ('align' => array ()), 'h3' => array ('align' => array ()), 'h4' => array ('align' => array ()), 'h5' => array ('align' => array ()), 'h6' => array ('align' => array ()), 'hr' => array ('align' => array (), 'noshade' => array (), 'size' => array (), 'width' => array ()), 'i' => array (), 'img' => array ('alt' => array (), 'align' => array (), 'border' => array (), 'height' => array (), 'hspace' => array (), 'longdesc' => array (), 'vspace' => array (), 'src' => array (), 'width' => array ()), 'ins' => array ('datetime' => array (), 'cite' => array ()), 'kbd' => array (), 'label' => array ('for' => array ()), 'legend' => array ('align' => array ()), 'li' => array (), 'p' => array ('align' => array ()), 'pre' => array ('width' => array ()), 'q' => array ('cite' => array ()), 's' => array (), 'strike' => array (), 'strong' => array (), 'sub' => array (), 'sup' => array (), 'table' => array ('align' => array (), 'bgcolor' => array (), 'border' => array (), 'cellpadding' => array (), 'cellspacing' => array (), 'rules' => array (), 'summary' => array (), 'width' => array ()), 'tbody' => array ('align' => array (), 'char' => array (), 'charoff' => array (), 'valign' => array ()), 'td' => array ('abbr' => array (), 'align' => array (), 'axis' => array (), 'bgcolor' => array (), 'char' => array (), 'charoff' => array (), 'colspan' => array (), 'headers' => array (), 'height' => array (), 'nowrap' => array (), 'rowspan' => array (), 'scope' => array (), 'valign' => array (), 'width' => array ()), 'textarea' => array ('cols' => array (), 'rows' => array (), 'disabled' => array (), 'name' => array (), 'readonly' => array ()), 'tfoot' => array ('align' => array (), 'char' => array (), 'charoff' => array (), 'valign' => array ()), 'th' => array ('abbr' => array (), 'align' => array (), 'axis' => array (), 'bgcolor' => array (), 'char' => array (), 'charoff' => array (), 'colspan' => array (), 'headers' => array (), 'height' => array (), 'nowrap' => array (), 'rowspan' => array (), 'scope' => array (), 'valign' => array (), 'width' => array ()), 'thead' => array ('align' => array (), 'char' => array (), 'charoff' => array (), 'valign' => array ()), 'title' => array (), 'tr' => array ('align' => array (), 'bgcolor' => array (), 'char' => array (), 'charoff' => array (), 'valign' => array ()), 'tt' => array (), 'u' => array (), 'ul' => array (), 'ol' => array (), 'var' => array () );
- $allowedtags = array ('a' => array ('href' => array (), 'title' => array ()), 'abbr' => array ('title' => array ()), 'acronym' => array ('title' => array ()), 'b' => array (), 'blockquote' => array ('cite' => array ()),
+ $allowedposttags = array(
+ 'address' => array(),
+ 'a' => array(
+ 'href' => array(), 'title' => array(),
+ 'rel' => array(), 'rev' => array(),
+ 'name' => array()
+ ),
+ 'abbr' => array(
+ 'title' => array(), 'class' => array()
+ ),
+ 'acronym' => array(
+ 'title' => array()
+ ),
+ 'b' => array(),
+ 'big' => array(),
+ 'blockquote' => array(
+ 'cite' => array(), 'xml:lang' => array(),
+ 'lang' => array()
+ ),
+ 'br' => array(),
+ 'button' => array(
+ 'disabled' => array(), 'name' => array(),
+ 'type' => array(), 'value' => array()
+ ),
+ 'caption' => array(
+ 'align' => array()
+ ),
+ 'code' => array(),
+ 'col' => array(
+ 'align' => array(), 'char' => array(),
+ 'charoff' => array(), 'span' => array(),
+ 'valign' => array(), 'width' => array()
+ ),
+ 'del' => array(
+ 'datetime' => array()
+ ),
+ 'dd' => array(),
+ 'div' => array(
+ 'align' => array(), 'xml:lang' => array(),
+ 'lang' => array()
+ ),
+ 'dl' => array(),
+ 'dt' => array(),
+ 'em' => array(),
+ 'fieldset' => array(),
+ 'font' => array(
+ 'color' => array(), 'face' => array(),
+ 'size' => array()
+ ),
+ 'form' => array(
+ 'action' => array(), 'accept' => array(),
+ 'accept-charset' => array(), 'enctype' => array(),
+ 'method' => array(), 'name' => array(),
+ 'target' => array()
+ ),
+ 'h1' => array(
+ 'align' => array()
+ ),
+ 'h2' => array(
+ 'align' => array()
+ ),
+ 'h3' => array(
+ 'align' => array()
+ ),
+ 'h4' => array(
+ 'align' => array()
+ ),
+ 'h5' => array(
+ 'align' => array()
+ ),
+ 'h6' => array(
+ 'align' => array()
+ ),
+ 'hr' => array(
+ 'align' => array(), 'noshade' => array(),
+ 'size' => array(), 'width' => array()
+ ),
+ 'i' => array(),
+ 'img' => array(
+ 'alt' => array(), 'align' => array(),
+ 'border' => array(), 'height' => array(),
+ 'hspace' => array(), 'longdesc' => array(),
+ 'vspace' => array(), 'src' => array(),
+ 'width' => array()
+ ),
+ 'ins' => array(
+ 'datetime' => array(), 'cite' => array()
+ ),
+ 'kbd' => array(),
+ 'label' => array(
+ 'for' => array()
+ ),
+ 'legend' => array(
+ 'align' => array()
+ ),
+ 'li' => array(),
+ 'p' => array(
+ 'align' => array(), 'xml:lang' => array(),
+ 'lang' => array()
+ ),
+ 'pre' => array(
+ 'width' => array()
+ ),
+ 'q' => array(
+ 'cite' => array()
+ ),
+ 's' => array(),
+ 'strike' => array(),
+ 'strong' => array(),
+ 'sub' => array(),
+ 'sup' => array(),
+ 'table' => array(
+ 'align' => array(), 'bgcolor' => array(),
+ 'border' => array(), 'cellpadding' => array(),
+ 'cellspacing' => array(), 'rules' => array(),
+ 'summary' => array(), 'width' => array()
+ ),
+ 'tbody' => array(
+ 'align' => array(), 'char' => array(),
+ 'charoff' => array(), 'valign' => array()
+ ),
+ 'td' => array(
+ 'abbr' => array(), 'align' => array(),
+ 'axis' => array(), 'bgcolor' => array(),
+ 'char' => array(), 'charoff' => array(),
+ 'colspan' => array(), 'headers' => array(),
+ 'height' => array(), 'nowrap' => array(),
+ 'rowspan' => array(), 'scope' => array(),
+ 'valign' => array(), 'width' => array()
+ ),
+ 'textarea' => array(
+ 'cols' => array(), 'rows' => array(),
+ 'disabled' => array(), 'name' => array(),
+ 'readonly' => array()
+ ),
+ 'tfoot' => array(
+ 'align' => array(), 'char' => array(),
+ 'charoff' => array(), 'valign' => array()
+ ),
+ 'th' => array(
+ 'abbr' => array(), 'align' => array(),
+ 'axis' => array(), 'bgcolor' => array(),
+ 'char' => array(), 'charoff' => array(),
+ 'colspan' => array(), 'headers' => array(),
+ 'height' => array(), 'nowrap' => array(),
+ 'rowspan' => array(), 'scope' => array(),
+ 'valign' => array(), 'width' => array()
+ ),
+ 'thead' => array(
+ 'align' => array(), 'char' => array(),
+ 'charoff' => array(), 'valign' => array()
+ ),
+ 'title' => array(),
+ 'tr' => array(
+ 'align' => array(), 'bgcolor' => array(),
+ 'char' => array(), 'charoff' => array(),
+ 'valign' => array()
+ ),
+ 'tt' => array(),
+ 'u' => array(),
+ 'ul' => array(),
+ 'ol' => array(),
+ 'var' => array()
+ );
+
+ $allowedtags = array(
+ 'a' => array(
+ 'href' => array(), 'title' => array()
+ ),
+ 'abbr' => array(
+ 'title' => array()
+ ),
+ 'acronym' => array(
+ 'title' => array()
+ ),
+ 'b' => array(),
+ 'blockquote' => array(
+ 'cite' => array()
+ ),
// 'br' => array(),
- 'code' => array (),
+ 'code' => array(),
// 'del' => array('datetime' => array()),
// 'dd' => array(),
// 'dl' => array(),
// 'dt' => array(),
- 'em' => array (), 'i' => array (),
+ 'em' => array(),
+ 'i' => array(),
// 'ins' => array('datetime' => array(), 'cite' => array()),
// 'li' => array(),
// 'ol' => array(),
// 'p' => array(),
// 'q' => array(),
- 'strike' => array (), 'strong' => array (),
+ 'strike' => array(),
+ 'strong' => array(),
// 'sub' => array(),
// 'sup' => array(),
// 'u' => array(),
// 'ul' => array(),
);
}
-function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'feed', 'gopher', 'mailto'))
+
+function wp_kses($string, $allowed_html, $allowed_protocols = array ('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet'))
###############################################################################
# This function makes sure that only the allowed HTML element names, attribute
# names and attribute values plus only sane HTML entities will occur in
$string = wp_kses_no_null($string);
$string = wp_kses_js_entities($string);
$string = wp_kses_normalize_entities($string);
- $string = wp_kses_hook($string);
$allowed_html_fixed = wp_kses_array_lc($allowed_html);
+ $string = wp_kses_hook($string, $allowed_html_fixed, $allowed_protocols); // WP changed the order of these funcs and added args to wp_kses_hook
return wp_kses_split($string, $allowed_html_fixed, $allowed_protocols);
} # function wp_kses
-function wp_kses_hook($string)
+function wp_kses_hook($string, $allowed_html, $allowed_protocols)
###############################################################################
# You add any kses hooks here.
###############################################################################
{
+ $string = apply_filters('pre_kses', $string, $allowed_html, $allowed_protocols);
return $string;
} # function wp_kses_hook
$elem = $matches[2];
$attrlist = $matches[3];
- if (!@ is_array($allowed_html[strtolower($elem)]))
+ if (!@isset($allowed_html[strtolower($elem)]))
return '';
# They are using a not allowed HTML element
###############################################################################
{
$string = wp_kses_no_null($string);
+ $string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
$string2 = $string.'a';
while ($string != $string2) {
function wp_kses_no_null($string)
###############################################################################
-# This function removes any NULL or chr(173) characters in $string.
+# This function removes any NULL characters in $string.
###############################################################################
{
$string = preg_replace('/\0+/', '', $string);
$string2 = wp_kses_decode_entities($string);
$string2 = preg_replace('/\s/', '', $string2);
$string2 = wp_kses_no_null($string2);
+ $string2 = preg_replace('/\xad+/', '', $string2);
+ # deals with Opera "feature"
$string2 = strtolower($string2);
$allowed = false;
function wp_filter_kses($data) {
global $allowedtags;
- return wp_kses($data, $allowedtags);
+ return addslashes( wp_kses(stripslashes( $data ), $allowedtags) );
}
function wp_filter_post_kses($data) {
return addslashes ( wp_kses(stripslashes( $data ), $allowedposttags) );
}
-function kses_init_filters() {
- add_filter('pre_comment_author', 'wp_filter_kses');
- add_filter('pre_comment_content', 'wp_filter_kses');
- add_filter('content_save_pre', 'wp_filter_post_kses');
- add_filter('title_save_pre', 'wp_filter_kses');
+function wp_filter_nohtml_kses($data) {
+ return addslashes ( wp_kses(stripslashes( $data ), array()) );
}
-function kses_init() {
- global $current_user;
+function kses_init_filters() {
+ // Normal filtering.
+ add_filter('pre_comment_content', 'wp_filter_kses');
+ add_filter('title_save_pre', 'wp_filter_kses');
+
+ // Post filtering
+ add_filter('content_save_pre', 'wp_filter_post_kses');
+ add_filter('excerpt_save_pre', 'wp_filter_post_kses');
+ add_filter('content_filtered_save_pre', 'wp_filter_post_kses');
+}
- remove_filter('pre_comment_author', 'wp_filter_kses');
+function kses_remove_filters() {
+ // Normal filtering.
remove_filter('pre_comment_content', 'wp_filter_kses');
- remove_filter('content_save_pre', 'wp_filter_post_kses');
remove_filter('title_save_pre', 'wp_filter_kses');
- if (! defined('XMLRPC_REQUEST') )
- get_currentuserinfo();
+ // Post filtering
+ remove_filter('content_save_pre', 'wp_filter_post_kses');
+ remove_filter('excerpt_save_pre', 'wp_filter_post_kses');
+ remove_filter('content_filtered_save_pre', 'wp_filter_post_kses');
+}
+
+function kses_init() {
+ kses_remove_filters();
if (current_user_can('unfiltered_html') == false)
kses_init_filters();
}
+
add_action('init', 'kses_init');
add_action('set_current_user', 'kses_init');
?>