WordPress 4.0.1

[autoinstallsdev/wordpress.git] / wp-includes / kses.php

diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index 9d8d6fed1934fff3d2de3ec8617061d5c8f9efa7..6696161cfd4794854a46fbd1f15f5835cd195e48 100644 (file)
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -44,6 +44,10 @@
 if ( ! defined( 'CUSTOM_TAGS' ) )
        define( 'CUSTOM_TAGS', false );
 
+// Ensure that these variables are added to the global namespace
+// (e.g. if using namespaces / autoload in the current PHP environment).
+global $allowedposttags, $allowedtags, $allowedentitynames;
+
 if ( ! CUSTOM_TAGS ) {
        /**
         * Kses global for default allowable HTML tags.
@@ -987,7 +991,9 @@ function wp_kses_bad_protocol($string, $allowed_protocols) {
 }
 
 /**
- * Removes any null characters in $string.
+ * Removes any invalid control characters in $string.
+ *
+ * Also removes any instance of the '\0' string.
  *
  * @since 1.0.0
  *
@@ -995,7 +1001,7 @@ function wp_kses_bad_protocol($string, $allowed_protocols) {
  * @return string
  */
 function wp_kses_no_null($string) {
-       $string = preg_replace('/\0+/', '', $string);
+       $string = preg_replace('/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $string);
        $string = preg_replace('/(\\\\0)+/', '', $string);
 
        return $string;
@@ -1434,7 +1440,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
        $css = wp_kses_no_null($css);
        $css = str_replace(array("\n","\r","\t"), '', $css);
 
-       if ( preg_match( '%[\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
+       if ( preg_match( '%[\\\\(&=}]|/\*%', $css ) ) // remove any inline css containing \ ( & } = or comments
                return '';
 
        $css_array = explode( ';', trim( $css ) );