<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[43016] trunk/src/wp-includes: Formatting: Begin the process of improving the docs for KSES related functions.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/43016">43016</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/43016","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>johnbillion</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2018-04-28 13:57:32 +0000 (Sat, 28 Apr 2018)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Formatting: Begin the process of improving the docs for KSES related functions.
See <a href="https://core.trac.wordpress.org/ticket/33801">#33801</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunksrcwpincludesfunctionsphp">trunk/src/wp-includes/functions.php</a></li>
<li><a href="#trunksrcwpincludesksesphp">trunk/src/wp-includes/kses.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunksrcwpincludesfunctionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/functions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/functions.php 2018-04-28 12:10:13 UTC (rev 43015)
+++ trunk/src/wp-includes/functions.php 2018-04-28 13:57:32 UTC (rev 43016)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -5365,9 +5365,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @staticvar array $protocols
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return array Array of allowed protocols. Defaults to an array containing 'http', 'https',
- * 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet',
- * 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return string[] Array of allowed protocols. Defaults to an array containing 'http', 'https',
+ * 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet',
+ * 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'. This covers
+ * all common link protocols, except for 'javascript' which should not be
+ * allowed for untrusted users.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_allowed_protocols() {
</span><span class="cx" style="display: block; padding: 0 10px"> static $protocols = array();
</span></span></pre></div>
<a id="trunksrcwpincludesksesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/kses.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/kses.php 2018-04-28 12:10:13 UTC (rev 43015)
+++ trunk/src/wp-includes/kses.php 2018-04-28 13:57:32 UTC (rev 43016)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -31,15 +31,15 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * You can override this in a plugin.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Specifies the default allowable HTML tags.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * The {@see 'wp_kses_allowed_html'} filter is more powerful and supplies context.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Using `CUSTOM_TAGS` is not recommended and should be considered deprecated. The
+ * {@see 'wp_kses_allowed_html'} filter is more powerful and supplies context.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * `CUSTOM_TAGS` is not recommended and should be considered deprecated.
- *
</del><span class="cx" style="display: block; padding: 0 10px"> * @see wp_kses_allowed_html()
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @since 1.2.0
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @since 1.2.0
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @var array[]|bool Array of default allowable HTML tags, or false to use the defaults.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! defined( 'CUSTOM_TAGS' ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> define( 'CUSTOM_TAGS', false );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -51,11 +51,11 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! CUSTOM_TAGS ) {
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Kses global for default allowable HTML tags.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * KSES global for default allowable HTML tags.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Can be override by using CUSTOM_TAGS constant.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Can be overridden with the `CUSTOM_TAGS` constant.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @global array $allowedposttags
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @var array[] $allowedposttags Array of default allowable HTML tags.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 2.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> $allowedposttags = array(
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -416,9 +416,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Kses allowed HTML elements.
- *
- * @global array $allowedtags
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @var array[] $allowedtags Array of KSES allowed HTML elements.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> $allowedtags = array(
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -451,6 +449,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'strong' => array(),
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /**
+ * @var string[] $allowedentitynames Array of KSES allowed HTML entitity names.
+ * @since 1.0.0
+ */
</ins><span class="cx" style="display: block; padding: 0 10px"> $allowedentitynames = array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'nbsp',
</span><span class="cx" style="display: block; padding: 0 10px"> 'iexcl',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -714,24 +716,23 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Filters content and keeps only allowable HTML elements.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Filters text content and strips out disallowed HTML.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * This function makes sure that only the allowed HTML element names, attribute
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * names and attribute values plus only sane HTML entities will occur in
- * $string. You have to remove any slashes from PHP's magic quotes before you
- * call this function.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * names, attribute values, and HTML entities will occur in the given text string.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news',
- * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This
- * covers all common link protocols, except for 'javascript' which should not
- * be allowed for untrusted users.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function expects unslashed data.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @see wp_kses_post() for specifically filtering post content and fields.
+ * @see wp_allowed_protocols() for the default allowed protocols in link URLs.
+ *
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to filter through kses
- * @param array $allowed_html List of allowed HTML elements
- * @param array $allowed_protocols Optional. Allowed protocol in links.
- * @return string Filtered content with only allowed HTML elements
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Text content to filter.
+ * @param array[]|string $allowed_html An array of allowed HTML elements and attributes, or a
+ * context name such as 'post'.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
+ * @return string Filtered content containing only the allowed HTML.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses( $string, $allowed_html, $allowed_protocols = array() ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( empty( $allowed_protocols ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -739,20 +740,19 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> $string = wp_kses_no_null( $string, array( 'slash_zero' => 'keep' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $string = wp_kses_normalize_entities( $string );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $string = wp_kses_hook( $string, $allowed_html, $allowed_protocols ); // WP changed the order of these funcs and added args to wp_kses_hook
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $string = wp_kses_hook( $string, $allowed_html, $allowed_protocols );
</ins><span class="cx" style="display: block; padding: 0 10px"> return wp_kses_split( $string, $allowed_html, $allowed_protocols );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Filters one attribute only and ensures its value is allowed.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Filters one HTML attribute and ensures its value is allowed.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This function has the advantage of being more secure than esc_attr() and can
- * escape data in some situations where wp_kses() must strip the whole attribute.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function can escape data in some situations where `wp_kses()` must strip the whole attribute.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.2.3
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string The 'whole' attribute, including name and value.
- * @param string $element The element name to which the attribute belongs.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string The 'whole' attribute, including name and value.
+ * @param string $element The HTML element name to which the attribute belongs.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @return string Filtered attribute.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_one_attr( $string, $element ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -818,7 +818,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Return a list of allowed tags and attributes for a given context.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Returns an array of allowed HTML tags and attributes for a given context.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 3.5.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -826,10 +826,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @global array $allowedtags
</span><span class="cx" style="display: block; padding: 0 10px"> * @global array $allowedentitynames
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string|array $context The context for which to retrieve tags.
- * Allowed values are post, strip, data, entities, or
- * the name of a field filter such as pre_user_description.
- * @return array List of allowed tags and their allowed attributes.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string|array $context The context for which to retrieve tags. Allowed values are 'post',
+ * 'strip', 'data', 'entities', or the name of a field filter such as
+ * 'pre_user_description'.
+ * @return array Array of allowed HTML tags and their allowed attributes.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_allowed_html( $context = '' ) {
</span><span class="cx" style="display: block; padding: 0 10px"> global $allowedposttags, $allowedtags, $allowedentitynames;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -836,12 +836,12 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( is_array( $context ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Filters HTML elements allowed for a given context.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Filters the HTML that is allowed for a given context.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 3.5.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param array $context Context to judge allowed tags by.
- * @param string $context_type Context type (explicit).
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param array[]|string $context Context to judge allowed tags by.
+ * @param string $context_type Context name.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> return apply_filters( 'wp_kses_allowed_html', $context, 'explicit' );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -874,16 +874,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * You add any kses hooks here.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * You add any KSES hooks here.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * There is currently only one kses WordPress hook, {@see 'pre_kses'}, and it is called here.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * There is currently only one KSES WordPress hook, {@see 'pre_kses'}, and it is called here.
</ins><span class="cx" style="display: block; padding: 0 10px"> * All parameters are passed to the hooks and expected to receive a string.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to filter through kses
- * @param array $allowed_html List of allowed HTML elements
- * @param array $allowed_protocols Allowed protocol in links
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to filter through KSES.
+ * @param array[]|string $allowed_html List of allowed HTML elements.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @return string Filtered content through {@see 'pre_kses'} hook.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_hook( $string, $allowed_html, $allowed_protocols ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -892,19 +892,19 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.3.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to run through kses.
- * @param array $allowed_html Allowed HTML elements.
- * @param array $allowed_protocols Allowed protocol in links.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to run through KSES.
+ * @param array[]|string $allowed_html Allowed HTML elements.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> return apply_filters( 'pre_kses', $string, $allowed_html, $allowed_protocols );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This function returns kses' version number.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Returns the version number of KSES.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return string KSES Version Number
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return string KSES version number.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_version() {
</span><span class="cx" style="display: block; padding: 0 10px"> return '0.2.2';
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -913,7 +913,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Searches for HTML tags, no matter how malformed.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * It also matches stray ">" characters.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * It also matches stray `>` characters.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -920,9 +920,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @global array $pass_allowed_html
</span><span class="cx" style="display: block; padding: 0 10px"> * @global array $pass_allowed_protocols
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to filter
- * @param array $allowed_html Allowed HTML elements
- * @param array $allowed_protocols Allowed protocols to keep
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to filter.
+ * @param array $allowed_html Allowed HTML elements.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @return string Content with fixed HTML tags
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -933,10 +933,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Callback for wp_kses_split.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Callback for `wp_kses_split()`.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 3.1.0
</span><span class="cx" style="display: block; padding: 0 10px"> * @access private
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @global array $pass_allowed_html
</span><span class="cx" style="display: block; padding: 0 10px"> * @global array $pass_allowed_protocols
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -949,11 +950,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Callback for wp_kses_split for fixing malformed HTML tags.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Callback for `wp_kses_split()` for fixing malformed HTML tags.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * This function does a lot of work. It rejects some very malformed things like
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * <:::>. It returns an empty string, if the element isn't allowed (look ma, no
- * strip_tags()!). Otherwise it splits the tag into an element and an attribute
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * `<:::>`. It returns an empty string, if the element isn't allowed (look ma, no
+ * `strip_tags()`!). Otherwise it splits the tag into an element and an attribute
</ins><span class="cx" style="display: block; padding: 0 10px"> * list.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * After the tag is split into an element and an attribute list, it is run
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -961,11 +962,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * completed, will be returned.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @access private
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to filter
- * @param array $allowed_html Allowed HTML elements
- * @param array $allowed_protocols Allowed protocols to keep
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to filter.
+ * @param array $allowed_html Allowed HTML elements.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @return string Fixed HTML element
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_split2( $string, $allowed_html, $allowed_protocols ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1021,19 +1023,19 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Removes all attributes, if none are allowed for this element.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * If some are allowed it calls wp_kses_hair() to split them further, and then
- * it builds up new HTML code from the data that kses_hair() returns. It also
- * removes "<" and ">" characters, if there are any left. One more thing it does
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * If some are allowed it calls `wp_kses_hair()` to split them further, and then
+ * it builds up new HTML code from the data that `kses_hair()` returns. It also
+ * removes `<` and `>` characters, if there are any left. One more thing it does
</ins><span class="cx" style="display: block; padding: 0 10px"> * is to check if the tag has a closing XHTML slash, and if it does, it puts one
</span><span class="cx" style="display: block; padding: 0 10px"> * in the returned code as well.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $element HTML element/tag
- * @param string $attr HTML attributes from HTML element to closing HTML element tag
- * @param array $allowed_html Allowed HTML elements
- * @param array $allowed_protocols Allowed protocols to keep
- * @return string Sanitized HTML element
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $element HTML element/tag.
+ * @param string $attr HTML attributes from HTML element to closing HTML element tag.
+ * @param array $allowed_html Allowed HTML elements.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
+ * @return string Sanitized HTML element.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_attr( $element, $attr, $allowed_html, $allowed_protocols ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! is_array( $allowed_html ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1071,17 +1073,17 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Determine whether an attribute is allowed.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Determines whether an attribute is allowed.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.2.3
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $name The attribute name. Returns empty string when not allowed.
- * @param string $value The attribute value. Returns a filtered value.
- * @param string $whole The name=value input. Returns filtered input.
- * @param string $vless 'y' when attribute like "enabled", otherwise 'n'.
- * @param string $element The name of the element to which this attribute belongs.
- * @param array $allowed_html The full list of allowed elements and attributes.
- * @return bool Is the attribute allowed?
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $name The attribute name. Passed by reference. Returns empty string when not allowed.
+ * @param string $value The attribute value. Passed by reference. Returns a filtered value.
+ * @param string $whole The `name=value` input. Passed by reference. Returns filtered input.
+ * @param string $vless Whether the attribute is valueless. Use 'y' or 'n'.
+ * @param string $element The name of the element to which this attribute belongs.
+ * @param array $allowed_html The full list of allowed elements and attributes.
+ * @return bool Whether or not the attribute is allowed.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $allowed_attr = $allowed_html[ strtolower( $element ) ];
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1126,13 +1128,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * or apostrophes around them, to make it easier to produce HTML code that will
</span><span class="cx" style="display: block; padding: 0 10px"> * conform to W3C's HTML specification. It will also remove bad URL protocols
</span><span class="cx" style="display: block; padding: 0 10px"> * from attribute values. It also reduces duplicate attributes by using the
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * attribute defined first (foo='bar' foo='baz' will result in foo='bar').
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * attribute defined first (`foo='bar' foo='baz'` will result in `foo='bar'`).
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $attr Attribute list from HTML element to closing HTML element tag
- * @param array $allowed_protocols Allowed protocols to keep
- * @return array List of attributes after parsing
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $attr Attribute list from HTML element to closing HTML element tag.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
+ * @return array[] Array of attribute information after parsing.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_hair( $attr, $allowed_protocols ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $attrarr = array();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1271,12 +1273,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * Does not modify input. May return "evil" output.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Based on wp_kses_split2() and wp_kses_attr()
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Based on `wp_kses_split2()` and `wp_kses_attr()`.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.2.3
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $element HTML element/tag
- * @return array|bool List of attributes found in $element. Returns false on failure.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $element HTML element.
+ * @return array|bool List of attributes found in the element. Returns false on failure.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_attr_parse( $element ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $valid = preg_match( '%^(<\s*)(/\s*)?([a-zA-Z0-9]+\s*)([^>]*)(>?)$%', $element, $matches );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1322,11 +1324,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * Does not modify input. May return "evil" output.
</span><span class="cx" style="display: block; padding: 0 10px"> * In case of unexpected input, returns false instead of stripping things.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Based on wp_kses_hair() but does not return a multi-dimensional array.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Based on `wp_kses_hair()` but does not return a multi-dimensional array.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.2.3
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $attr Attribute list from HTML element to closing HTML element tag
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $attr Attribute list from HTML element to closing HTML element tag.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @return array|bool List of attributes found in $attr. Returns false on failure.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_hair_parse( $attr ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1374,16 +1376,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Performs different checks for attribute values.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * The currently implemented checks are "maxlen", "minlen", "maxval", "minval"
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * The currently implemented checks are "maxlen", "minlen", "maxval", "minval",
</ins><span class="cx" style="display: block; padding: 0 10px"> * and "valueless".
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $value Attribute value
- * @param string $vless Whether the value is valueless. Use 'y' or 'n'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $value Attribute value.
+ * @param string $vless Whether the attribute is valueless. Use 'y' or 'n'.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @param string $checkname What $checkvalue is checking for.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param mixed $checkvalue What constraint the value should pass
- * @return bool Whether check passes
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param mixed $checkvalue What constraint the value should pass.
+ * @return bool Whether check passes.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $ok = true;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1437,9 +1439,9 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> case 'valueless':
</span><span class="cx" style="display: block; padding: 0 10px"> // The valueless check makes sure if the attribute has a value
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // (like <a href="blah">) or not (<option selected>). If the given value
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // (like `<a href="blah">`) or not (`<option selected>`). If the given value
</ins><span class="cx" style="display: block; padding: 0 10px"> // is a "y" or a "Y", the attribute must not have a value.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // If the given value is an "n" or an "N", the attribute must have one.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // If the given value is an "n" or an "N", the attribute must have a value.
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( strtolower( $checkvalue ) != $vless ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $ok = false;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1451,18 +1453,18 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Sanitize string from bad protocols.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Sanitizes a string and removed disallowed URL protocols.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This function removes all non-allowed protocols from the beginning of
- * $string. It ignores whitespace and the case of the letters, and it does
- * understand HTML entities. It does its work in a while loop, so it won't be
- * fooled by a string like "javascript:javascript:alert(57)".
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function removes all non-allowed protocols from the beginning of the
+ * string. It ignores whitespace and the case of the letters, and it does
+ * understand HTML entities. It does its work recursively, so it won't be
+ * fooled by a string like `javascript:javascript:alert(57)`.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to filter bad protocols from
- * @param array $allowed_protocols Allowed protocols to keep
- * @return string Filtered content
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to filter bad protocols from.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
+ * @return string Filtered content.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_bad_protocol( $string, $allowed_protocols ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $string = wp_kses_no_null( $string );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1481,15 +1483,15 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Removes any invalid control characters in $string.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Removes any invalid control characters in a text string.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Also removes any instance of the '\0' string.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Also removes any instance of the `\0` string.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string
- * @param array $options Set 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'.
- * @return string
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to filter null characters from.
+ * @param array $options Set 'slash_zero' => 'keep' when '\0' is allowed. Default is 'remove'.
+ * @return string Filtered content.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_no_null( $string, $options = null ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! isset( $options['slash_zero'] ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1507,14 +1509,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Strips slashes from in front of quotes.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This function changes the character sequence \" to just ". It leaves all
- * other slashes alone. It's really weird, but the quoting from
- * preg_replace(//e) seems to require this.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function changes the character sequence `\"` to just `"`. It leaves all other
+ * slashes alone. The quoting from `preg_replace(//e)` requires this.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string String to strip slashes
- * @return string Fixed string with quoted slashes
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string String to strip slashes from.
+ * @return string Fixed string with quoted slashes.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_stripslashes( $string ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return preg_replace( '%\\\\"%', '"', $string );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1521,12 +1522,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Goes through an array and changes the keys to all lower case.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Converts the keys of an array to lowercase.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param array $inarray Unfiltered array
- * @return array Fixed array with all lowercase keys
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param array $inarray Unfiltered array.
+ * @return array Fixed array with all lowercase keys.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_array_lc( $inarray ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $outarray = array();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1538,14 +1539,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> foreach ( (array) $inval as $inkey2 => $inval2 ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $outkey2 = strtolower( $inkey2 );
</span><span class="cx" style="display: block; padding: 0 10px"> $outarray[ $outkey ][ $outkey2 ] = $inval2;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- } // foreach $inval
- } // foreach $inarray
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ }
+ }
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return $outarray;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Handles parsing errors in wp_kses_hair().
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Handles parsing errors in `wp_kses_hair()`.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * The general plan is to remove everything to and including some whitespace,
</span><span class="cx" style="display: block; padding: 0 10px"> * but it deals with quotes and apostrophes as well.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1562,14 +1563,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Sanitizes content from bad protocols and other characters.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This function searches for URL protocols at the beginning of $string, while
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function searches for URL protocols at the beginning of the string, while
</ins><span class="cx" style="display: block; padding: 0 10px"> * handling whitespace and HTML entities.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to check for bad protocols
- * @param string $allowed_protocols Allowed protocols
- * @return string Sanitized content
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to check for bad protocols.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
+ * @return string Sanitized content.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_bad_protocol_once( $string, $allowed_protocols, $count = 1 ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $string2 = preg_split( '/:|�*58;|�*3a;/i', $string, 2 );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1592,17 +1593,18 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Callback for wp_kses_bad_protocol_once() regular expression.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Callback for `wp_kses_bad_protocol_once()` regular expression.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * This function processes URL protocols, checks to see if they're in the
</span><span class="cx" style="display: block; padding: 0 10px"> * whitelist or not, and returns different data depending on the answer.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @access private
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string URI scheme to check against the whitelist
- * @param string $allowed_protocols Allowed protocols
- * @return string Sanitized content
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string URI scheme to check against the whitelist.
+ * @param string[] $allowed_protocols Array of allowed URL protocols.
+ * @return string Sanitized content.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_bad_protocol_once2( $string, $allowed_protocols ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $string2 = wp_kses_decode_entities( $string );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1633,8 +1635,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to normalize entities
- * @return string Content with normalized entities
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to normalize entities.
+ * @return string Content with normalized entities.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_normalize_entities( $string ) {
</span><span class="cx" style="display: block; padding: 0 10px"> // Disarm all entities by converting & to &
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1649,7 +1651,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Callback for wp_kses_normalize_entities() regular expression.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Callback for `wp_kses_normalize_entities()` regular expression.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * This function only accepts valid named entity references, which are finite,
</span><span class="cx" style="display: block; padding: 0 10px"> * case-sensitive, and highly scrutinized by HTML and XML validators.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1658,8 +1660,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @global array $allowedentitynames
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param array $matches preg_replace_callback() matches array
- * @return string Correctly encoded entity
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param array $matches preg_replace_callback() matches array.
+ * @return string Correctly encoded entity.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_named_entities( $matches ) {
</span><span class="cx" style="display: block; padding: 0 10px"> global $allowedentitynames;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1673,16 +1675,17 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Callback for wp_kses_normalize_entities() regular expression.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Callback for `wp_kses_normalize_entities()` regular expression.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This function helps wp_kses_normalize_entities() to only accept 16-bit
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function helps `wp_kses_normalize_entities()` to only accept 16-bit
</ins><span class="cx" style="display: block; padding: 0 10px"> * values and nothing more for `&#number;` entities.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @access private
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param array $matches preg_replace_callback() matches array
- * @return string Correctly encoded entity
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param array $matches `preg_replace_callback()` matches array.
+ * @return string Correctly encoded entity.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_normalize_entities2( $matches ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( empty( $matches[1] ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1701,16 +1704,17 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Callback for wp_kses_normalize_entities() for regular expression.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Callback for `wp_kses_normalize_entities()` for regular expression.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This function helps wp_kses_normalize_entities() to only accept valid Unicode
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function helps `wp_kses_normalize_entities()` to only accept valid Unicode
</ins><span class="cx" style="display: block; padding: 0 10px"> * numeric entities in hex form.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.7.0
</span><span class="cx" style="display: block; padding: 0 10px"> * @access private
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param array $matches preg_replace_callback() matches array
- * @return string Correctly encoded entity
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param array $matches `preg_replace_callback()` matches array.
+ * @return string Correctly encoded entity.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_normalize_entities3( $matches ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( empty( $matches[1] ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1722,12 +1726,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Helper function to determine if a Unicode value is valid.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Determines if a Unicode codepoint is valid.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.7.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param int $i Unicode value
- * @return bool True if the value was a valid Unicode number
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param int $i Unicode codepoint.
+ * @return bool Whether or not the codepoint is a valid Unicode codepoint.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function valid_unicode( $i ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return ( $i == 0x9 || $i == 0xa || $i == 0xd ||
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1737,16 +1741,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Convert all entities to their character counterparts.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Converts all numeric HTML entities to their named counterparts.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * This function decodes numeric HTML entities (`A` and `A`).
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * It doesn't do anything with other entities like ä, but we don't
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * It doesn't do anything with named entities like `ä`, but we don't
</ins><span class="cx" style="display: block; padding: 0 10px"> * need them in the URL protocol whitelisting system anyway.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $string Content to change entities
- * @return string Content after decoded entities
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $string Content to change entities.
+ * @return string Content after decoded entities.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_decode_entities( $string ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $string = preg_replace_callback( '/&#([0-9]+);/', '_wp_kses_decode_entities_chr', $string );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1756,9 +1760,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Regex callback for wp_kses_decode_entities()
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Regex callback for `wp_kses_decode_entities()`.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.9.0
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @access private
+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array $match preg match
</span><span class="cx" style="display: block; padding: 0 10px"> * @return string
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1768,9 +1774,11 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Regex callback for wp_kses_decode_entities()
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Regex callback for `wp_kses_decode_entities()`.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.9.0
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @access private
+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array $match preg match
</span><span class="cx" style="display: block; padding: 0 10px"> * @return string
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1780,12 +1788,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Sanitize content with allowed HTML Kses rules.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Sanitize content with allowed HTML KSES rules.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function expects slashed data.
+ *
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 1.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $data Content to filter, expected to be escaped with slashes
- * @return string Filtered content
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $data Content to filter, expected to be escaped with slashes.
+ * @return string Filtered content.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_filter_kses( $data ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return addslashes( wp_kses( stripslashes( $data ), current_filter() ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1792,12 +1802,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Sanitize content with allowed HTML Kses rules.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Sanitize content with allowed HTML KSES rules.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function expects unslashed data.
+ *
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 2.9.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $data Content to filter, expected to not be escaped
- * @return string Filtered content
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $data Content to filter, expected to not be escaped.
+ * @return string Filtered content.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_data( $data ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return wp_kses( $data, current_filter() );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1804,14 +1816,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Sanitize content for allowed HTML tags for post content.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Sanitizes content for allowed HTML tags for post content.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Post content refers to the page contents of the 'post' type and not $_POST
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Post content refers to the page contents of the 'post' type and not `$_POST`
</ins><span class="cx" style="display: block; padding: 0 10px"> * data from forms.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function expects slashed data.
+ *
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 2.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $data Post content to filter, expected to be escaped with slashes
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $data Post content to filter, expected to be escaped with slashes.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @return string Filtered post content with allowed HTML tags and attributes intact.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_filter_post_kses( $data ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1819,14 +1833,16 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Sanitize content for allowed HTML tags for post content.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Sanitizes content for allowed HTML tags for post content.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Post content refers to the page contents of the 'post' type and not $_POST
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Post content refers to the page contents of the 'post' type and not `$_POST`
</ins><span class="cx" style="display: block; padding: 0 10px"> * data from forms.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function expects unslashed data.
+ *
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 2.9.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $data Post content to filter
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $data Post content to filter.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @return string Filtered post content with allowed HTML tags and attributes intact.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_kses_post( $data ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1849,12 +1865,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Strips all of the HTML in the content.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Strips all HTML from a text string.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This function expects slashed data.
+ *
</ins><span class="cx" style="display: block; padding: 0 10px"> * @since 2.1.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string $data Content to strip all HTML from
- * @return string Filtered content without any HTML
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string $data Content to strip all HTML from.
+ * @return string Filtered content without any HTML.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function wp_filter_nohtml_kses( $data ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return addslashes( wp_kses( stripslashes( $data ), 'strip' ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1861,12 +1879,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Adds all Kses input form content filters.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Adds all KSES input form content filters.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * All hooks have default priority. The wp_filter_kses() function is added to
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * All hooks have default priority. The `wp_filter_kses()` function is added to
</ins><span class="cx" style="display: block; padding: 0 10px"> * the 'pre_comment_content' and 'title_save_pre' hooks.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * The wp_filter_post_kses() function is added to the 'content_save_pre',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * The `wp_filter_post_kses()` function is added to the 'content_save_pre',
</ins><span class="cx" style="display: block; padding: 0 10px"> * 'excerpt_save_pre', and 'content_filtered_save_pre' hooks.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.0.0
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1889,13 +1907,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Removes all Kses input form content filters.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Removes all KSES input form content filters.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * A quick procedural method to removing all of the filters that kses uses for
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * A quick procedural method to removing all of the filters that KSES uses for
</ins><span class="cx" style="display: block; padding: 0 10px"> * content in WordPress Loop.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Does not remove the kses_init() function from {@see 'init'} hook (priority is
- * default). Also does not remove kses_init() function from {@see 'set_current_user'}
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Does not remove the `kses_init()` function from {@see 'init'} hook (priority is
+ * default). Also does not remove `kses_init()` function from {@see 'set_current_user'}
</ins><span class="cx" style="display: block; padding: 0 10px"> * hook (priority is also default).
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.0.6
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1915,16 +1933,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Sets up most of the Kses filters for input form content.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Sets up most of the KSES filters for input form content.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * If you remove the kses_init() function from {@see 'init'} hook and
- * {@see 'set_current_user'} (priority is default), then none of the Kses filter hooks
- * will be added.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * First removes all of the KSES filters in case the current user does not need
+ * to have KSES filter the content. If the user does not have `unfiltered_html`
+ * capability, then KSES filters are added.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * First removes all of the Kses filters in case the current user does not need
- * to have Kses filter the content. If the user does not have unfiltered_html
- * capability, then Kses filters are added.
- *
</del><span class="cx" style="display: block; padding: 0 10px"> * @since 2.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function kses_init() {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1936,13 +1950,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Inline CSS filter
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Filters an inline style attribute and removes disallowed rules.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.8.1
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $css A string of CSS rules.
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $deprecated Not used.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return string Filtered string of CSS rules.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return string Filtered string of CSS rules.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function safecss_filter_attr( $css, $deprecated = '' ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! empty( $deprecated ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1966,7 +1980,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.6.0 Added support for `list-style-type`.
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 5.0.0 Added support for `text-transform`.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param array $attr List of allowed CSS attributes.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string[] $attr Array of allowed CSS attributes.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> $allowed_attr = apply_filters(
</span><span class="cx" style="display: block; padding: 0 10px"> 'safe_style_css', array(
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2077,6 +2091,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 3.5.0
</span><span class="cx" style="display: block; padding: 0 10px"> * @access private
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @ignore
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array $value An array of attributes.
</span><span class="cx" style="display: block; padding: 0 10px"> * @return array The array of attributes with global attributes added.
</span></span></pre>
</div>
</div>
</body>
</html>