[wp-trac] [WordPress Trac] #43312: wp-includes\kses.php
WordPress Trac
noreply at wordpress.org
Wed Feb 14 09:33:16 UTC 2018
#43312: wp-includes\kses.php
--------------------------+-----------------------------
Reporter: andrei0x309 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.4
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
The function: wp_kses_attr() outpus a warning on newer PHP 7.2.
this function:
{{{#!php
<?php
function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols)
{
if ( ! is_array( $allowed_html ) )
$allowed_html = wp_kses_allowed_html( $allowed_html );
// Is there a closing XHTML slash at the end of the attributes?
$xhtml_slash = '';
if (preg_match('%\s*/\s*$%', $attr))
$xhtml_slash = ' /';
// Are any attributes allowed at all for this element?
if ( ! isset( $allowed_html[ strtolower( $element ) ] ) || true
=== $allowed_html[ strtolower( $element ) ] || count( $allowed_html[
strtolower( $element ) ] ) == 0 ) {
return "<$element$xhtml_slash>";
}
// Split it
$attrarr = wp_kses_hair($attr, $allowed_protocols);
// Go through $attrarr, and save the allowed attributes for this
element
// in $attr2
$attr2 = '';
foreach ( $attrarr as $arreach ) {
if ( wp_kses_attr_check( $arreach['name'],
$arreach['value'], $arreach['whole'], $arreach['vless'], $element,
$allowed_html ) ) {
$attr2 .= ' '.$arreach['whole'];
}
}
// Remove any "<" or ">" characters
$attr2 = preg_replace('/[<>]/', '', $attr2);
return "<$element$attr2$xhtml_slash>";
}
}}}
can be changed to this:
this function:
{{{#!php
<?php
function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols)
{
if ( ! is_array( $allowed_html ) )
$allowed_html = wp_kses_allowed_html( $allowed_html );
// Is there a closing XHTML slash at the end of the attributes?
$xhtml_slash = '';
if (preg_match('%\s*/\s*$%', $attr))
$xhtml_slash = ' /';
// Are any attributes allowed at all for this element?
if ( ! isset( $allowed_html[ strtolower( $element ) ] ) || true
=== $allowed_html[ strtolower( $element ) ] || empty( $allowed_html[
strtolower( $element ) ] ) ) {
return "<$element$xhtml_slash>";
}
// Split it
$attrarr = wp_kses_hair($attr, $allowed_protocols);
// Go through $attrarr, and save the allowed attributes for this
element
// in $attr2
$attr2 = '';
foreach ( $attrarr as $arreach ) {
if ( wp_kses_attr_check( $arreach['name'],
$arreach['value'], $arreach['whole'], $arreach['vless'], $element,
$allowed_html ) ) {
$attr2 .= ' '.$arreach['whole'];
}
}
// Remove any "<" or ">" characters
$attr2 = preg_replace('/[<>]/', '', $attr2);
return "<$element$attr2$xhtml_slash>";
}
}}}
I have also forked today your git repo and write a change the file here is
the link:
[https://github.com/andrei0x309/WordPress/commit/6d6d784481c3875f4da08f8655e6d0f5dfa78fe1]
Thanks in advance.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43312>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list