function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
$string = wp_kses_stripslashes($string);
if (substr($string, 0, 1) != '<') {
return '>';
}
# It matched a ">" character
if (preg_match('%^<!--(.*?)(-->)?$%', $string, $matches)) {
$string = str_replace(array('<!--', '-->'), '', $matches[1]);
while ($string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols))) {
$string = $newstring;
}
if ($string == '') {
return '';
}
return "<!--{$string}-->";
}
# Allow HTML comments
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
return '';
}
# It's seriously malformed
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!@isset($allowed_html[strtolower($elem)])) {
return '';
}
# They are using a not allowed HTML element
if ($slash != '') {
return "<{$slash}{$elem}>";
}
# No attributes are allowed for closing elements
return wp_kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
$string = wp_kses_stripslashes($string);
if (substr($string, 0, 1) != '<') {
return '>';
}
# It matched a ">" character
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
return '';
}
# It's seriously malformed
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!is_array($allowed_html[strtolower($elem)])) {
return '';
}
# They are using a not allowed HTML element
return wp_kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
/**
* Callback for wp_kses_split for fixing malformed HTML tags.
*
* This function does a lot of work. It rejects some very malformed things like
* <:::>. It returns an empty string, if the element isn't allowed (look ma, no
* strip_tags()!). Otherwise it splits the tag into an element and an attribute
* list.
*
* After the tag is split into an element and an attribute list, it is run
* through another filter which will remove illegal attributes and once that is
* completed, will be returned.
*
* @access private
* @since 1.0.0
*
* @param string $string Content to filter
* @param array $allowed_html Allowed HTML elements
* @param array $allowed_protocols Allowed protocols to keep
* @return string Fixed HTML element
*/
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
{
$string = wp_kses_stripslashes($string);
if (substr($string, 0, 1) != '<') {
return '>';
}
// It matched a ">" character
if ('<!--' == substr($string, 0, 4)) {
$string = str_replace(array('<!--', '-->'), '', $string);
while ($string != ($newstring = wp_kses($string, $allowed_html, $allowed_protocols))) {
$string = $newstring;
}
if ($string == '') {
return '';
}
// prevent multiple dashes in comments
$string = preg_replace('/--+/', '-', $string);
// prevent three dashes closing a comment
$string = preg_replace('/-$/', '', $string);
return "<!--{$string}-->";
}
// Allow HTML comments
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
return '';
}
// It's seriously malformed
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!is_array($allowed_html)) {
$allowed_html = wp_kses_allowed_html($allowed_html);
}
if (!isset($allowed_html[strtolower($elem)])) {
return '';
}
// They are using a not allowed HTML element
if ($slash != '') {
return "</{$elem}>";
}
// No attributes are allowed for closing elements
return wp_kses_attr($elem, $attrlist, $allowed_html, $allowed_protocols);
}
function wp_kses_split2($string, $allowed_html, $allowed_protocols)
###############################################################################
# This function does a lot of work. It rejects some very malformed things
# like <:::>. It returns an empty string, if the element isn't allowed (look
# ma, no strip_tags()!). Otherwise it splits the tag into an element and an
# attribute list.
###############################################################################
{
$string = wp_kses_stripslashes($string);
if (substr($string, 0, 1) != '<')
return '>';
# It matched a ">" character
if (preg_match('%^<!--(.*?)(-->)?$%', $string, $matches)) {
$string = str_replace(array('<!--', '-->'), '', $matches[1]);
while ( $string != $newstring = wp_kses($string, $allowed_html, $allowed_protocols) )
$string = $newstring;
if ( $string == '' )
return '';
return "<!--{$string}-->";
}
# Allow HTML comments
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches))
return '';
# It's seriously malformed
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!@isset($allowed_html[strtolower($elem)]))
return '';
# They are using a not allowed HTML element
if ($slash != '')
return "<$slash$elem>";
# No attributes are allowed for closing elements
return wp_kses_attr("$slash$elem", $attrlist, $allowed_html, $allowed_protocols);
} # function wp_kses_split2
function wp_kses_split2($string, $allowed_html, $allowed_protocols, $cutoff = true)
{
$string = wp_kses_stripslashes($string);
if (substr($string, 0, 1) != '<') {
return '>';
}
# It matched a ">" character
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
# It's seriously malformed
if ($cutoff) {
//hacked by NobuNobu to display not allowed element with < >
return '';
} else {
return str_replace(array('<', '>'), array('<', '>'), $string);
}
}
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!isset($allowed_html[strtolower($elem)]) || !is_array($allowed_html[strtolower($elem)])) {
# They are using a not allowed HTML element
if ($cutoff) {
return '';
} else {
//hacked by NobuNobu to display not allowed element with < >
return str_replace(array('<', '>'), array('<', '>'), $string);
}
}
if ($slash != '') {
return "<{$slash}{$elem}>";
}
# No attributes are allowed for closing elements
return wp_kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
