function kses_split2($string, $allowed_html, $allowed_protocols)
{
$string = kses_stripslashes($string);
if (substr($string, 0, 1) != '<') {
return '>';
}
# It matched a ">" character
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
return '';
}
# It's seriously malformed
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!@isset($allowed_html[strtolower($elem)])) {
$string = str_replace(array('<', '>'), array('<', '>'), $string);
return $string;
# They are using a not allowed HTML element
}
if ($slash != '') {
return "<{$slash}{$elem}>";
}
# No attributes are allowed for closing elements
return kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
function kses_split2($matches)
{
//Zenphoto:preg_replace with the "e" modifier is deprecated, this is the callback
global $_allowed_html, $_allowed_protocols;
$allowed_html = $_allowed_html;
$allowed_protocols = $_allowed_protocols;
$string = kses_stripslashes($matches[1]);
if (substr($string, 0, 1) != '<') {
return '>';
# It matched a ">" character
}
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>$%', $string, $matches)) {
return $string;
# It's seriously malformed
}
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!@isset($allowed_html[strtolower($elem)])) {
return '';
}
# They are using a not allowed HTML element
if ($slash != '') {
return "<{$slash}{$elem}>";
}
# No attributes are allowed for closing elements
return kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
function kses_split2($string, $allowed_html, $allowed_protocols)
{
$string = kses_stripslashes($string);
if (substr($string, 0, 1) != '<') {
return '>';
}
# It matched a ">" character
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
return '';
}
# It's seriously malformed
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!is_array($allowed_html[strtolower($elem)])) {
return '';
}
# They are using a not allowed HTML element
return kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
/**
* Callback for kses_split for fixing malformed HTML tags.
*
* This function does a lot of work. It rejects some very malformed things like
* <:::>. It returns an empty string, if the element isn't allowed (look ma, no
* strip_tags()!). Otherwise it splits the tag into an element and an attribute
* list.
*
* After the tag is split into an element and an attribute list, it is run
* through another filter which will remove illegal attributes and once that is
* completed, will be returned.
*
* @access private
* @uses kses_attr()
*
* @param string $string Content to filter
* @param array $allowed_html Allowed HTML elements
* @param array $allowed_protocols Allowed protocols to keep
* @return string Fixed HTML element
*/
function kses_split2($string, $allowed_html, $allowed_protocols)
{
$string = kses_stripslashes($string);
if (substr($string, 0, 1) != '<') {
return '>';
}
// It matched a ">" character
if (preg_match('%^<!--(.*?)(-->)?$%', $string, $matches)) {
$string = str_replace(array('<!--', '-->'), '', $matches[1]);
while ($string != ($newstring = kses($string, $allowed_html, $allowed_protocols))) {
$string = $newstring;
}
if ($string == '') {
return '';
}
// prevent multiple dashes in comments
$string = preg_replace('/--+/', '-', $string);
// prevent three dashes closing a comment
$string = preg_replace('/-$/', '', $string);
return "<!--{$string}-->";
}
// Allow HTML comments
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
return '';
}
// It's seriously malformed
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!@isset($allowed_html[strtolower($elem)])) {
return '';
}
// They are using a not allowed HTML element
if ($slash != '') {
return "<{$slash}{$elem}>";
}
// No attributes are allowed for closing elements
return kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
function kses_split2($matches)
{
###############################################################################
# This function does a lot of work. It rejects some very malformed things
# like <:::>. It returns an empty string, if the element isn't allowed (look
# ma, no strip_tags()!). Otherwise it splits the tag into an element and an
# attribute list.
###############################################################################
//update// preg_replace with the "e" modifier is deprecated, this is the callback
global $_allowed_html, $_allowed_protocols;
$allowed_html = $_allowed_html;
$allowed_protocols = $_allowed_protocols;
$string = kses_stripslashes($matches[1]);
if (substr($string, 0, 1) != '<') {
return '>';
# It matched a ">" character
}
if (!preg_match('%^<\\s*(/\\s*)?([a-zA-Z0-9]+)([^>]*)>$%', $string, $matches)) {
return $string;
# It's seriously malformed
}
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (!@isset($allowed_html[strtolower($elem)])) {
return '';
}
# They are using a not allowed HTML element
if ($slash != '') {
return "<{$slash}{$elem}>";
}
# No attributes are allowed for closing elements
return kses_attr("{$slash}{$elem}", $attrlist, $allowed_html, $allowed_protocols);
}
