/** * Filters content and keeps only allowable HTML elements. * * This function makes sure that only the allowed HTML element names, attribute * names and attribute values plus only sane HTML entities will occur in * $string. You have to remove any slashes from PHP's magic quotes before you * call this function. * * The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', * 'irc', 'gopher', 'nntp', 'feed', 'telnet, 'mms', 'rtsp' and 'svn'. This * covers all common link protocols, except for 'javascript' which should not * be allowed for untrusted users. * * @since 1.0.0 * * @param string $string Content to filter through kses * @param array $allowed_html List of allowed HTML elements * @param array $allowed_protocols Optional. Allowed protocol in links. * @return string Filtered content with only allowed HTML elements */ function asc_kses($string, $allowed_html, $allowed_protocols = array()) { if (empty($allowed_protocols)) { $allowed_protocols = asc_allowed_protocols(); } $string = asc_kses_no_null($string); $string = asc_kses_js_entities($string); $string = asc_kses_normalize_entities($string); $string = asc_kses_hook($string, $allowed_html, $allowed_protocols); // WP changed the order of these funcs and added args to asc_kses_hook return asc_kses_split($string, $allowed_html, $allowed_protocols); }
/** * Callback to add a base url to relative links in passed content. * * @since 2.7.0 * @access private * * @param string $m The matched link. * @return string The processed link. */ function _links_add_base($m) { global $_links_add_base; //1 = attribute name 2 = quotation mark 3 = URL return $m[1] . '=' . $m[2] . (preg_match('#^(\\w{1,20}):#', $m[3], $protocol) && in_array($protocol[1], asc_allowed_protocols()) ? $m[3] : path_join($_links_add_base, $m[3])) . $m[2]; }