d_protocol($match[1], $allowed_protocols); $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname='$thisval'", 'vless' => 'n'); $working = 1; $mode = 0; $attr = preg_replace("/^'[^']*'(\s+|$)/", '', $attr); break; } if (preg_match("%^([^\s\"']+)(\s+|$)%", $attr, $match)) # value { $thisval = wp_kses_bad_protocol($match[1], $allowed_protocols); $attrarr[] = array ('name' => $attrname, 'value' => $thisval, 'whole' => "$attrname=\"$thisval\"", 'vless' => 'n'); # We add quotes to conform to W3C's HTML spec. $working = 1; $mode = 0; $attr = preg_replace("%^[^\s\"']+(\s+|$)%", '', $attr); } break; } # switch if ($working == 0) # not well formed, remove and try again { $attr = wp_kses_html_error($attr); $mode = 0; } } # while if ($mode == 1) # special case, for when the attribute list ends with a valueless # attribute like "selected" $attrarr[] = array ('name' => $attrname, 'value' => '', 'whole' => $attrname, 'vless' => 'y'); return $attrarr; } /** * wp_kses_check_attr_val() - Performs different checks for attribute values. * * The currently implemented checks are "maxlen", "minlen", "maxval", "minval" * and "valueless" with even more checks to come soon. * * @since 1.0.0 * * @param string $value Attribute value * @param string $vless Whether the value is valueless or not. Use 'y' or 'n' * @param string $checkname What $checkvalue is checking for. * @param mixed $checkvalue What constraint the value should pass * @return bool Whether check passes (true) or not (false) */ function wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue) { $ok = true; switch (strtolower($checkname)) { case 'maxlen' : # The maxlen check makes sure that the attribute value has a length not # greater than the given value. This can be used to avoid Buffer Overflows # in WWW clients and various Internet servers. if (strlen($value) > $checkvalue) $ok = false; break; case 'minlen' : # The minlen check makes sure that the attribute value has a length not # smaller than the given value. if (strlen($value) < $checkvalue) $ok = false; break; case 'maxval' : # The maxval check does two things: it checks that the attribute value is # an integer from 0 and up, without an excessive amount of zeroes or # whitespace (to avoid Buffer Overflows). It also checks that the attribute # value is not greater than the given value. # This check can be used to avoid Denial of Service attacks. if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value)) $ok = false; if ($value > $checkvalue) $ok = false; break; case 'minval' : # The minval check checks that the attribute value is a positive integer, # and that it is not smaller than the given value. if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value)) $ok = false; if ($value < $checkvalue) $ok = false; break; case 'valueless' : # The valueless check checks if the attribute has a value # (like ) or not (