Skip to content

Instantly share code, notes, and snippets.

@xknown xknown/segfault.php Secret
Created Nov 9, 2016

Embed
What would you like to do?
<?php
function wp_kses_split( $string, $allowed_html, $allowed_protocols ) {
return preg_replace_callback( '%(<!--.*?(-->|$))|(<[^>]*(>|$)|>)%', function( $match ) use ($allowed_html, $allowed_protocols) {
return wp_kses_split2( $match[0], $allowed_html, $allowed_protocols );
}, $string );
}
function wp_kses_split2($string, $allowed_html, $allowed_protocols) {
$string = str_replace( '\\"', '"', $string );
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) {
return '';
}
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if ($slash != '')
return "</$elem>";
return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
}
function wp_kses_attr($element, $attr, $allowed_html, $allowed_protocols) {
$attrarr = array( array( 'name' => 'style', 'value' => '', 'whole' => "name=''", 'vless' => 'style' ) );
// Go through $attrarr, and save the allowed attributes for this element
// in $attr2
$attr2 = '';
foreach ( $attrarr as $arreach ) {
if ( wp_kses_attr_check( $arreach['name'], $arreach['value'], $arreach['whole'], $arreach['vless'], $element, $allowed_html ) ) {
$attr2 .= ' '.$arreach['whole'];
}
}
return "<$element$attr2>";
}
function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
$allowed_attr = $allowed_html[strtolower( $element )];
$name_low = strtolower( $name );
if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) {
$name = $value = $whole = '';
return false;
}
if ( 'style' == $name_low ) {
$new_value = safecss_filter_attr( $value );
if ( empty( $new_value ) ) {
$name = $value = $whole = '';
return false;
}
$whole = str_replace( $value, $new_value, $whole );
$value = $new_value;
}
return true;
}
function safecss_filter_attr( $css, $element = 'div' ) {
$css = $element . ' {' . $css . '}';
$css = wp_kses_split( $css, array(), array() );
$old = @setlocale(LC_ALL, 0);
@setlocale(LC_ALL, 'C');
preg_match( "/[^\s\r\n\t\f]/", $css{0} );
@setlocale(LC_ALL, $old);
return '';
}
$content = '<p style="">hola</p><p style="">hola</p>';
var_dump( wp_kses_split( addslashes( $content ), array('p'=>array('style' => array())), array() ) );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.