WordPress开发者和主题制作者的搜索引擎



wp_kses_split2 ›

Since1.0.0
已弃用n/a
wp_kses_split2 ( $string, $allowed_html, $allowed_protocols )
访问:
  • private
参数: (3)
  • (string) $string Content to filter.
    Required: Yes
  • (array) $allowed_html Allowed HTML elements.
    Required: Yes
  • (string[]) $allowed_protocols Array of allowed URL protocols.
    Required: Yes
返回:
  • (string) Fixed HTML element
定义在:
文档:

Callback for `wp_kses_split()` for fixing malformed HTML tags.

This function does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string, if the element isn't allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an attribute list.

After the tag is split into an element and an attribute list, it is run through another filter which will remove illegal attributes and once that is completed, will be returned.



源码

function wp_kses_split2( $string, $allowed_html, $allowed_protocols ) {
	$string = wp_kses_stripslashes( $string );

	// It matched a ">" character.
	if ( substr( $string, 0, 1 ) != '<' ) {
		return '&gt;';
	}

	// Allow HTML comments.
	if ( '<!--' == substr( $string, 0, 4 ) ) {
		$string = str_replace( array( '<!--', '-->' ), '', $string );
		while ( $string != ( $newstring = wp_kses( $string, $allowed_html, $allowed_protocols ) ) ) {
			$string = $newstring;
		}
		if ( $string == '' ) {
			return '';
		}
		// prevent multiple dashes in comments
		$string = preg_replace( '/--+/', '-', $string );
		// prevent three dashes closing a comment
		$string = preg_replace( '/-$/', '', $string );
		return "<!--{$string}-->";
	}

	// It's seriously malformed.
	if ( ! preg_match( '%^<\s*(/\s*)?([a-zA-Z0-9-]+)([^>]*)>?$%', $string, $matches ) ) {
		return '';
	}

	$slash    = trim( $matches[1] );
	$elem     = $matches[2];
	$attrlist = $matches[3];

	if ( ! is_array( $allowed_html ) ) {
		$allowed_html = wp_kses_allowed_html( $allowed_html );
	}

	// They are using a not allowed HTML element.
	if ( ! isset( $allowed_html[ strtolower( $elem ) ] ) ) {
		return '';
	}

	// No attributes are allowed for closing elements.
	if ( $slash != '' ) {
		return "</$elem>";
	}

	return wp_kses_attr( $elem, $attrlist, $allowed_html, $allowed_protocols );
}