summaryrefslogtreecommitdiffstats
path: root/wp-includes/class-wp-simplepie-sanitize-kses.php
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 07:56:49 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-17 07:56:49 +0000
commita415c29efee45520ae252d2aa28f1083a521cd7b (patch)
treef4ade4b6668ecc0765de7e1424f7c1427ad433ff /wp-includes/class-wp-simplepie-sanitize-kses.php
parentInitial commit. (diff)
downloadwordpress-a415c29efee45520ae252d2aa28f1083a521cd7b.tar.xz
wordpress-a415c29efee45520ae252d2aa28f1083a521cd7b.zip
Adding upstream version 6.4.3+dfsg1.upstream/6.4.3+dfsg1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'wp-includes/class-wp-simplepie-sanitize-kses.php')
-rw-r--r--wp-includes/class-wp-simplepie-sanitize-kses.php56
1 files changed, 56 insertions, 0 deletions
diff --git a/wp-includes/class-wp-simplepie-sanitize-kses.php b/wp-includes/class-wp-simplepie-sanitize-kses.php
new file mode 100644
index 0000000..c300cf2
--- /dev/null
+++ b/wp-includes/class-wp-simplepie-sanitize-kses.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Feed API: WP_SimplePie_Sanitize_KSES class
+ *
+ * @package WordPress
+ * @subpackage Feed
+ * @since 4.7.0
+ */
+
+/**
+ * Core class used to implement SimplePie feed sanitization.
+ *
+ * Extends the SimplePie_Sanitize class to use KSES, because
+ * we cannot universally count on DOMDocument being available.
+ *
+ * @since 3.5.0
+ */
+#[AllowDynamicProperties]
+class WP_SimplePie_Sanitize_KSES extends SimplePie_Sanitize {
+
+ /**
+ * WordPress SimplePie sanitization using KSES.
+ *
+ * Sanitizes the incoming data, to ensure that it matches the type of data expected, using KSES.
+ *
+ * @since 3.5.0
+ *
+ * @param mixed $data The data that needs to be sanitized.
+ * @param int $type The type of data that it's supposed to be.
+ * @param string $base Optional. The `xml:base` value to use when converting relative
+ * URLs to absolute ones. Default empty.
+ * @return mixed Sanitized data.
+ */
+ public function sanitize( $data, $type, $base = '' ) {
+ $data = trim( $data );
+ if ( $type & SIMPLEPIE_CONSTRUCT_MAYBE_HTML ) {
+ if ( preg_match( '/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data ) ) {
+ $type |= SIMPLEPIE_CONSTRUCT_HTML;
+ } else {
+ $type |= SIMPLEPIE_CONSTRUCT_TEXT;
+ }
+ }
+ if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) {
+ $data = base64_decode( $data );
+ }
+ if ( $type & ( SIMPLEPIE_CONSTRUCT_HTML | SIMPLEPIE_CONSTRUCT_XHTML ) ) {
+ $data = wp_kses_post( $data );
+ if ( 'UTF-8' !== $this->output_encoding ) {
+ $data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) );
+ }
+ return $data;
+ } else {
+ return parent::sanitize( $data, $type, $base );
+ }
+ }
+}