diff options
Diffstat (limited to 'wp-includes/kses.php')
| -rw-r--r-- | wp-includes/kses.php | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/wp-includes/kses.php b/wp-includes/kses.php index 27da167..cccb176 100644 --- a/wp-includes/kses.php +++ b/wp-includes/kses.php @@ -1536,36 +1536,37 @@ function wp_kses_hair_parse( $attr ) { return array(); } - // phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation $regex = - '(?:' - . '[_a-zA-Z][-_a-zA-Z0-9:.]*' // Attribute name. - . '|' - . '\[\[?[^\[\]]+\]\]?' // Shortcode in the name position implies unfiltered_html. - . ')' - . '(?:' // Attribute value. - . '\s*=\s*' // All values begin with '='. - . '(?:' - . '"[^"]*"' // Double-quoted. - . '|' - . "'[^']*'" // Single-quoted. - . '|' - . '[^\s"\']+' // Non-quoted. - . '(?:\s|$)' // Must have a space. - . ')' - . '|' - . '(?:\s|$)' // If attribute has no value, space is required. - . ')' - . '\s*'; // Trailing space is optional except as mentioned above. - // phpcs:enable + '(?: + [_a-zA-Z][-_a-zA-Z0-9:.]* # Attribute name. + | + \[\[?[^\[\]]+\]\]? # Shortcode in the name position implies unfiltered_html. + ) + (?: # Attribute value. + \s*=\s* # All values begin with "=". + (?: + "[^"]*" # Double-quoted. + | + \'[^\']*\' # Single-quoted. + | + [^\s"\']+ # Non-quoted. + (?:\s|$) # Must have a space. + ) + | + (?:\s|$) # If attribute has no value, space is required. + ) + \s* # Trailing space is optional except as mentioned above. + '; /* * Although it is possible to reduce this procedure to a single regexp, * we must run that regexp twice to get exactly the expected result. + * + * Note: do NOT remove the `x` modifiers as they are essential for the above regex! */ - $validation = "%^($regex)+$%"; - $extraction = "%$regex%"; + $validation = "/^($regex)+$/x"; + $extraction = "/$regex/x"; if ( 1 === preg_match( $validation, $attr ) ) { preg_match_all( $extraction, $attr, $attrarr ); @@ -2302,6 +2303,7 @@ function kses_init() { * @since 6.3.0 Extended support for `filter` to accept a URL and added support for repeat(). * Added support for `box-shadow`. * @since 6.4.0 Added support for `writing-mode`. + * @since 6.5.0 Added support for `background-repeat`. * * @param string $css A string of CSS rules. * @param string $deprecated Not used. @@ -2333,6 +2335,7 @@ function safecss_filter_attr( $css, $deprecated = '' ) { 'background-color', 'background-image', 'background-position', + 'background-repeat', 'background-size', 'background-attachment', 'background-blend-mode', |