diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-14 16:03:34 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-14 16:03:34 +0000 |
| commit | 4bd0e859f57148278d908be85f2cac2fde3e46bd (patch) | |
| tree | 08589c583367d6b4faf96b5c897e813d7d228d56 /wp-includes/wpmu-functions.php | |
| parent | 1d88055344cae85577bf8b5538f572ab1fb65651 (diff) | |
| download | wordpress-mu-4bd0e859f57148278d908be85f2cac2fde3e46bd.tar.gz wordpress-mu-4bd0e859f57148278d908be85f2cac2fde3e46bd.tar.xz wordpress-mu-4bd0e859f57148278d908be85f2cac2fde3e46bd.zip | |
Allow 'style' attribute, but filter the styles allowed
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1235 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/wpmu-functions.php')
| -rw-r--r-- | wp-includes/wpmu-functions.php | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/wp-includes/wpmu-functions.php b/wp-includes/wpmu-functions.php index 3b9740b..5a1dd09 100644 --- a/wp-includes/wpmu-functions.php +++ b/wp-includes/wpmu-functions.php @@ -1807,19 +1807,41 @@ function upload_is_file_too_big( $upload ) { } add_filter( "wp_upload_bits", "upload_is_file_too_big" ); -/* -Strip class, id and style attributes from post HTML -*/ -function wordpressmu_kses( $tags ) { - foreach( $tags as $tag => $attr ) { - if( is_array( $attr[ 'style' ] ) ) - unset( $attr[ 'style' ] ); - $tags[ $tag ] = $attr; +function safecss_filter_attr( $css, $element ) { + $css = wp_kses_no_null($css); + $css = str_replace(array("\n","\r","\t"), '', $css); + $css_array = split( ';', trim( $css ) ); + $allowed_attr = apply_filters( 'safe_style_css', array( 'text-align', 'margin', 'color', 'float', + 'border', 'background', 'background-color', 'border-bottom', 'border-bottom-color', + 'border-bottom-style', 'border-bottom-width', 'border-collapse', 'border-color', 'border-left', + 'border-left-color', 'border-left-style', 'border-left-width', 'border-right', 'border-right-color', + 'border-right-style', 'border-right-width', 'border-spacing', 'border-style', 'border-top', + 'border-top-color', 'border-top-style', 'border-top-width', 'border-width', 'caption-side', + 'clear', 'cursor', 'direction', 'font', 'font-family', 'font-size', 'font-style', + 'font-variant', 'font-weight', 'height', 'letter-spacing', 'line-height', 'margin-bottom', + 'margin-left', 'margin-right', 'margin-top', 'overflow', 'padding', 'padding-bottom', + 'padding-left', 'padding-right', 'padding-top', 'text-decoration', 'text-indent', 'vertical-align', + 'width' ) ); + $css = ''; + foreach( $css_array as $css_item ) { + if( $css_item == '' ) + continue; + $css_item = trim( $css_item ); + $found = false; + if( strpos( $css_item, ':' ) === false ) { + $found = true; + } elseif( in_array( substr( $css_item, 0, strpos( $css_item, ':' ) ), $allowed_attr ) ) { + $found = true; + } + if( $found ) { + if( $css != '' ) + $css .= ';'; + $css .= $css_item; + } } - return $tags; + + return $css; } -add_filter( 'edit_allowedtags', 'wordpressmu_kses' ); -add_filter( 'edit_allowedposttags', 'wordpressmu_kses' ); function wordpressmu_authenticate_siteadmin( $user, $password ) { if( is_site_admin( $user->user_login ) == false && ( $primary_blog = get_usermeta( $user->user_id, "primary_blog" ) ) ) { |