Autodoc
  • Namespace
  • Class
  • Tree

Namespaces

  • BlueTihi
    • Context
  • Brickrouge
    • Element
      • Nodes
    • Renderer
    • Widget
  • ICanBoogie
    • ActiveRecord
    • AutoConfig
    • CLDR
    • Composer
    • Core
    • Event
    • Exception
    • HTTP
      • Dispatcher
      • Request
    • I18n
      • Translator
    • Mailer
    • Modules
      • Taxonomy
        • Support
      • Thumbnailer
        • Versions
    • Object
    • Operation
      • Dispatcher
    • Prototype
    • Routes
    • Routing
      • Dispatcher
    • Session
  • Icybee
    • ActiveRecord
      • Model
    • ConfigOperation
    • Document
    • EditBlock
    • Element
      • ActionbarContextual
      • ActionbarSearch
      • ActionbarToolbar
    • FormBlock
    • Installer
    • ManageBlock
    • Modules
      • Articles
      • Cache
        • Collection
        • ManageBlock
      • Comments
        • ManageBlock
      • Contents
        • ManageBlock
      • Dashboard
      • Editor
        • Collection
      • Files
        • File
        • ManageBlock
      • Forms
        • Form
        • ManageBlock
      • I18n
      • Images
        • ManageBlock
      • Members
      • Modules
        • ManageBlock
      • Nodes
        • ManageBlock
        • Module
      • Pages
        • BreadcrumbElement
        • LanguagesElement
        • ManageBlock
        • NavigationBranchElement
        • NavigationElement
        • Page
        • PageController
      • Registry
      • Search
      • Seo
      • Sites
        • ManageBlock
      • Taxonomy
        • Terms
          • ManageBlock
        • Vocabulary
          • ManageBlock
      • Users
        • ManageBlock
        • NonceLogin
        • Roles
      • Views
        • ActiveRecordProvider
        • Collection
        • View
    • Operation
      • ActiveRecord
      • Constructor
      • Module
      • Widget
    • Rendering
  • None
  • Patron
  • PHP

Classes

  • AdminDecorator
  • AdminIndexController
  • BlockController
  • BlockDecorator
  • ConfigBlock
  • ConfigController
  • ConfigOperation
  • Core
  • DeleteBlock
  • DeleteController
  • Document
  • DocumentDecorator
  • EditBlock
  • EditController
  • FormBlock
  • Hooks
  • InterlockBlock
  • Kses
  • ManageBlock
  • Module
  • Modules
  • StatsDecorator

Constants

  • OPERATION_SAVE_MODE
  • OPERATION_SAVE_MODE_CONTINUE
  • OPERATION_SAVE_MODE_DISPLAY
  • OPERATION_SAVE_MODE_LIST
  • OPERATION_SAVE_MODE_NEW

Functions

  • slugize
  • start
  • strip_stopwords

Class Kses

HTML/XHTML filter that only allows some elements and attributes

Added wp_ prefix to avoid conflicts with existing kses users

Namespace: Icybee
Package: External\KSES
Copyright: (C) 2002, 2003, 2005
Author: Ulf Harnhammar <metaur@users.sourceforge.net>
Version: 0.2.2
Located at vendor/icybee/icybee/includes/external/kses/kses.php

Methods summary

public static string
# sanitize( string $string, array $allowed_html = array(), array $allowed_protocols = array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet') )

Filters content and keeps only allowable HTML elements.

Filters content and keeps only allowable HTML elements.

This function makes sure that only the allowed HTML element names, attribute names and attribute values plus only sane HTML entities will occur in $string. You have to remove any slashes from PHP's magic quotes before you call this function.

The default allowed protocols are 'http', 'https', 'ftp', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', and finally 'telnet. This covers all common link protocols, except for 'javascript' which should not be allowed for untrusted users.

Parameters

$string
string
$string Content to filter through kses
$allowed_html
array
$allowed_html List of allowed HTML elements
$allowed_protocols
array
$allowed_protocols Optional. Allowed protocol in links.

Returns

string
Filtered content with only allowed HTML elements

Since

1.0.0
public static
# sanitizeComment( mixed $str )
public static
# sanitizeArticle( mixed $str )
public static string
# no_null( string $string )

Removes any NULL characters in $string.

Removes any NULL characters in $string.

Parameters

$string
string
$string

Returns

string

Since

1.0.0
public static string
# js_entities( string $string )

Removes the HTML JavaScript entities found in early versions of Netscape 4.

Removes the HTML JavaScript entities found in early versions of Netscape 4.

Parameters

$string
string
$string

Returns

string

Since

1.0.0
protected static string
# normalize_entities( string $string )

Converts and fixes HTML entities.

Converts and fixes HTML entities.

This function normalizes HTML entities. It will convert "AT&T" to the correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on.

Parameters

$string
string
$string Content to normalize entities

Returns

string
Content with normalized entities

Since

1.0.0
protected static string
# normalize_entities_callback1( array $matches )

Callback for normalize_entities() regular expression.

Callback for normalize_entities() regular expression.

This function helps normalize_entities() to only accept 16 bit values and nothing more for &#number; entities.

Parameters

$matches
array
$matches preg_replace_callback() matches array

Returns

string
Correctly encoded entity

Since

1.0.0
protected static string
# normalize_entities_callback2( array $matches )

Callback for normalize_entities() for regular expression.

Callback for normalize_entities() for regular expression.

This function helps normalize_entities() to only accept valid Unicode numeric entities in hex form.

Parameters

$matches
array
$matches preg_replace_callback() matches array

Returns

string
Correctly encoded entity
public static string
# html_error( string $string )

Handles parsing errors in hair().

Handles parsing errors in hair().

The general plan is to remove everything to and including some whitespace, but it deals with quotes and apostrophes as well.

Parameters

$string
string
$string

Returns

string

Since

1.0.0
public static array
# array_lc_keys( array $inarray )

Goes through an array and changes the keys to all lower case.

Goes through an array and changes the keys to all lower case.

Parameters

$inarray
array
$inarray Unfiltered array

Returns

array
Fixed array with all lowercase keys

Since

1.0.0
public static boolean
# isUnicodeValid( integer $i )

Helper function to determine if a Unicode value is valid.

Helper function to determine if a Unicode value is valid.

Parameters

$i
integer
$i Unicode value

Returns

boolean
true if the value was a valid Unicode number
public static
# split( mixed $string, mixed $allowed_html, mixed $allowed_protocols )
protected static string
# split_callback( string $matches )

Callback for wp_kses_split for fixing malformed HTML tags.

Callback for wp_kses_split for fixing malformed HTML tags.

This function does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string, if the element isn't allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an attribute list.

After the tag is split into an element and an attribute list, it is run through another filter which will remove illegal attributes and once that is completed, will be returned.

Parameters

$matches
string
$string Content to filter

Returns

string
Fixed HTML element

Since

1.0.0

Uses

Icybee\Kses::attr()
public static string
# attr( string $element, string $attr, array $allowed_html, array $allowed_protocols )

Removes all attributes, if none are allowed for this element.

Removes all attributes, if none are allowed for this element.

If some are allowed it calls hair() to split them further, and then it builds up new HTML code from the data that kses_hair() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well.

Parameters

$element
string
$element HTML element/tag
$attr
string
$attr HTML attributes from HTML element to closing HTML element tag
$allowed_html
array
$allowed_html Allowed HTML elements
$allowed_protocols
array
$allowed_protocols Allowed protocols to keep

Returns

string
Sanitized HTML element

Since

1.0.0

Used by

Icybee\Kses::split_callback()
public static boolean
# check_attr_val( string $value, string $vless, string $checkname, mixed $checkvalue )

Performs different checks for attribute values.

Performs different checks for attribute values.

The currently implemented checks are "maxlen", "minlen", "maxval", "minval" and "valueless" with even more checks to come soon.

Parameters

$value
string
$value Attribute value
$vless
string
$vless Whether the value is valueless or not. Use 'y' or 'n'
$checkname
string
$checkname What $checkvalue is checking for.
$checkvalue
mixed
$checkvalue What constraint the value should pass

Returns

boolean
Whether check passes (true) or not (false)

Since

1.0.0
public static array
# hair( string $attr, array $allowed_protocols )

Builds an attribute list from string containing attributes.

Builds an attribute list from string containing attributes.

This function does a lot of work. It parses an attribute list into an array with attribute data, and tries to do the right thing even if it gets weird input. It will add quotes around attribute values that don't have any quotes or apostrophes around them, to make it easier to produce HTML code that will conform to W3C's HTML specification. It will also remove bad URL protocols from attribute values. It also reduces duplicate attributes by using the attribute defined first (foo='bar' foo='baz' will result in foo='bar').

Parameters

$attr
string
$attr Attribute list from HTML element to closing HTML element tag
$allowed_protocols
array
$allowed_protocols Allowed protocols to keep

Returns

array
List of attributes after parsing

Since

1.0.0
public static string
# bad_protocol( string $string, array $allowed_protocols )

Sanitize string from bad protocols.

Sanitize string from bad protocols.

This function removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like "javascript:javascript:alert(57)".

Parameters

$string
string
$string Content to filter bad protocols from
$allowed_protocols
array
$allowed_protocols Allowed protocols to keep

Returns

string
Filtered content

Since

1.0.0
protected static
# bad_protocol_once( mixed $string, mixed $allowed_protocols )
protected static string
# bad_protocol_once2( mixed $matches )

Callback for bad_protocol_once() regular expression.

Callback for bad_protocol_once() regular expression.

This function processes URL protocols, checks to see if they're in the white-list or not, and returns different data depending on the answer.

Parameters

$matches
mixed
$matches string or preg_replace_callback() matches array to check for bad protocols

Returns

string
Sanitized content

Since

1.0.0
protected static string
# stripslashes( string $string )

Strips slashes from in front of quotes.

Strips slashes from in front of quotes.

This function changes the character sequence \" to just ". It leaves all other slashes alone. It's really weird, but the quoting from preg_replace(//e) seems to require this.

Parameters

$string
string
$string String to strip slashes

Returns

string
Fixed strings with quoted slashes

Since

1.0.0
protected static string
# decode_entities( string $string )

Convert all entities to their character counterparts.

Convert all entities to their character counterparts.

This function decodes numeric HTML entities (A and A). It doesn't do anything with other entities like รค, but we don't need them in the URL protocol whitelisting system anyway.

Parameters

$string
string
$string Content to change entities

Returns

string
Content after decoded entities

Since

1.0.0
protected static string
# decode_entities_chr( array $match )

Regex callback for wp_kses_decode_entities()

Regex callback for wp_kses_decode_entities()

Parameters

$match
array
$match preg match

Returns

string
protected static string
# decode_entities_chr_hexdec( array $match )

Regex callback for wp_kses_decode_entities()

Regex callback for wp_kses_decode_entities()

Parameters

$match
array
$match preg match

Returns

string
public static
# safecss_filter_attr( mixed $css, mixed $deprecated = '' )

Magic methods summary

Constants summary

string VERSION '0.2.2'
#

Properties summary

public static array $default_allowed_comment_tags
#

Kses allowed HTML elements.

Kses allowed HTML elements.

Since

1.0.0
public static array $default_allowed_article_tags
#

Kses global for default allowable HTML tags.

Kses global for default allowable HTML tags.

Since

2.0.0
protected static mixed $pass_allowed_html
#

Searches for HTML tags, no matter how malformed.

Searches for HTML tags, no matter how malformed.

It also matches stray ">" characters.

Since

1.0.0

Param

string
$string Content to filter
array
$allowed_html Allowed HTML elements
array
$allowed_protocols Allowed protocols to keep

Return

string
Content with fixed HTML tags
protected static mixed $pass_allowed_protocols
#
protected static mixed $_kses_allowed_protocols
#

Sanitizes content from bad protocols and other characters.

Sanitizes content from bad protocols and other characters.

This function searches for URL protocols at the beginning of $string, while handling whitespace and HTML entities.

Since

1.0.0

Param

string
$string Content to check for bad protocols
string
$allowed_protocols Allowed protocols

Return

string
Sanitized content
Autodoc API documentation generated by ApiGen 2.8.0