Parsed: 121083

<?php

/**
 * kses 0.2.2 - HTML/XHTML filter that only allows some elements and attributes
 * Copyright (C) 2002, 2003, 2005  Ulf Harnhammar
 *
 * This program is free software and open source software; you can redistribute
 * it and/or modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the License,
 * or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
 * http://www.gnu.org/licenses/gpl.html
 *
 * [kses strips evil scripts!]
 *
 * Added wp_ prefix to avoid conflicts with existing kses users
 *
 * @version 0.2.2
 * @copyright (C) 2002, 2003, 2005
 * @author Ulf Harnhammar <http://advogato.org/person/metaur/>
 *
 * @package External
 * @subpackage KSES
 */


/**
 * Specifies the default allowable HTML tags.
 *
 * Using `CUSTOM_TAGS` is not recommended and should be considered deprecated. The
 * {@see 'wp_kses_allowed_html'} filter is more powerful and supplies context.
 *
 * @see wp_kses_allowed_html()
 * @since 1.2.0
 *
 * @var array[]|false Array of default allowable HTML tags, or false to use the defaults.
 */
if ( ! defined( 'CUSTOM_TAGS' ) ) {
  define( 'CUSTOM_TAGS', false );
}

// Ensure that these variables are added to the global namespace
// (e.g. if using namespaces / autoload in the current PHP environment).
global $allowedposttags, $allowedtags, $allowedentitynames, $allowedxmlentitynames;

if ( ! CUSTOM_TAGS ) {
  
/**
 * KSES global for default allowable HTML tags.
 *
 * Can be overridden with the `CUSTOM_TAGS` constant.
 *
 * @var array[] $allowedposttags Array of default allowable HTML tags.
 * @since 2.0.0
 */
  $allowedposttags = array(
    'address'    => array(),
    'a'          => array(
      'href'     => true,
      'rel'      => true,
      'rev'      => true,
      'name'     => true,
      'target'   => true,
      'download' => array(
        'valueless' => 'y',
      ),
    ),
    'abbr'       => array(),
    'acronym'    => array(),
    'area'       => array(
      'alt'    => true,
      'coords' => true,
      'href'   => true,
      'nohref' => true,
      'shape'  => true,
      'target' => true,
    ),
    'article'    => array(
      'align' => true,
    ),
    'aside'      => array(
      'align' => true,
    ),
    'audio'      => array(
      'autoplay' => true,
      'controls' => true,
      'loop'     => true,
      'muted'    => true,
      'preload'  => true,
      'src'      => true,
    ),
    'b'          => array(),
    'bdo'        => array(),
    'big'        => array(),
    'blockquote' => array(
      'cite' => true,
    ),
    'br'         => array(),
    'button'     => array(
      'disabled' => true,
      'name'     => true,
      'type'     => true,
      'value'    => true,
    ),
    'caption'    => array(
      'align' => true,
    ),
    'cite'       => array(),
    'code'       => array(),
    'col'        => array(
      'align'   => true,
      'char'    => true,
      'charoff' => true,
      'span'    => true,
      'valign'  => true,
      'width'   => true,
    ),
    'colgroup'   => array(
      'align'   => true,
      'char'    => true,
      'charoff' => true,
      'span'    => true,
      'valign'  => true,
      'width'   => true,
    ),
    'del'        => array(
      'datetime' => true,
    ),
    'dd'         => array(),
    'dfn'        => array(),
    'details'    => array(
      'align' => true,
      'open'  => true,
    ),
    'div'        => array(
      'align' => true,
    ),
    'dl'         => array(),
    'dt'         => array(),
    'em'         => array(),
    'fieldset'   => array(),
    'figure'     => array(
      'align' => true,
    ),
    'figcaption' => array(
      'align' => true,
    ),
    'font'       => array(
      'color' => true,
      'face'  => true,
      'size'  => true,
    ),
    'footer'     => array(
      'align' => true,
    ),
    'h1'         => array(
      'align' => true,
    ),
    'h2'         => array(
      'align' => true,
    ),
    'h3'         => array(
      'align' => true,
    ),
    'h4'         => array(
      'align' => true,
    ),
    'h5'         => array(
      'align' => true,
    ),
    'h6'         => array(
      'align' => true,
    ),
    'header'     => array(
      'align' => true,
    ),
    'hgroup'     => array(
      'align' => true,
    ),
    'hr'         => array(
      'align'   => true,
      'noshade' => true,
      'size'    => true,
      'width'   => true,
    ),
    'i'          => array(),
    'img'        => array(
      'alt'      => true,
      'align'    => true,
      'border'   => true,
      'height'   => true,
      'hspace'   => true,
      'loading'  => true,
      'longdesc' => true,
      'vspace'   => true,
      'src'      => true,
      'usemap'   => true,
      'width'    => true,
    ),
    'ins'        => array(
      'datetime' => true,
      'cite'     => true,
    ),
    'kbd'        => array(),
    'label'      => array(
      'for' => true,
    ),
    'legend'     => array(
      'align' => true,
    ),
    'li'         => array(
      'align' => true,
      'value' => true,
    ),
    'main'       => array(
      'align' => true,
    ),
    'map'        => array(
      'name' => true,
    ),
    'mark'       => array(),
    'menu'       => array(
      'type' => true,
    ),
    'nav'        => array(
      'align' => true,
    ),
    'object'     => array(
      'data' => array(
        'required'       => true,
        'value_callback' => '_wp_kses_allow_pdf_objects',
      ),
      'type' => array(
        'required' => true,
        'values'   => array( 'application/pdf' ),
      ),
    ),
    'p'          => array(
      'align' => true,
    ),
    'pre'        => array(
      'width' => true,
    ),
    'q'          => array(
      'cite' => true,
    ),
    'rb'         => array(),
    'rp'         => array(),
    'rt'         => array(),
    'rtc'        => array(),
    'ruby'       => array(),
    's'          => array(),
    'samp'       => array(),
    'span'       => array(
      'align' => true,
    ),
    'section'    => array(
      'align' => true,
    ),
    'small'      => array(),
    'strike'     => array(),
    'strong'     => array(),
    'sub'        => array(),
    'summary'    => array(
      'align' => true,
    ),
    'sup'        => array(),
    'table'      => array(
      'align'       => true,
      'bgcolor'     => true,
      'border'      => true,
      'cellpadding' => true,
      'cellspacing' => true,
      'rules'       => true,
      'summary'     => true,
      'width'       => true,
    ),
    'tbody'      => array(
      'align'   => true,
      'char'    => true,
      'charoff' => true,
      'valign'  => true,
    ),
    'td'         => array(
      'abbr'    => true,
      'align'   => true,
      'axis'    => true,
      'bgcolor' => true,
      'char'    => true,
      'charoff' => true,
      'colspan' => true,
      'headers' => true,
      'height'  => true,
      'nowrap'  => true,
      'rowspan' => true,
      'scope'   => true,
      'valign'  => true,
      'width'   => true,
    ),
    'textarea'   => array(
      'cols'     => true,
      'rows'     => true,
      'disabled' => true,
      'name'     => true,
      'readonly' => true,
    ),
    'tfoot'      => array(
      'align'   => true,
      'char'    => true,
      'charoff' => true,
      'valign'  => true,
    ),
    'th'         => array(
      'abbr'    => true,
      'align'   => true,
      'axis'    => true,
      'bgcolor' => true,
      'char'    => true,
      'charoff' => true,
      'colspan' => true,
      'headers' => true,
      'height'  => true,
      'nowrap'  => true,
      'rowspan' => true,
      'scope'   => true,
      'valign'  => true,
      'width'   => true,
    ),
    'thead'      => array(
      'align'   => true,
      'char'    => true,
      'charoff' => true,
      'valign'  => true,
    ),
    'title'      => array(),
    'tr'         => array(
      'align'   => true,
      'bgcolor' => true,
      'char'    => true,
      'charoff' => true,
      'valign'  => true,
    ),
    'track'      => array(
      'default' => true,
      'kind'    => true,
      'label'   => true,
      'src'     => true,
      'srclang' => true,
    ),
    'tt'         => array(),
    'u'          => array(),
    'ul'         => array(
      'type' => true,
    ),
    'ol'         => array(
      'start'    => true,
      'type'     => true,
      'reversed' => true,
    ),
    'var'        => array(),
    'video'      => array(
      'autoplay'    => true,
      'controls'    => true,
      'height'      => true,
      'loop'        => true,
      'muted'       => true,
      'playsinline' => true,
      'poster'      => true,
      'preload'     => true,
      'src'         => true,
      'width'       => true,
    ),
  );

  
/**
 * @var array[] $allowedtags Array of KSES allowed HTML elements.
 * @since 1.0.0
 */
  $allowedtags = array(
    'a'          => array(
      'href'  => true,
      'title' => true,
    ),
    'abbr'       => array(
      'title' => true,
    ),
    'acronym'    => array(
      'title' => true,
    ),
    'b'          => array(),
    'blockquote' => array(
      'cite' => true,
    ),
    'cite'       => array(),
    'code'       => array(),
    'del'        => array(
      'datetime' => true,
    ),
    'em'         => array(),
    'i'          => array(),
    'q'          => array(
      'cite' => true,
    ),
    's'          => array(),
    'strike'     => array(),
    'strong'     => array(),
  );

  
/**
 * @var string[] $allowedentitynames Array of KSES allowed HTML entity names.
 * @since 1.0.0
 */
  $allowedentitynames = array(
    'nbsp',
    'iexcl',
    'cent',
    'pound',
    'curren',
    'yen',
    'brvbar',
    'sect',
    'uml',
    'copy',
    'ordf',
    'laquo',
    'not',
    'shy',
    'reg',
    'macr',
    'deg',
    'plusmn',
    'acute',
    'micro',
    'para',
    'middot',
    'cedil',
    'ordm',
    'raquo',
    'iquest',
    'Agrave',
    'Aacute',
    'Acirc',
    'Atilde',
    'Auml',
    'Aring',
    'AElig',
    'Ccedil',
    'Egrave',
    'Eacute',
    'Ecirc',
    'Euml',
    'Igrave',
    'Iacute',
    'Icirc',
    'Iuml',
    'ETH',
    'Ntilde',
    'Ograve',
    'Oacute',
    'Ocirc',
    'Otilde',
    'Ouml',
    'times',
    'Oslash',
    'Ugrave',
    'Uacute',
    'Ucirc',
    'Uuml',
    'Yacute',
    'THORN',
    'szlig',
    'agrave',
    'aacute',
    'acirc',
    'atilde',
    'auml',
    'aring',
    'aelig',
    'ccedil',
    'egrave',
    'eacute',
    'ecirc',
    'euml',
    'igrave',
    'iacute',
    'icirc',
    'iuml',
    'eth',
    'ntilde',
    'ograve',
    'oacute',
    'ocirc',
    'otilde',
    'ouml',
    'divide',
    'oslash',
    'ugrave',
    'uacute',
    'ucirc',
    'uuml',
    'yacute',
    'thorn',
    'yuml',
    'quot',
    'amp',
    'lt',
    'gt',
    'apos',
    'OElig',
    'oelig',
    'Scaron',
    'scaron',
    'Yuml',
    'circ',
    'tilde',
    'ensp',
    'emsp',
    'thinsp',
    'zwnj',
    'zwj',
    'lrm',
    'rlm',
    'ndash',
    'mdash',
    'lsquo',
    'rsquo',
    'sbquo',
    'ldquo',
    'rdquo',
    'bdquo',
    'dagger',
    'Dagger',
    'permil',
    'lsaquo',
    'rsaquo',
    'euro',
    'fnof',
    'Alpha',
    'Beta',
    'Gamma',
    'Delta',
    'Epsilon',
    'Zeta',
    'Eta',
    'Theta',
    'Iota',
    'Kappa',
    'Lambda',
    'Mu',
    'Nu',
    'Xi',
    'Omicron',
    'Pi',
    'Rho',
    'Sigma',
    'Tau',
    'Upsilon',
    'Phi',
    'Chi',
    'Psi',
    'Omega',
    'alpha',
    'beta',
    'gamma',
    'delta',
    'epsilon',
    'zeta',
    'eta',
    'theta',
    'iota',
    'kappa',
    'lambda',
    'mu',
    'nu',
    'xi',
    'omicron',
    'pi',
    'rho',
    'sigmaf',
    'sigma',
    'tau',
    'upsilon',
    'phi',
    'chi',
    'psi',
    'omega',
    'thetasym',
    'upsih',
    'piv',
    'bull',
    'hellip',
    'prime',
    'Prime',
    'oline',
    'frasl',
    'weierp',
    'image',
    'real',
    'trade',
    'alefsym',
    'larr',
    'uarr',
    'rarr',
    'darr',
    'harr',
    'crarr',
    'lArr',
    'uArr',
    'rArr',
    'dArr',
    'hArr',
    'forall',
    'part',
    'exist',
    'empty',
    'nabla',
    'isin',
    'notin',
    'ni',
    'prod',
    'sum',
    'minus',
    'lowast',
    'radic',
    'prop',
    'infin',
    'ang',
    'and',
    'or',
    'cap',
    'cup',
    'int',
    'sim',
    'cong',
    'asymp',
    'ne',
    'equiv',
    'le',
    'ge',
    'sub',
    'sup',
    'nsub',
    'sube',
    'supe',
    'oplus',
    'otimes',
    'perp',
    'sdot',
    'lceil',
    'rceil',
    'lfloor',
    'rfloor',
    'lang',
    'rang',
    'loz',
    'spades',
    'clubs',
    'hearts',
    'diams',
    'sup1',
    'sup2',
    'sup3',
    'frac14',
    'frac12',
    'frac34',
    'there4',
  );

  
/**
 * @var string[] $allowedxmlentitynames Array of KSES allowed XML entity names.
 * @since 5.5.0
 */
  $allowedxmlentitynames = array(
    'amp',
    'lt',
    'gt',
    'apos',
    'quot',
  );

  $allowedposttags = array_map( '_wp_add_global_attributes', $allowedposttags );
} else {
  $allowedtags     = wp_kses_array_lc( $allowedtags );
  $allowedposttags = wp_kses_array_lc( $allowedposttags );
}

/* function wp_kses() – Filters text content and strips out disallowed HTML. */

/* function wp_kses_one_attr() – Filters one HTML attribute and ensures its value is allowed. */

/* function wp_kses_allowed_html() – Returns an array of allowed HTML tags and attributes for a given context. */

/* function wp_kses_hook() – You add any KSES hooks here. */

/* function wp_kses_version() – Returns the version number of KSES. */

/* function wp_kses_split() – Searches for HTML tags, no matter how malformed. */

/* function wp_kses_uri_attributes() – Returns an array of HTML attribute names whose value contains a URL. */

/* function _wp_kses_split_callback() – Callback for `wp_kses_split()`. */

/* function wp_kses_split2() – Callback for `wp_kses_split()` for fixing malformed HTML tags. */

/* function wp_kses_attr() – Removes all attributes, if none are allowed for this element. */

/* function wp_kses_attr_check() – Determines whether an attribute is allowed. */

/* function wp_kses_hair() – Builds an attribute list from string containing attributes. */

/* function wp_kses_attr_parse() – Finds all attributes of an HTML element. */

/* function wp_kses_hair_parse() – Builds an attribute list from string containing attributes. */

/* function wp_kses_check_attr_val() – Performs different checks for attribute values. */

/* function wp_kses_bad_protocol() – Sanitizes a string and removed disallowed URL protocols. */

/* function wp_kses_no_null() – Removes any invalid control characters in a text string. */

/* function wp_kses_stripslashes() – Strips slashes from in front of quotes. */

/* function wp_kses_array_lc() – Converts the keys of an array to lowercase. */

/* function wp_kses_html_error() – Handles parsing errors in `wp_kses_hair()`. */

/* function wp_kses_bad_protocol_once() – Sanitizes content from bad protocols and other characters. */

/* function wp_kses_bad_protocol_once2() – Callback for `wp_kses_bad_protocol_once()` regular expression. */

/* function wp_kses_normalize_entities() – Converts and fixes HTML entities. */

/* function wp_kses_named_entities() – Callback for `wp_kses_normalize_entities()` regular expression. */

/* function wp_kses_xml_named_entities() – Callback for `wp_kses_normalize_entities()` regular expression. */

/* function wp_kses_normalize_entities2() – Callback for `wp_kses_normalize_entities()` regular expression. */

/* function wp_kses_normalize_entities3() – Callback for `wp_kses_normalize_entities()` for regular expression. */

/* function valid_unicode() – Determines if a Unicode codepoint is valid. */

/* function wp_kses_decode_entities() – Converts all numeric HTML entities to their named counterparts. */

/* function _wp_kses_decode_entities_chr() – Regex callback for `wp_kses_decode_entities()`. */

/* function _wp_kses_decode_entities_chr_hexdec() – Regex callback for `wp_kses_decode_entities()`. */

/* function wp_filter_kses() – Sanitize content with allowed HTML KSES rules. */

/* function wp_kses_data() – Sanitize content with allowed HTML KSES rules. */

/* function wp_filter_post_kses() – Sanitizes content for allowed HTML tags for post content. */

/* function wp_filter_global_styles_post() – Sanitizes global styles user content removing unsafe rules. */

/* function wp_kses_post() – Sanitizes content for allowed HTML tags for post content. */

/* function wp_kses_post_deep() – Navigates through an array, object, or scalar, and sanitizes content for
allowed HTML tags for post content. */

/* function wp_filter_nohtml_kses() – Strips all HTML from a text string. */

/* function kses_init_filters() – Adds all KSES input form content filters. */

/* function kses_remove_filters() – Removes all KSES input form content filters. */

/* function kses_init() – Sets up most of the KSES filters for input form content. */

/* function safecss_filter_attr() – Filters an inline style attribute and removes disallowed rules. */

/* function _wp_add_global_attributes() – Helper function to add global attributes to a tag in the allowed HTML list. */

/* function _wp_kses_allow_pdf_objects() – Helper function to check if this is a safe PDF URL. */