WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

wp_kses_bad_protocol_once()

wp_kses_bad_protocol_once( string $content, string[] $allowed_protocols, int $count = 1 ): string

In this article

Back to top

Sanitizes content from bad protocols and other characters.

Description

This function searches for URL protocols at the beginning of the string, while handling whitespace and HTML entities.

Parameters

$contentstringrequired
Content to check for bad protocols.
$allowed_protocolsstring[]required
Array of allowed URL protocols.
$countintoptional
Depth of call recursion to this function.

Default:1

Return

string Sanitized content.

Source

function wp_kses_bad_protocol_once( $content, $allowed_protocols, $count = 1 ) {
	$content  = preg_replace( '/(&#0*58(?![;0-9])|&#x0*3a(?![;a-f0-9]))/i', '$1;', $content );
	$content2 = preg_split( '/:|&#0*58;|&#x0*3a;|:/i', $content, 2 );

	if ( isset( $content2[1] ) && ! preg_match( '%/\?%', $content2[0] ) ) {
		$content  = trim( $content2[1] );
		$protocol = wp_kses_bad_protocol_once2( $content2[0], $allowed_protocols );
		if ( 'feed:' === $protocol ) {
			if ( $count > 2 ) {
				return '';
			}
			$content = wp_kses_bad_protocol_once( $content, $allowed_protocols, ++$count );
			if ( empty( $content ) ) {
				return $content;
			}
		}
		$content = $protocol . $content;
	}

	return $content;
}

View all references View on Trac View on GitHub

UsesDescription
wp_kses_bad_protocol_once()wp-includes/kses.php

Sanitizes content from bad protocols and other characters.

Used byDescription
wp_kses_bad_protocol()wp-includes/kses.php

Sanitizes a string and removed disallowed URL protocols.

wp_kses_bad_protocol_once()wp-includes/kses.php

Sanitizes content from bad protocols and other characters.

Changelog

VersionDescription
1.0.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.