云策 WordPress 开发者社区

类文档

WP_SimplePie_Sanitize_KSES

查看官方原文 ↗
💡 云策文档标注

概述

WP_SimplePie_Sanitize_KSES 是 WordPress 中用于 SimplePie 库的 KSES 消毒类。它扩展了 SimplePieSanitize,通过 wp_kses_post 函数对 HTML 或 XHTML 数据进行消毒,确保数据安全并符合预期类型。

关键要点

  • WP_SimplePie_Sanitize_KSES 类继承自 SimplePieSanitize,专门用于 WordPress 环境下的 SimplePie 数据消毒。
  • sanitize 方法是核心功能,根据数据类型(如 CONSTRUCT_HTML、CONSTRUCT_TEXT)使用 KSES 进行消毒,支持 base64 解码和编码转换。
  • 对于 HTML 或 XHTML 数据,使用 wp_kses_post 进行消毒,并可选处理输出编码;其他类型数据则调用父类方法处理。

代码示例

public function sanitize( $data, $type, $base = '' ) {
    $data = trim( $data );
    if ( $type & SimplePieSimplePie::CONSTRUCT_MAYBE_HTML ) {
        if ( preg_match( '/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|)/', $data ) ) {
            $type |= SimplePieSimplePie::CONSTRUCT_HTML;
        } else {
            $type |= SimplePieSimplePie::CONSTRUCT_TEXT;
        }
    }
    if ( $type & SimplePieSimplePie::CONSTRUCT_BASE64 ) {
        $data = base64_decode( $data );
    }
    if ( $type & ( SimplePieSimplePie::CONSTRUCT_HTML | SimplePieSimplePie::CONSTRUCT_XHTML ) ) {
        $data = wp_kses_post( $data );
        if ( 'UTF-8' !== $this->output_encoding ) {
            $data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) );
        }
        return $data;
    } else {
        return parent::sanitize( $data, $type, $base );
    }
}
📄 原文内容

Methods

Name Description
WP_SimplePie_Sanitize_KSES::sanitize WordPress SimplePie sanitization using KSES.

Source

class WP_SimplePie_Sanitize_KSES extends SimplePieSanitize {

	/**
	 * WordPress SimplePie sanitization using KSES.
	 *
	 * Sanitizes the incoming data, to ensure that it matches the type of data expected, using KSES.
	 *
	 * @since 3.5.0
	 *
	 * @param mixed   $data The data that needs to be sanitized.
	 * @param int     $type The type of data that it's supposed to be.
	 * @param string  $base Optional. The `xml:base` value to use when converting relative
	 *                      URLs to absolute ones. Default empty.
	 * @return mixed Sanitized data.
	 */
	public function sanitize( $data, $type, $base = '' ) {
		$data = trim( $data );
		if ( $type & SimplePieSimplePie::CONSTRUCT_MAYBE_HTML ) {
			if ( preg_match( '/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|</[A-Za-z][^x09x0Ax0Bx0Cx0Dx20x2Fx3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data ) ) {
				$type |= SimplePieSimplePie::CONSTRUCT_HTML;
			} else {
				$type |= SimplePieSimplePie::CONSTRUCT_TEXT;
			}
		}
		if ( $type & SimplePieSimplePie::CONSTRUCT_BASE64 ) {
			$data = base64_decode( $data );
		}
		if ( $type & ( SimplePieSimplePie::CONSTRUCT_HTML | SimplePieSimplePie::CONSTRUCT_XHTML ) ) {
			$data = wp_kses_post( $data );
			if ( 'UTF-8' !== $this->output_encoding ) {
				$data = $this->registry->call( 'Misc', 'change_encoding', array( $data, 'UTF-8', $this->output_encoding ) );
			}
			return $data;
		} else {
			return parent::sanitize( $data, $type, $base );
		}
	}
}

View all references View on Trac View on GitHub