wp_kses_check_attr_val()
云策文档标注
概述
wp_kses_check_attr_val() 是 WordPress 中用于对 HTML 属性值执行多种验证检查的函数。它支持多种检查类型,如长度、数值范围和特定值匹配,以确保属性值符合安全性和格式要求。
关键要点
- 函数用于验证 HTML 属性值,支持多种检查类型,包括 maxlen、minlen、maxval、minval、valueless、values 和 value_callback。
- 参数包括 $value(属性值)、$vless(是否无值,用 'y' 或 'n' 表示)、$checkname(检查类型)和 $checkvalue(检查约束值)。
- 返回布尔值,表示检查是否通过。
- 常用于 wp_kses_attr_check() 函数中,作为 HTML 属性安全检查的一部分。
代码示例
function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) {
$ok = true;
switch ( strtolower( $checkname ) ) {
case 'maxlen':
if ( strlen( $value ) > $checkvalue ) {
$ok = false;
}
break;
case 'minlen':
if ( strlen( $value ) < $checkvalue ) {
$ok = false;
}
break;
case 'maxval':
if ( $value > $checkvalue ) {
$ok = false;
}
break;
case 'minval':
if ( ! preg_match( '/^s{0,6}[0-9]{1,6}s{0,6}$/', $value ) ) {
$ok = false;
}
if ( $value < $checkvalue ) {
$ok = false;
}
break;
case 'valueless':
if ( strtolower( $checkvalue ) !== $vless ) {
$ok = false;
}
break;
case 'values':
if ( false === array_search( strtolower( $value ), $checkvalue, true ) ) {
$ok = false;
}
break;
case 'value_callback':
if ( ! call_user_func( $checkvalue, $value ) ) {
$ok = false;
}
break;
}
return $ok;
}注意事项
- 检查类型区分大小写,函数内部使用 strtolower() 处理,但建议传入时保持一致性。
- 对于 minval 检查,首先验证值是否为 1-6 位数字(允许前后空格),然后比较数值大小。
- valueless 检查用于确保属性是否有值,需与 $vless 参数匹配。
- values 检查要求属性值在给定的数组中,使用严格比较。
- value_callback 检查通过回调函数验证值,需确保回调函数返回布尔值。
原文内容
Performs different checks for attribute values.
Description
The currently implemented checks are “maxlen”, “minlen”, “maxval”, “minval”, and “valueless”.
Parameters
$valuestringrequired-
Attribute value.
$vlessstringrequired-
Whether the attribute is valueless. Use
'y'or'n'. $checknamestringrequired-
What $checkvalue is checking for.
$checkvaluemixedrequired-
What constraint the value should pass.
Source
function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) {
$ok = true;
switch ( strtolower( $checkname ) ) {
case 'maxlen':
/*
* The maxlen check makes sure that the attribute value has a length not
* greater than the given value. This can be used to avoid Buffer Overflows
* in WWW clients and various Internet servers.
*/
if ( strlen( $value ) > $checkvalue ) {
$ok = false;
}
break;
case 'minlen':
/*
* The minlen check makes sure that the attribute value has a length not
* smaller than the given value.
*/
if ( strlen( $value ) < $checkvalue ) {
$ok = false;
}
break;
case 'maxval':
/*
* The maxval check does two things: it checks that the attribute value is
* an integer from 0 and up, without an excessive amount of zeroes or
* whitespace (to avoid Buffer Overflows). It also checks that the attribute
* value is not greater than the given value.
* This check can be used to avoid Denial of Service attacks.
*/
if ( ! preg_match( '/^s{0,6}[0-9]{1,6}s{0,6}$/', $value ) ) {
$ok = false;
}
if ( $value > $checkvalue ) {
$ok = false;
}
break;
case 'minval':
/*
* The minval check makes sure that the attribute value is a positive integer,
* and that it is not smaller than the given value.
*/
if ( ! preg_match( '/^s{0,6}[0-9]{1,6}s{0,6}$/', $value ) ) {
$ok = false;
}
if ( $value < $checkvalue ) {
$ok = false;
}
break;
case 'valueless':
/*
* The valueless check makes sure if the attribute has a value
* (like `<a href="blah">`) or not (`<option selected>`). If the given value
* is a "y" or a "Y", the attribute must not have a value.
* If the given value is an "n" or an "N", the attribute must have a value.
*/
if ( strtolower( $checkvalue ) !== $vless ) {
$ok = false;
}
break;
case 'values':
/*
* The values check is used when you want to make sure that the attribute
* has one of the given values.
*/
if ( false === array_search( strtolower( $value ), $checkvalue, true ) ) {
$ok = false;
}
break;
case 'value_callback':
/*
* The value_callback check is used when you want to make sure that the attribute
* value is accepted by the callback function.
*/
if ( ! call_user_func( $checkvalue, $value ) ) {
$ok = false;
}
break;
} // End switch.
return $ok;
}
Changelog
| Version | Description |
|---|---|
| 1.0.0 | Introduced. |