wp_kses_attr_check( string $name, string $value, string $whole, string $vless, string $element, array $allowed_html )
Determine whether an attribute is allowed.
Parameters
- $name
-
(string) (Required) The attribute name. Returns empty string when not allowed.
- $value
-
(string) (Required) The attribute value. Returns a filtered value.
- $whole
-
(string) (Required) The name=value input. Returns filtered input.
- $vless
-
(string) (Required) 'y' when attribute like "enabled", otherwise 'n'.
- $element
-
(string) (Required) The name of the element to which this attribute belongs.
- $allowed_html
-
(array) (Required) The full list of allowed elements and attributes.
Return
(bool) Is the attribute allowed?
Source
File: wp-includes/kses.php
function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) {
$allowed_attr = $allowed_html[strtolower( $element )];
$name_low = strtolower( $name );
if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) {
$name = $value = $whole = '';
return false;
}
if ( 'style' == $name_low ) {
$new_value = safecss_filter_attr( $value );
if ( empty( $new_value ) ) {
$name = $value = $whole = '';
return false;
}
$whole = str_replace( $value, $new_value, $whole );
$value = $new_value;
}
if ( is_array( $allowed_attr[$name_low] ) ) {
// there are some checks
foreach ( $allowed_attr[$name_low] as $currkey => $currval ) {
if ( ! wp_kses_check_attr_val( $value, $vless, $currkey, $currval ) ) {
$name = $value = $whole = '';
return false;
}
}
}
return true;
}
Changelog
| Version | Description |
|---|---|
| WP-4.2.3 | Introduced. |