wp_kses_check_attr_val

Advertisement

Summery Summery

Performs different checks for attribute values.

Syntax Syntax

wp_kses_check_attr_val( string $value, string $vless, string $checkname, mixed $checkvalue )

Description Description

The currently implemented checks are "maxlen", "minlen", "maxval", "minval", and "valueless".

Parameters Parameters

$value

(Required) Attribute value.

$vless

(Required) Whether the attribute is valueless. Use 'y' or 'n'.

$checkname

(Required) What $checkvalue is checking for.

$checkvalue

(Required) What constraint the value should pass.

Return Return

(bool) Whether check passes.

Source Source

File: wp-includes/kses.php

		.     '(?:\s|$)'      // If attribute has no value, space is required.
		. ')'
		. '\s*';              // Trailing space is optional except as mentioned above.
	// phpcs:enable

	// Although it is possible to reduce this procedure to a single regexp,
	// we must run that regexp twice to get exactly the expected result.

	$validation = "%^($regex)+$%";
	$extraction = "%$regex%";

	if ( 1 === preg_match( $validation, $attr ) ) {
		preg_match_all( $extraction, $attr, $attrarr );
		return $attrarr[0];
	} else {
		return false;
	}
}

/**
 * Performs different checks for attribute values.
 *
 * The currently implemented checks are "maxlen", "minlen", "maxval", "minval",
 * and "valueless".
 *
 * @since 1.0.0
 *
 * @param string $value      Attribute value.
 * @param string $vless      Whether the attribute is valueless. Use 'y' or 'n'.
 * @param string $checkname  What $checkvalue is checking for.
 * @param mixed  $checkvalue What constraint the value should pass.
 * @return bool Whether check passes.
 */
function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) {
	$ok = true;

	switch ( strtolower( $checkname ) ) {
		case 'maxlen':
			/*
			 * The maxlen check makes sure that the attribute value has a length not
			 * greater than the given value. This can be used to avoid Buffer Overflows
			 * in WWW clients and various Internet servers.
			 */

			if ( strlen( $value ) > $checkvalue ) {
				$ok = false;
			}
			break;

		case 'minlen':
			/*
			 * The minlen check makes sure that the attribute value has a length not
			 * smaller than the given value.
			 */

			if ( strlen( $value ) < $checkvalue ) {
				$ok = false;
			}
			break;

		case 'maxval':
			/*
			 * The maxval check does two things: it checks that the attribute value is
			 * an integer from 0 and up, without an excessive amount of zeroes or
			 * whitespace (to avoid Buffer Overflows). It also checks that the attribute
			 * value is not greater than the given value.
			 * This check can be used to avoid Denial of Service attacks.
			 */

			if ( ! preg_match( '/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value ) ) {
				$ok = false;
			}
			if ( $value > $checkvalue ) {
				$ok = false;

Advertisement

Changelog Changelog

Changelog
Version Description
1.0.0 Introduced.

Advertisement

Leave a Reply