Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93

Warning: Undefined array key "page_file_edit_line" in /home/sportsfever/public_html/filemanger/edit_text_line.php on line 32
/home/sportsfe.../httpdocs/clone/wp-inclu...
File: kses.php
'grid-template-columns',
[2500] Fix | Delete
'grid-auto-columns',
[2501] Fix | Delete
'grid-column-start',
[2502] Fix | Delete
'grid-column-end',
[2503] Fix | Delete
'grid-column',
[2504] Fix | Delete
'grid-column-gap',
[2505] Fix | Delete
'grid-template-rows',
[2506] Fix | Delete
'grid-auto-rows',
[2507] Fix | Delete
'grid-row-start',
[2508] Fix | Delete
'grid-row-end',
[2509] Fix | Delete
'grid-row',
[2510] Fix | Delete
'grid-row-gap',
[2511] Fix | Delete
'grid-gap',
[2512] Fix | Delete
[2513] Fix | Delete
'justify-content',
[2514] Fix | Delete
'justify-items',
[2515] Fix | Delete
'justify-self',
[2516] Fix | Delete
'align-content',
[2517] Fix | Delete
'align-items',
[2518] Fix | Delete
'align-self',
[2519] Fix | Delete
[2520] Fix | Delete
'clear',
[2521] Fix | Delete
'cursor',
[2522] Fix | Delete
'direction',
[2523] Fix | Delete
'float',
[2524] Fix | Delete
'list-style-type',
[2525] Fix | Delete
'object-fit',
[2526] Fix | Delete
'object-position',
[2527] Fix | Delete
'overflow',
[2528] Fix | Delete
'vertical-align',
[2529] Fix | Delete
'writing-mode',
[2530] Fix | Delete
[2531] Fix | Delete
'position',
[2532] Fix | Delete
'top',
[2533] Fix | Delete
'right',
[2534] Fix | Delete
'bottom',
[2535] Fix | Delete
'left',
[2536] Fix | Delete
'z-index',
[2537] Fix | Delete
'box-shadow',
[2538] Fix | Delete
'aspect-ratio',
[2539] Fix | Delete
'container-type',
[2540] Fix | Delete
[2541] Fix | Delete
// Custom CSS properties.
[2542] Fix | Delete
'--*',
[2543] Fix | Delete
)
[2544] Fix | Delete
);
[2545] Fix | Delete
[2546] Fix | Delete
/*
[2547] Fix | Delete
* CSS attributes that accept URL data types.
[2548] Fix | Delete
*
[2549] Fix | Delete
* This is in accordance to the CSS spec and unrelated to
[2550] Fix | Delete
* the sub-set of supported attributes above.
[2551] Fix | Delete
*
[2552] Fix | Delete
* See: https://developer.mozilla.org/en-US/docs/Web/CSS/url
[2553] Fix | Delete
*/
[2554] Fix | Delete
$css_url_data_types = array(
[2555] Fix | Delete
'background',
[2556] Fix | Delete
'background-image',
[2557] Fix | Delete
[2558] Fix | Delete
'cursor',
[2559] Fix | Delete
'filter',
[2560] Fix | Delete
[2561] Fix | Delete
'list-style',
[2562] Fix | Delete
'list-style-image',
[2563] Fix | Delete
);
[2564] Fix | Delete
[2565] Fix | Delete
/*
[2566] Fix | Delete
* CSS attributes that accept gradient data types.
[2567] Fix | Delete
*
[2568] Fix | Delete
*/
[2569] Fix | Delete
$css_gradient_data_types = array(
[2570] Fix | Delete
'background',
[2571] Fix | Delete
'background-image',
[2572] Fix | Delete
);
[2573] Fix | Delete
[2574] Fix | Delete
if ( empty( $allowed_attr ) ) {
[2575] Fix | Delete
return $css;
[2576] Fix | Delete
}
[2577] Fix | Delete
[2578] Fix | Delete
$css = '';
[2579] Fix | Delete
foreach ( $css_array as $css_item ) {
[2580] Fix | Delete
if ( '' === $css_item ) {
[2581] Fix | Delete
continue;
[2582] Fix | Delete
}
[2583] Fix | Delete
[2584] Fix | Delete
$css_item = trim( $css_item );
[2585] Fix | Delete
$css_test_string = $css_item;
[2586] Fix | Delete
$found = false;
[2587] Fix | Delete
$url_attr = false;
[2588] Fix | Delete
$gradient_attr = false;
[2589] Fix | Delete
$is_custom_var = false;
[2590] Fix | Delete
[2591] Fix | Delete
if ( ! str_contains( $css_item, ':' ) ) {
[2592] Fix | Delete
$found = true;
[2593] Fix | Delete
} else {
[2594] Fix | Delete
$parts = explode( ':', $css_item, 2 );
[2595] Fix | Delete
$css_selector = trim( $parts[0] );
[2596] Fix | Delete
[2597] Fix | Delete
// Allow assigning values to CSS variables.
[2598] Fix | Delete
if ( in_array( '--*', $allowed_attr, true ) && preg_match( '/^--[a-zA-Z0-9-_]+$/', $css_selector ) ) {
[2599] Fix | Delete
$allowed_attr[] = $css_selector;
[2600] Fix | Delete
$is_custom_var = true;
[2601] Fix | Delete
}
[2602] Fix | Delete
[2603] Fix | Delete
if ( in_array( $css_selector, $allowed_attr, true ) ) {
[2604] Fix | Delete
$found = true;
[2605] Fix | Delete
$url_attr = in_array( $css_selector, $css_url_data_types, true );
[2606] Fix | Delete
$gradient_attr = in_array( $css_selector, $css_gradient_data_types, true );
[2607] Fix | Delete
}
[2608] Fix | Delete
[2609] Fix | Delete
if ( $is_custom_var ) {
[2610] Fix | Delete
$css_value = trim( $parts[1] );
[2611] Fix | Delete
$url_attr = str_starts_with( $css_value, 'url(' );
[2612] Fix | Delete
$gradient_attr = str_contains( $css_value, '-gradient(' );
[2613] Fix | Delete
}
[2614] Fix | Delete
}
[2615] Fix | Delete
[2616] Fix | Delete
if ( $found && $url_attr ) {
[2617] Fix | Delete
// Simplified: matches the sequence `url(*)`.
[2618] Fix | Delete
preg_match_all( '/url\([^)]+\)/', $parts[1], $url_matches );
[2619] Fix | Delete
[2620] Fix | Delete
foreach ( $url_matches[0] as $url_match ) {
[2621] Fix | Delete
// Clean up the URL from each of the matches above.
[2622] Fix | Delete
preg_match( '/^url\(\s*([\'\"]?)(.*)(\g1)\s*\)$/', $url_match, $url_pieces );
[2623] Fix | Delete
[2624] Fix | Delete
if ( empty( $url_pieces[2] ) ) {
[2625] Fix | Delete
$found = false;
[2626] Fix | Delete
break;
[2627] Fix | Delete
}
[2628] Fix | Delete
[2629] Fix | Delete
$url = trim( $url_pieces[2] );
[2630] Fix | Delete
[2631] Fix | Delete
if ( empty( $url ) || wp_kses_bad_protocol( $url, $allowed_protocols ) !== $url ) {
[2632] Fix | Delete
$found = false;
[2633] Fix | Delete
break;
[2634] Fix | Delete
} else {
[2635] Fix | Delete
// Remove the whole `url(*)` bit that was matched above from the CSS.
[2636] Fix | Delete
$css_test_string = str_replace( $url_match, '', $css_test_string );
[2637] Fix | Delete
}
[2638] Fix | Delete
}
[2639] Fix | Delete
}
[2640] Fix | Delete
[2641] Fix | Delete
if ( $found && $gradient_attr ) {
[2642] Fix | Delete
$css_value = trim( $parts[1] );
[2643] Fix | Delete
if ( preg_match( '/^(repeating-)?(linear|radial|conic)-gradient\(([^()]|rgb[a]?\([^()]*\))*\)$/', $css_value ) ) {
[2644] Fix | Delete
// Remove the whole `gradient` bit that was matched above from the CSS.
[2645] Fix | Delete
$css_test_string = str_replace( $css_value, '', $css_test_string );
[2646] Fix | Delete
}
[2647] Fix | Delete
}
[2648] Fix | Delete
[2649] Fix | Delete
if ( $found ) {
[2650] Fix | Delete
/*
[2651] Fix | Delete
* Allow CSS functions like var(), calc(), etc. by removing them from the test string.
[2652] Fix | Delete
* Nested functions and parentheses are also removed, so long as the parentheses are balanced.
[2653] Fix | Delete
*/
[2654] Fix | Delete
$css_test_string = preg_replace(
[2655] Fix | Delete
'/\b(?:var|calc|min|max|minmax|clamp|repeat)(\((?:[^()]|(?1))*\))/',
[2656] Fix | Delete
'',
[2657] Fix | Delete
$css_test_string
[2658] Fix | Delete
);
[2659] Fix | Delete
[2660] Fix | Delete
/*
[2661] Fix | Delete
* Disallow CSS containing \ ( & } = or comments, except for within url(), var(), calc(), etc.
[2662] Fix | Delete
* which were removed from the test string above.
[2663] Fix | Delete
*/
[2664] Fix | Delete
$allow_css = ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string );
[2665] Fix | Delete
[2666] Fix | Delete
/**
[2667] Fix | Delete
* Filters the check for unsafe CSS in `safecss_filter_attr`.
[2668] Fix | Delete
*
[2669] Fix | Delete
* Enables developers to determine whether a section of CSS should be allowed or discarded.
[2670] Fix | Delete
* By default, the value will be false if the part contains \ ( & } = or comments.
[2671] Fix | Delete
* Return true to allow the CSS part to be included in the output.
[2672] Fix | Delete
*
[2673] Fix | Delete
* @since 5.5.0
[2674] Fix | Delete
*
[2675] Fix | Delete
* @param bool $allow_css Whether the CSS in the test string is considered safe.
[2676] Fix | Delete
* @param string $css_test_string The CSS string to test.
[2677] Fix | Delete
*/
[2678] Fix | Delete
$allow_css = apply_filters( 'safecss_filter_attr_allow_css', $allow_css, $css_test_string );
[2679] Fix | Delete
[2680] Fix | Delete
// Only add the CSS part if it passes the regex check.
[2681] Fix | Delete
if ( $allow_css ) {
[2682] Fix | Delete
if ( '' !== $css ) {
[2683] Fix | Delete
$css .= ';';
[2684] Fix | Delete
}
[2685] Fix | Delete
[2686] Fix | Delete
$css .= $css_item;
[2687] Fix | Delete
}
[2688] Fix | Delete
}
[2689] Fix | Delete
}
[2690] Fix | Delete
[2691] Fix | Delete
return $css;
[2692] Fix | Delete
}
[2693] Fix | Delete
[2694] Fix | Delete
/**
[2695] Fix | Delete
* Helper function to add global attributes to a tag in the allowed HTML list.
[2696] Fix | Delete
*
[2697] Fix | Delete
* @since 3.5.0
[2698] Fix | Delete
* @since 5.0.0 Added support for `data-*` wildcard attributes.
[2699] Fix | Delete
* @since 6.0.0 Added `dir`, `lang`, and `xml:lang` to global attributes.
[2700] Fix | Delete
* @since 6.3.0 Added `aria-controls`, `aria-current`, and `aria-expanded` attributes.
[2701] Fix | Delete
* @since 6.4.0 Added `aria-live` and `hidden` attributes.
[2702] Fix | Delete
*
[2703] Fix | Delete
* @access private
[2704] Fix | Delete
* @ignore
[2705] Fix | Delete
*
[2706] Fix | Delete
* @param array $value An array of attributes.
[2707] Fix | Delete
* @return array The array of attributes with global attributes added.
[2708] Fix | Delete
*/
[2709] Fix | Delete
function _wp_add_global_attributes( $value ) {
[2710] Fix | Delete
$global_attributes = array(
[2711] Fix | Delete
'aria-controls' => true,
[2712] Fix | Delete
'aria-current' => true,
[2713] Fix | Delete
'aria-describedby' => true,
[2714] Fix | Delete
'aria-details' => true,
[2715] Fix | Delete
'aria-expanded' => true,
[2716] Fix | Delete
'aria-hidden' => true,
[2717] Fix | Delete
'aria-label' => true,
[2718] Fix | Delete
'aria-labelledby' => true,
[2719] Fix | Delete
'aria-live' => true,
[2720] Fix | Delete
'class' => true,
[2721] Fix | Delete
'data-*' => true,
[2722] Fix | Delete
'dir' => true,
[2723] Fix | Delete
'hidden' => true,
[2724] Fix | Delete
'id' => true,
[2725] Fix | Delete
'lang' => true,
[2726] Fix | Delete
'style' => true,
[2727] Fix | Delete
'title' => true,
[2728] Fix | Delete
'role' => true,
[2729] Fix | Delete
'xml:lang' => true,
[2730] Fix | Delete
);
[2731] Fix | Delete
[2732] Fix | Delete
if ( true === $value ) {
[2733] Fix | Delete
$value = array();
[2734] Fix | Delete
}
[2735] Fix | Delete
[2736] Fix | Delete
if ( is_array( $value ) ) {
[2737] Fix | Delete
return array_merge( $value, $global_attributes );
[2738] Fix | Delete
}
[2739] Fix | Delete
[2740] Fix | Delete
return $value;
[2741] Fix | Delete
}
[2742] Fix | Delete
[2743] Fix | Delete
/**
[2744] Fix | Delete
* Helper function to check if this is a safe PDF URL.
[2745] Fix | Delete
*
[2746] Fix | Delete
* @since 5.9.0
[2747] Fix | Delete
* @access private
[2748] Fix | Delete
* @ignore
[2749] Fix | Delete
*
[2750] Fix | Delete
* @param string $url The URL to check.
[2751] Fix | Delete
* @return bool True if the URL is safe, false otherwise.
[2752] Fix | Delete
*/
[2753] Fix | Delete
function _wp_kses_allow_pdf_objects( $url ) {
[2754] Fix | Delete
// We're not interested in URLs that contain query strings or fragments.
[2755] Fix | Delete
if ( str_contains( $url, '?' ) || str_contains( $url, '#' ) ) {
[2756] Fix | Delete
return false;
[2757] Fix | Delete
}
[2758] Fix | Delete
[2759] Fix | Delete
// If it doesn't have a PDF extension, it's not safe.
[2760] Fix | Delete
if ( ! str_ends_with( $url, '.pdf' ) ) {
[2761] Fix | Delete
return false;
[2762] Fix | Delete
}
[2763] Fix | Delete
[2764] Fix | Delete
// If the URL host matches the current site's media URL, it's safe.
[2765] Fix | Delete
$upload_info = wp_upload_dir( null, false );
[2766] Fix | Delete
$parsed_url = wp_parse_url( $upload_info['url'] );
[2767] Fix | Delete
$upload_host = isset( $parsed_url['host'] ) ? $parsed_url['host'] : '';
[2768] Fix | Delete
$upload_port = isset( $parsed_url['port'] ) ? ':' . $parsed_url['port'] : '';
[2769] Fix | Delete
[2770] Fix | Delete
if ( str_starts_with( $url, "http://$upload_host$upload_port/" )
[2771] Fix | Delete
|| str_starts_with( $url, "https://$upload_host$upload_port/" )
[2772] Fix | Delete
) {
[2773] Fix | Delete
return true;
[2774] Fix | Delete
}
[2775] Fix | Delete
[2776] Fix | Delete
return false;
[2777] Fix | Delete
}
[2778] Fix | Delete
[2779] Fix | Delete
123456
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function