wp_kses_check_attr_val

function

wp_kses_check_attr_val( string $value, string $vless, string $checkname, mixed $checkvalue )

Performs different checks for attribute values.

Contents

Description
- Parameters
- Return
- Source
- Changelog
Related
- Used By
User Contributed Notes

Description Description

The currently implemented checks are "maxlen", "minlen", "maxval", "minval", and "valueless".

Parameters Parameters

$value: (string) (Required) Attribute value.
$vless: (string) (Required) Whether the attribute is valueless. Use 'y' or 'n'.
$checkname: (string) (Required) What $checkvalue is checking for.
$checkvalue: (mixed) (Required) What constraint the value should pass.

Return Return

(bool) Whether check passes.

Source Source

File: wp-includes/kses.php

function wp_kses_check_attr_val( $value, $vless, $checkname, $checkvalue ) {
	$ok = true;

	switch ( strtolower( $checkname ) ) {
		case 'maxlen':
			// The maxlen check makes sure that the attribute value has a length not
			// greater than the given value. This can be used to avoid Buffer Overflows
			// in WWW clients and various Internet servers.

			if ( strlen( $value ) > $checkvalue ) {
				$ok = false;
			}
			break;

		case 'minlen':
			// The minlen check makes sure that the attribute value has a length not
			// smaller than the given value.

			if ( strlen( $value ) < $checkvalue ) {
				$ok = false;
			}
			break;

		case 'maxval':
			// The maxval check does two things: it checks that the attribute value is
			// an integer from 0 and up, without an excessive amount of zeroes or
			// whitespace (to avoid Buffer Overflows). It also checks that the attribute
			// value is not greater than the given value.
			// This check can be used to avoid Denial of Service attacks.

			if ( ! preg_match( '/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value ) ) {
				$ok = false;
			}
			if ( $value > $checkvalue ) {
				$ok = false;
			}
			break;

		case 'minval':
			// The minval check makes sure that the attribute value is a positive integer,
			// and that it is not smaller than the given value.

			if ( ! preg_match( '/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value ) ) {
				$ok = false;
			}
			if ( $value < $checkvalue ) {
				$ok = false;
			}
			break;

		case 'valueless':
			// The valueless check makes sure if the attribute has a value
			// (like `<a href="blah">`) or not (`<option selected>`). If the given value
			// is a "y" or a "Y", the attribute must not have a value.
			// If the given value is an "n" or an "N", the attribute must have a value.

			if ( strtolower( $checkvalue ) != $vless ) {
				$ok = false;
			}
			break;
	} // switch

	return $ok;
}

Expand full source code Collapse full source code View on Trac

Changelog Changelog

Changelog
Version	Description
1.0.0	Introduced.

Used By Used By

Used By
Used By	Description
wp-includes/kses.php: wp_kses_attr_check()	Determines whether an attribute is allowed.

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.

Keep Leading Your Followers!
Share it for them.