wp_kses_check_attr_val

Performs different checks for attribute values.

Description

wp_kses_check_attr_val( (string) $value, (string) $vless, (string) $checkname, (mixed) $checkvalue ); 

The currently implemented checks are maxlen,, minlen, maxval., minval and valueless.

Parameters (4)

0. $value (string)
Attribute value
1. $vless (string)
Whether the value is valueless. Use y or n
2. $checkname (string)
What $checkvalue is checking for.
3. $checkvalue (mixed)
What constraint the value should pass

Usage

  1. if ( !function_exists( 'wp_kses_check_attr_val' ) ) { 
  2.     require_once ABSPATH . WPINC . '/kses.php'; 
  4.   
  5. // Attribute value 
  6. $value = ''; 
  7.   
  8. // Whether the value is valueless. Use 'y' or 'n' 
  9. $vless = ''; 
  10.   
  11. // What $checkvalue is checking for. 
  12. $checkname = ''; 
  13.   
  14. // What constraint the value should pass 
  15. $checkvalue = null; 
  16.   
  17. // NOTICE! Understand what this does before running. 
  18. $result = wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue); 
  19.     

Defined (1)

The function is defined in the following location(s).

/wp-includes/kses.php  
  1. function wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue) { 
  2.     $ok = true; 
  3.  
  4.     switch (strtolower($checkname)) { 
  5.         case 'maxlen' : 
  6.             // The maxlen check makes sure that the attribute value has a length not 
  7.             // greater than the given value. This can be used to avoid Buffer Overflows 
  8.             // in WWW clients and various Internet servers. 
  9.  
  10.             if (strlen($value) > $checkvalue) 
  11.                 $ok = false; 
  12.             break; 
  13.  
  14.         case 'minlen' : 
  15.             // The minlen check makes sure that the attribute value has a length not 
  16.             // smaller than the given value. 
  17.  
  18.             if (strlen($value) < $checkvalue) 
  19.                 $ok = false; 
  20.             break; 
  21.  
  22.         case 'maxval' : 
  23.             // The maxval check does two things: it checks that the attribute value is 
  24.             // an integer from 0 and up, without an excessive amount of zeroes or 
  25.             // whitespace (to avoid Buffer Overflows). It also checks that the attribute 
  26.             // value is not greater than the given value. 
  27.             // This check can be used to avoid Denial of Service attacks. 
  28.  
  29.             if (!preg_match('/^\s{0, 6}[0-9]{1, 6}\s{0, 6}$/', $value)) 
  30.                 $ok = false; 
  31.             if ($value > $checkvalue) 
  32.                 $ok = false; 
  33.             break; 
  34.  
  35.         case 'minval' : 
  36.             // The minval check makes sure that the attribute value is a positive integer,  
  37.             // and that it is not smaller than the given value. 
  38.  
  39.             if (!preg_match('/^\s{0, 6}[0-9]{1, 6}\s{0, 6}$/', $value)) 
  40.                 $ok = false; 
  41.             if ($value < $checkvalue) 
  42.                 $ok = false; 
  43.             break; 
  44.  
  45.         case 'valueless' : 
  46.             // The valueless check makes sure if the attribute has a value 
  47.             // (like <a href="blah">) or not (<option selected>). If the given value 
  48.             // is a "y" or a "Y", the attribute must not have a value. 
  49.             // If the given value is an "n" or an "N", the attribute must have one. 
  50.  
  51.             if (strtolower($checkvalue) != $vless) 
  52.                 $ok = false; 
  53.             break; 
  54.     } // switch 
  55.  
  56.     return $ok;