wp_kses_attr_check

Determine whether an attribute is allowed.

Description

wp_kses_attr_check( (string) &$name, (string) &$value, (string) &$whole, (string) $vless, (string) $element, (array) $allowed_html ); 

Parameters (6)

0. $name (string) => &$name
The attribute name. Returns empty string when not allowed.
1. $value (string) => &$value
The attribute value. Returns a filtered value.
2. $whole (string) => &$whole
The name=value input. Returns filtered input.
3. $vless (string)
'y' when attribute like enabled,, otherwise n..
4. $element (string)
The name of the element to which this attribute belongs.
5. $allowed_html (array)
The full list of allowed elements and attributes.

Usage

  1. if ( !function_exists( 'wp_kses_attr_check' ) ) { 
  2. require_once ABSPATH . WPINC . '/kses.php'; 
  3.  
  4. // The attribute name. Returns empty string when not allowed. 
  5. $name = &$name; 
  6.  
  7. // The attribute value. Returns a filtered value. 
  8. $value = &$value; 
  9.  
  10. // The name=value input. Returns filtered input. 
  11. $whole = &$whole; 
  12.  
  13. // 'y' when attribute like "enabled", otherwise 'n'. 
  14. $vless = ''; 
  15.  
  16. // The name of the element to which this attribute belongs. 
  17. $element = ''; 
  18.  
  19. // The full list of allowed elements and attributes. 
  20. $allowed_html = array(); 
  21.  
  22. // NOTICE! Understand what this does before running. 
  23. $result = wp_kses_attr_check($name, $value, $whole, $vless, $element, $allowed_html); 
  24.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/kses.php  
  1. function wp_kses_attr_check( &$name, &$value, &$whole, $vless, $element, $allowed_html ) { 
  2. $allowed_attr = $allowed_html[strtolower( $element )]; 
  3.  
  4. $name_low = strtolower( $name ); 
  5. if ( ! isset( $allowed_attr[$name_low] ) || '' == $allowed_attr[$name_low] ) { 
  6. $name = $value = $whole = ''; 
  7. return false; 
  8.  
  9. if ( 'style' == $name_low ) { 
  10. $new_value = safecss_filter_attr( $value ); 
  11.  
  12. if ( empty( $new_value ) ) { 
  13. $name = $value = $whole = ''; 
  14. return false; 
  15.  
  16. $whole = str_replace( $value, $new_value, $whole ); 
  17. $value = $new_value; 
  18.  
  19. if ( is_array( $allowed_attr[$name_low] ) ) { 
  20. // there are some checks 
  21. foreach ( $allowed_attr[$name_low] as $currkey => $currval ) { 
  22. if ( ! wp_kses_check_attr_val( $value, $vless, $currkey, $currval ) ) { 
  23. $name = $value = $whole = ''; 
  24. return false; 
  25.  
  26. return true;