wp_kses_check_attr_val

Performs different checks for attribute values.

Description

wp_kses_check_attr_val( (string) $value, (string) $vless, (string) $checkname, (mixed) $checkvalue ); 

The currently implemented checks are maxlen,, minlen, maxval., minval and valueless.

Parameters (4)

0. $value (string)
Attribute value
1. $vless (string)
Whether the value is valueless. Use y or n
2. $checkname (string)
What $checkvalue is checking for.
3. $checkvalue (mixed)
What constraint the value should pass

Usage

  1. if ( !function_exists( 'wp_kses_check_attr_val' ) ) { 
  2. require_once ABSPATH . WPINC . '/kses.php'; 
  3.  
  4. // Attribute value 
  5. $value = ''; 
  6.  
  7. // Whether the value is valueless. Use 'y' or 'n' 
  8. $vless = ''; 
  9.  
  10. // What $checkvalue is checking for. 
  11. $checkname = ''; 
  12.  
  13. // What constraint the value should pass 
  14. $checkvalue = null; 
  15.  
  16. // NOTICE! Understand what this does before running. 
  17. $result = wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue); 
  18.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/kses.php  
  1. function wp_kses_check_attr_val($value, $vless, $checkname, $checkvalue) { 
  2. $ok = true; 
  3.  
  4. switch (strtolower($checkname)) { 
  5. case 'maxlen' : 
  6. // The maxlen check makes sure that the attribute value has a length not 
  7. // greater than the given value. This can be used to avoid Buffer Overflows 
  8. // in WWW clients and various Internet servers. 
  9.  
  10. if (strlen($value) > $checkvalue) 
  11. $ok = false; 
  12. break; 
  13.  
  14. case 'minlen' : 
  15. // The minlen check makes sure that the attribute value has a length not 
  16. // smaller than the given value. 
  17.  
  18. if (strlen($value) < $checkvalue) 
  19. $ok = false; 
  20. break; 
  21.  
  22. case 'maxval' : 
  23. // The maxval check does two things: it checks that the attribute value is 
  24. // an integer from 0 and up, without an excessive amount of zeroes or 
  25. // whitespace (to avoid Buffer Overflows). It also checks that the attribute 
  26. // value is not greater than the given value. 
  27. // This check can be used to avoid Denial of Service attacks. 
  28.  
  29. if (!preg_match('/^\s{0, 6}[0-9]{1, 6}\s{0, 6}$/', $value)) 
  30. $ok = false; 
  31. if ($value > $checkvalue) 
  32. $ok = false; 
  33. break; 
  34.  
  35. case 'minval' : 
  36. // The minval check makes sure that the attribute value is a positive integer,  
  37. // and that it is not smaller than the given value. 
  38.  
  39. if (!preg_match('/^\s{0, 6}[0-9]{1, 6}\s{0, 6}$/', $value)) 
  40. $ok = false; 
  41. if ($value < $checkvalue) 
  42. $ok = false; 
  43. break; 
  44.  
  45. case 'valueless' : 
  46. // The valueless check makes sure if the attribute has a value 
  47. // (like <a href="blah">) or not (<option selected>). If the given value 
  48. // is a "y" or a "Y", the attribute must not have a value. 
  49. // If the given value is an "n" or an "N", the attribute must have one. 
  50.  
  51. if (strtolower($checkvalue) != $vless) 
  52. $ok = false; 
  53. break; 
  54. } // switch 
  55.  
  56. return $ok;