PageRenderTime 57ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 1ms

/blog/wp-includes/formatting.php

https://bitbucket.org/sergiohzlz/reportaprod
PHP | 3247 lines | 1970 code | 266 blank | 1011 comment | 258 complexity | 8088f38bd339468bdc1727283b5fb530 MD5 | raw file
Possible License(s): GPL-2.0, GPL-3.0, AGPL-1.0, LGPL-2.1

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. /**
  3. * Main WordPress Formatting API.
  4. *
  5. * Handles many functions for formatting output.
  6. *
  7. * @package WordPress
  8. **/
  9. /**
  10. * Replaces common plain text characters into formatted entities
  11. *
  12. * As an example,
  13. * <code>
  14. * 'cause today's effort makes it worth tomorrow's "holiday"...
  15. * </code>
  16. * Becomes:
  17. * <code>
  18. * &#8217;cause today&#8217;s effort makes it worth tomorrow&#8217;s &#8220;holiday&#8221;&#8230;
  19. * </code>
  20. * Code within certain html blocks are skipped.
  21. *
  22. * @since 0.71
  23. * @uses $wp_cockneyreplace Array of formatted entities for certain common phrases
  24. *
  25. * @param string $text The text to be formatted
  26. * @return string The string replaced with html entities
  27. */
  28. function wptexturize($text) {
  29. global $wp_cockneyreplace;
  30. static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements,
  31. $default_no_texturize_tags, $default_no_texturize_shortcodes;
  32. // No need to set up these static variables more than once
  33. if ( ! isset( $static_characters ) ) {
  34. /* translators: opening curly double quote */
  35. $opening_quote = _x( '&#8220;', 'opening curly double quote' );
  36. /* translators: closing curly double quote */
  37. $closing_quote = _x( '&#8221;', 'closing curly double quote' );
  38. /* translators: apostrophe, for example in 'cause or can't */
  39. $apos = _x( '&#8217;', 'apostrophe' );
  40. /* translators: prime, for example in 9' (nine feet) */
  41. $prime = _x( '&#8242;', 'prime' );
  42. /* translators: double prime, for example in 9" (nine inches) */
  43. $double_prime = _x( '&#8243;', 'double prime' );
  44. /* translators: opening curly single quote */
  45. $opening_single_quote = _x( '&#8216;', 'opening curly single quote' );
  46. /* translators: closing curly single quote */
  47. $closing_single_quote = _x( '&#8217;', 'closing curly single quote' );
  48. /* translators: en dash */
  49. $en_dash = _x( '&#8211;', 'en dash' );
  50. /* translators: em dash */
  51. $em_dash = _x( '&#8212;', 'em dash' );
  52. $default_no_texturize_tags = array('pre', 'code', 'kbd', 'style', 'script', 'tt');
  53. $default_no_texturize_shortcodes = array('code');
  54. // if a plugin has provided an autocorrect array, use it
  55. if ( isset($wp_cockneyreplace) ) {
  56. $cockney = array_keys($wp_cockneyreplace);
  57. $cockneyreplace = array_values($wp_cockneyreplace);
  58. } elseif ( "'" != $apos ) { // Only bother if we're doing a replacement.
  59. $cockney = array( "'tain't", "'twere", "'twas", "'tis", "'twill", "'til", "'bout", "'nuff", "'round", "'cause" );
  60. $cockneyreplace = array( $apos . "tain" . $apos . "t", $apos . "twere", $apos . "twas", $apos . "tis", $apos . "twill", $apos . "til", $apos . "bout", $apos . "nuff", $apos . "round", $apos . "cause" );
  61. } else {
  62. $cockney = $cockneyreplace = array();
  63. }
  64. $static_characters = array_merge( array( '---', ' -- ', '--', ' - ', 'xn&#8211;', '...', '``', '\'\'', ' (tm)' ), $cockney );
  65. $static_replacements = array_merge( array( $em_dash, ' ' . $em_dash . ' ', $en_dash, ' ' . $en_dash . ' ', 'xn--', '&#8230;', $opening_quote, $closing_quote, ' &#8482;' ), $cockneyreplace );
  66. $dynamic = array();
  67. if ( "'" != $apos ) {
  68. $dynamic[ '/\'(\d\d(?:&#8217;|\')?s)/' ] = $apos . '$1'; // '99's
  69. $dynamic[ '/\'(\d)/' ] = $apos . '$1'; // '99
  70. }
  71. if ( "'" != $opening_single_quote )
  72. $dynamic[ '/(\s|\A|[([{<]|")\'/' ] = '$1' . $opening_single_quote; // opening single quote, even after (, {, <, [
  73. if ( '"' != $double_prime )
  74. $dynamic[ '/(\d)"/' ] = '$1' . $double_prime; // 9" (double prime)
  75. if ( "'" != $prime )
  76. $dynamic[ '/(\d)\'/' ] = '$1' . $prime; // 9' (prime)
  77. if ( "'" != $apos )
  78. $dynamic[ '/(\S)\'([^\'\s])/' ] = '$1' . $apos . '$2'; // apostrophe in a word
  79. if ( '"' != $opening_quote )
  80. $dynamic[ '/(\s|\A|[([{<])"(?!\s)/' ] = '$1' . $opening_quote . '$2'; // opening double quote, even after (, {, <, [
  81. if ( '"' != $closing_quote )
  82. $dynamic[ '/"(\s|\S|\Z)/' ] = $closing_quote . '$1'; // closing double quote
  83. if ( "'" != $closing_single_quote )
  84. $dynamic[ '/\'([\s.]|\Z)/' ] = $closing_single_quote . '$1'; // closing single quote
  85. $dynamic[ '/\b(\d+)x(\d+)\b/' ] = '$1&#215;$2'; // 9x9 (times)
  86. $dynamic_characters = array_keys( $dynamic );
  87. $dynamic_replacements = array_values( $dynamic );
  88. }
  89. // Transform into regexp sub-expression used in _wptexturize_pushpop_element
  90. // Must do this everytime in case plugins use these filters in a context sensitive manner
  91. $no_texturize_tags = '(' . implode('|', apply_filters('no_texturize_tags', $default_no_texturize_tags) ) . ')';
  92. $no_texturize_shortcodes = '(' . implode('|', apply_filters('no_texturize_shortcodes', $default_no_texturize_shortcodes) ) . ')';
  93. $no_texturize_tags_stack = array();
  94. $no_texturize_shortcodes_stack = array();
  95. $textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
  96. foreach ( $textarr as &$curl ) {
  97. if ( empty( $curl ) )
  98. continue;
  99. // Only call _wptexturize_pushpop_element if first char is correct tag opening
  100. $first = $curl[0];
  101. if ( '<' === $first ) {
  102. _wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
  103. } elseif ( '[' === $first ) {
  104. _wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
  105. } elseif ( empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack) ) {
  106. // This is not a tag, nor is the texturization disabled static strings
  107. $curl = str_replace($static_characters, $static_replacements, $curl);
  108. // regular expressions
  109. $curl = preg_replace($dynamic_characters, $dynamic_replacements, $curl);
  110. }
  111. $curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&#038;$1', $curl);
  112. }
  113. return implode( '', $textarr );
  114. }
  115. /**
  116. * Search for disabled element tags. Push element to stack on tag open and pop
  117. * on tag close. Assumes first character of $text is tag opening.
  118. *
  119. * @access private
  120. * @since 2.9.0
  121. *
  122. * @param string $text Text to check. First character is assumed to be $opening
  123. * @param array $stack Array used as stack of opened tag elements
  124. * @param string $disabled_elements Tags to match against formatted as regexp sub-expression
  125. * @param string $opening Tag opening character, assumed to be 1 character long
  126. * @param string $opening Tag closing character
  127. * @return object
  128. */
  129. function _wptexturize_pushpop_element($text, &$stack, $disabled_elements, $opening = '<', $closing = '>') {
  130. // Check if it is a closing tag -- otherwise assume opening tag
  131. if (strncmp($opening . '/', $text, 2)) {
  132. // Opening? Check $text+1 against disabled elements
  133. if (preg_match('/^' . $disabled_elements . '\b/', substr($text, 1), $matches)) {
  134. /*
  135. * This disables texturize until we find a closing tag of our type
  136. * (e.g. <pre>) even if there was invalid nesting before that
  137. *
  138. * Example: in the case <pre>sadsadasd</code>"baba"</pre>
  139. * "baba" won't be texturize
  140. */
  141. array_push($stack, $matches[1]);
  142. }
  143. } else {
  144. // Closing? Check $text+2 against disabled elements
  145. $c = preg_quote($closing, '/');
  146. if (preg_match('/^' . $disabled_elements . $c . '/', substr($text, 2), $matches)) {
  147. $last = array_pop($stack);
  148. // Make sure it matches the opening tag
  149. if ($last != $matches[1])
  150. array_push($stack, $last);
  151. }
  152. }
  153. }
  154. /**
  155. * Replaces double line-breaks with paragraph elements.
  156. *
  157. * A group of regex replaces used to identify text formatted with newlines and
  158. * replace double line-breaks with HTML paragraph tags. The remaining
  159. * line-breaks after conversion become <<br />> tags, unless $br is set to '0'
  160. * or 'false'.
  161. *
  162. * @since 0.71
  163. *
  164. * @param string $pee The text which has to be formatted.
  165. * @param bool $br Optional. If set, this will convert all remaining line-breaks after paragraphing. Default true.
  166. * @return string Text which has been converted into correct paragraph tags.
  167. */
  168. function wpautop($pee, $br = true) {
  169. $pre_tags = array();
  170. if ( trim($pee) === '' )
  171. return '';
  172. $pee = $pee . "\n"; // just to make things a little easier, pad the end
  173. if ( strpos($pee, '<pre') !== false ) {
  174. $pee_parts = explode( '</pre>', $pee );
  175. $last_pee = array_pop($pee_parts);
  176. $pee = '';
  177. $i = 0;
  178. foreach ( $pee_parts as $pee_part ) {
  179. $start = strpos($pee_part, '<pre');
  180. // Malformed html?
  181. if ( $start === false ) {
  182. $pee .= $pee_part;
  183. continue;
  184. }
  185. $name = "<pre wp-pre-tag-$i></pre>";
  186. $pre_tags[$name] = substr( $pee_part, $start ) . '</pre>';
  187. $pee .= substr( $pee_part, 0, $start ) . $name;
  188. $i++;
  189. }
  190. $pee .= $last_pee;
  191. }
  192. $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
  193. // Space things out a little
  194. $allblocks = '(?:table|thead|tfoot|caption|col|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|option|form|map|area|blockquote|address|math|style|p|h[1-6]|hr|fieldset|legend|section|article|aside|hgroup|header|footer|nav|figure|figcaption|details|menu|summary)';
  195. $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
  196. $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
  197. $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
  198. if ( strpos($pee, '<object') !== false ) {
  199. $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
  200. $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
  201. }
  202. $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
  203. // make paragraphs, including one at the end
  204. $pees = preg_split('/\n\s*\n/', $pee, -1, PREG_SPLIT_NO_EMPTY);
  205. $pee = '';
  206. foreach ( $pees as $tinkle )
  207. $pee .= '<p>' . trim($tinkle, "\n") . "</p>\n";
  208. $pee = preg_replace('|<p>\s*</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
  209. $pee = preg_replace('!<p>([^<]+)</(div|address|form)>!', "<p>$1</p></$2>", $pee);
  210. $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
  211. $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
  212. $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
  213. $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
  214. $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
  215. $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
  216. if ( $br ) {
  217. $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', '_autop_newline_preservation_helper', $pee);
  218. $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
  219. $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
  220. }
  221. $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
  222. $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
  223. $pee = preg_replace( "|\n</p>$|", '</p>', $pee );
  224. if ( !empty($pre_tags) )
  225. $pee = str_replace(array_keys($pre_tags), array_values($pre_tags), $pee);
  226. return $pee;
  227. }
  228. /**
  229. * Newline preservation help function for wpautop
  230. *
  231. * @since 3.1.0
  232. * @access private
  233. * @param array $matches preg_replace_callback matches array
  234. * @returns string
  235. */
  236. function _autop_newline_preservation_helper( $matches ) {
  237. return str_replace("\n", "<WPPreserveNewline />", $matches[0]);
  238. }
  239. /**
  240. * Don't auto-p wrap shortcodes that stand alone
  241. *
  242. * Ensures that shortcodes are not wrapped in <<p>>...<</p>>.
  243. *
  244. * @since 2.9.0
  245. *
  246. * @param string $pee The content.
  247. * @return string The filtered content.
  248. */
  249. function shortcode_unautop( $pee ) {
  250. global $shortcode_tags;
  251. if ( empty( $shortcode_tags ) || !is_array( $shortcode_tags ) ) {
  252. return $pee;
  253. }
  254. $tagregexp = join( '|', array_map( 'preg_quote', array_keys( $shortcode_tags ) ) );
  255. $pattern =
  256. '/'
  257. . '<p>' // Opening paragraph
  258. . '\\s*+' // Optional leading whitespace
  259. . '(' // 1: The shortcode
  260. . '\\[' // Opening bracket
  261. . "($tagregexp)" // 2: Shortcode name
  262. . '\\b' // Word boundary
  263. // Unroll the loop: Inside the opening shortcode tag
  264. . '[^\\]\\/]*' // Not a closing bracket or forward slash
  265. . '(?:'
  266. . '\\/(?!\\])' // A forward slash not followed by a closing bracket
  267. . '[^\\]\\/]*' // Not a closing bracket or forward slash
  268. . ')*?'
  269. . '(?:'
  270. . '\\/\\]' // Self closing tag and closing bracket
  271. . '|'
  272. . '\\]' // Closing bracket
  273. . '(?:' // Unroll the loop: Optionally, anything between the opening and closing shortcode tags
  274. . '[^\\[]*+' // Not an opening bracket
  275. . '(?:'
  276. . '\\[(?!\\/\\2\\])' // An opening bracket not followed by the closing shortcode tag
  277. . '[^\\[]*+' // Not an opening bracket
  278. . ')*+'
  279. . '\\[\\/\\2\\]' // Closing shortcode tag
  280. . ')?'
  281. . ')'
  282. . ')'
  283. . '\\s*+' // optional trailing whitespace
  284. . '<\\/p>' // closing paragraph
  285. . '/s';
  286. return preg_replace( $pattern, '$1', $pee );
  287. }
  288. /**
  289. * Checks to see if a string is utf8 encoded.
  290. *
  291. * NOTE: This function checks for 5-Byte sequences, UTF8
  292. * has Bytes Sequences with a maximum length of 4.
  293. *
  294. * @author bmorel at ssi dot fr (modified)
  295. * @since 1.2.1
  296. *
  297. * @param string $str The string to be checked
  298. * @return bool True if $str fits a UTF-8 model, false otherwise.
  299. */
  300. function seems_utf8($str) {
  301. $length = strlen($str);
  302. for ($i=0; $i < $length; $i++) {
  303. $c = ord($str[$i]);
  304. if ($c < 0x80) $n = 0; # 0bbbbbbb
  305. elseif (($c & 0xE0) == 0xC0) $n=1; # 110bbbbb
  306. elseif (($c & 0xF0) == 0xE0) $n=2; # 1110bbbb
  307. elseif (($c & 0xF8) == 0xF0) $n=3; # 11110bbb
  308. elseif (($c & 0xFC) == 0xF8) $n=4; # 111110bb
  309. elseif (($c & 0xFE) == 0xFC) $n=5; # 1111110b
  310. else return false; # Does not match any model
  311. for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
  312. if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80))
  313. return false;
  314. }
  315. }
  316. return true;
  317. }
  318. /**
  319. * Converts a number of special characters into their HTML entities.
  320. *
  321. * Specifically deals with: &, <, >, ", and '.
  322. *
  323. * $quote_style can be set to ENT_COMPAT to encode " to
  324. * &quot;, or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
  325. *
  326. * @since 1.2.2
  327. *
  328. * @param string $string The text which is to be encoded.
  329. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
  330. * @param string $charset Optional. The character encoding of the string. Default is false.
  331. * @param boolean $double_encode Optional. Whether to encode existing html entities. Default is false.
  332. * @return string The encoded text with HTML entities.
  333. */
  334. function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
  335. $string = (string) $string;
  336. if ( 0 === strlen( $string ) )
  337. return '';
  338. // Don't bother if there are no specialchars - saves some processing
  339. if ( ! preg_match( '/[&<>"\']/', $string ) )
  340. return $string;
  341. // Account for the previous behaviour of the function when the $quote_style is not an accepted value
  342. if ( empty( $quote_style ) )
  343. $quote_style = ENT_NOQUOTES;
  344. elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) )
  345. $quote_style = ENT_QUOTES;
  346. // Store the site charset as a static to avoid multiple calls to wp_load_alloptions()
  347. if ( ! $charset ) {
  348. static $_charset;
  349. if ( ! isset( $_charset ) ) {
  350. $alloptions = wp_load_alloptions();
  351. $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : '';
  352. }
  353. $charset = $_charset;
  354. }
  355. if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) )
  356. $charset = 'UTF-8';
  357. $_quote_style = $quote_style;
  358. if ( $quote_style === 'double' ) {
  359. $quote_style = ENT_COMPAT;
  360. $_quote_style = ENT_COMPAT;
  361. } elseif ( $quote_style === 'single' ) {
  362. $quote_style = ENT_NOQUOTES;
  363. }
  364. // Handle double encoding ourselves
  365. if ( $double_encode ) {
  366. $string = @htmlspecialchars( $string, $quote_style, $charset );
  367. } else {
  368. // Decode &amp; into &
  369. $string = wp_specialchars_decode( $string, $_quote_style );
  370. // Guarantee every &entity; is valid or re-encode the &
  371. $string = wp_kses_normalize_entities( $string );
  372. // Now re-encode everything except &entity;
  373. $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
  374. for ( $i = 0; $i < count( $string ); $i += 2 )
  375. $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
  376. $string = implode( '', $string );
  377. }
  378. // Backwards compatibility
  379. if ( 'single' === $_quote_style )
  380. $string = str_replace( "'", '&#039;', $string );
  381. return $string;
  382. }
  383. /**
  384. * Converts a number of HTML entities into their special characters.
  385. *
  386. * Specifically deals with: &, <, >, ", and '.
  387. *
  388. * $quote_style can be set to ENT_COMPAT to decode " entities,
  389. * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded.
  390. *
  391. * @since 2.8
  392. *
  393. * @param string $string The text which is to be decoded.
  394. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
  395. * @return string The decoded text without HTML entities.
  396. */
  397. function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
  398. $string = (string) $string;
  399. if ( 0 === strlen( $string ) ) {
  400. return '';
  401. }
  402. // Don't bother if there are no entities - saves a lot of processing
  403. if ( strpos( $string, '&' ) === false ) {
  404. return $string;
  405. }
  406. // Match the previous behaviour of _wp_specialchars() when the $quote_style is not an accepted value
  407. if ( empty( $quote_style ) ) {
  408. $quote_style = ENT_NOQUOTES;
  409. } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
  410. $quote_style = ENT_QUOTES;
  411. }
  412. // More complete than get_html_translation_table( HTML_SPECIALCHARS )
  413. $single = array( '&#039;' => '\'', '&#x27;' => '\'' );
  414. $single_preg = array( '/&#0*39;/' => '&#039;', '/&#x0*27;/i' => '&#x27;' );
  415. $double = array( '&quot;' => '"', '&#034;' => '"', '&#x22;' => '"' );
  416. $double_preg = array( '/&#0*34;/' => '&#034;', '/&#x0*22;/i' => '&#x22;' );
  417. $others = array( '&lt;' => '<', '&#060;' => '<', '&gt;' => '>', '&#062;' => '>', '&amp;' => '&', '&#038;' => '&', '&#x26;' => '&' );
  418. $others_preg = array( '/&#0*60;/' => '&#060;', '/&#0*62;/' => '&#062;', '/&#0*38;/' => '&#038;', '/&#x0*26;/i' => '&#x26;' );
  419. if ( $quote_style === ENT_QUOTES ) {
  420. $translation = array_merge( $single, $double, $others );
  421. $translation_preg = array_merge( $single_preg, $double_preg, $others_preg );
  422. } elseif ( $quote_style === ENT_COMPAT || $quote_style === 'double' ) {
  423. $translation = array_merge( $double, $others );
  424. $translation_preg = array_merge( $double_preg, $others_preg );
  425. } elseif ( $quote_style === 'single' ) {
  426. $translation = array_merge( $single, $others );
  427. $translation_preg = array_merge( $single_preg, $others_preg );
  428. } elseif ( $quote_style === ENT_NOQUOTES ) {
  429. $translation = $others;
  430. $translation_preg = $others_preg;
  431. }
  432. // Remove zero padding on numeric entities
  433. $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string );
  434. // Replace characters according to translation table
  435. return strtr( $string, $translation );
  436. }
  437. /**
  438. * Checks for invalid UTF8 in a string.
  439. *
  440. * @since 2.8
  441. *
  442. * @param string $string The text which is to be checked.
  443. * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
  444. * @return string The checked text.
  445. */
  446. function wp_check_invalid_utf8( $string, $strip = false ) {
  447. $string = (string) $string;
  448. if ( 0 === strlen( $string ) ) {
  449. return '';
  450. }
  451. // Store the site charset as a static to avoid multiple calls to get_option()
  452. static $is_utf8;
  453. if ( !isset( $is_utf8 ) ) {
  454. $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) );
  455. }
  456. if ( !$is_utf8 ) {
  457. return $string;
  458. }
  459. // Check for support for utf8 in the installed PCRE library once and store the result in a static
  460. static $utf8_pcre;
  461. if ( !isset( $utf8_pcre ) ) {
  462. $utf8_pcre = @preg_match( '/^./u', 'a' );
  463. }
  464. // We can't demand utf8 in the PCRE installation, so just return the string in those cases
  465. if ( !$utf8_pcre ) {
  466. return $string;
  467. }
  468. // preg_match fails when it encounters invalid UTF8 in $string
  469. if ( 1 === @preg_match( '/^./us', $string ) ) {
  470. return $string;
  471. }
  472. // Attempt to strip the bad chars if requested (not recommended)
  473. if ( $strip && function_exists( 'iconv' ) ) {
  474. return iconv( 'utf-8', 'utf-8', $string );
  475. }
  476. return '';
  477. }
  478. /**
  479. * Encode the Unicode values to be used in the URI.
  480. *
  481. * @since 1.5.0
  482. *
  483. * @param string $utf8_string
  484. * @param int $length Max length of the string
  485. * @return string String with Unicode encoded for URI.
  486. */
  487. function utf8_uri_encode( $utf8_string, $length = 0 ) {
  488. $unicode = '';
  489. $values = array();
  490. $num_octets = 1;
  491. $unicode_length = 0;
  492. $string_length = strlen( $utf8_string );
  493. for ($i = 0; $i < $string_length; $i++ ) {
  494. $value = ord( $utf8_string[ $i ] );
  495. if ( $value < 128 ) {
  496. if ( $length && ( $unicode_length >= $length ) )
  497. break;
  498. $unicode .= chr($value);
  499. $unicode_length++;
  500. } else {
  501. if ( count( $values ) == 0 ) $num_octets = ( $value < 224 ) ? 2 : 3;
  502. $values[] = $value;
  503. if ( $length && ( $unicode_length + ($num_octets * 3) ) > $length )
  504. break;
  505. if ( count( $values ) == $num_octets ) {
  506. if ($num_octets == 3) {
  507. $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]) . '%' . dechex($values[2]);
  508. $unicode_length += 9;
  509. } else {
  510. $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]);
  511. $unicode_length += 6;
  512. }
  513. $values = array();
  514. $num_octets = 1;
  515. }
  516. }
  517. }
  518. return $unicode;
  519. }
  520. /**
  521. * Converts all accent characters to ASCII characters.
  522. *
  523. * If there are no accent characters, then the string given is just returned.
  524. *
  525. * @since 1.2.1
  526. *
  527. * @param string $string Text that might have accent characters
  528. * @return string Filtered string with replaced "nice" characters.
  529. */
  530. function remove_accents($string) {
  531. if ( !preg_match('/[\x80-\xff]/', $string) )
  532. return $string;
  533. if (seems_utf8($string)) {
  534. $chars = array(
  535. // Decompositions for Latin-1 Supplement
  536. chr(194).chr(170) => 'a', chr(194).chr(186) => 'o',
  537. chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
  538. chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
  539. chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
  540. chr(195).chr(134) => 'AE',chr(195).chr(135) => 'C',
  541. chr(195).chr(136) => 'E', chr(195).chr(137) => 'E',
  542. chr(195).chr(138) => 'E', chr(195).chr(139) => 'E',
  543. chr(195).chr(140) => 'I', chr(195).chr(141) => 'I',
  544. chr(195).chr(142) => 'I', chr(195).chr(143) => 'I',
  545. chr(195).chr(144) => 'D', chr(195).chr(145) => 'N',
  546. chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
  547. chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
  548. chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
  549. chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
  550. chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
  551. chr(195).chr(158) => 'TH',chr(195).chr(159) => 's',
  552. chr(195).chr(160) => 'a', chr(195).chr(161) => 'a',
  553. chr(195).chr(162) => 'a', chr(195).chr(163) => 'a',
  554. chr(195).chr(164) => 'a', chr(195).chr(165) => 'a',
  555. chr(195).chr(166) => 'ae',chr(195).chr(167) => 'c',
  556. chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
  557. chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
  558. chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
  559. chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
  560. chr(195).chr(176) => 'd', chr(195).chr(177) => 'n',
  561. chr(195).chr(178) => 'o', chr(195).chr(179) => 'o',
  562. chr(195).chr(180) => 'o', chr(195).chr(181) => 'o',
  563. chr(195).chr(182) => 'o', chr(195).chr(184) => 'o',
  564. chr(195).chr(185) => 'u', chr(195).chr(186) => 'u',
  565. chr(195).chr(187) => 'u', chr(195).chr(188) => 'u',
  566. chr(195).chr(189) => 'y', chr(195).chr(190) => 'th',
  567. chr(195).chr(191) => 'y', chr(195).chr(152) => 'O',
  568. // Decompositions for Latin Extended-A
  569. chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
  570. chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
  571. chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
  572. chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
  573. chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
  574. chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
  575. chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
  576. chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
  577. chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
  578. chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
  579. chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
  580. chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
  581. chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
  582. chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
  583. chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
  584. chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
  585. chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
  586. chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
  587. chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
  588. chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
  589. chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
  590. chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
  591. chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
  592. chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
  593. chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
  594. chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
  595. chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
  596. chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
  597. chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
  598. chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
  599. chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
  600. chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
  601. chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
  602. chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
  603. chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
  604. chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
  605. chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
  606. chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
  607. chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
  608. chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
  609. chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
  610. chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
  611. chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
  612. chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
  613. chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
  614. chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
  615. chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
  616. chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
  617. chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
  618. chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
  619. chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
  620. chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
  621. chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
  622. chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
  623. chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
  624. chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
  625. chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
  626. chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
  627. chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
  628. chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
  629. chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
  630. chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
  631. chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
  632. chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
  633. // Decompositions for Latin Extended-B
  634. chr(200).chr(152) => 'S', chr(200).chr(153) => 's',
  635. chr(200).chr(154) => 'T', chr(200).chr(155) => 't',
  636. // Euro Sign
  637. chr(226).chr(130).chr(172) => 'E',
  638. // GBP (Pound) Sign
  639. chr(194).chr(163) => '',
  640. // Vowels with diacritic (Vietnamese)
  641. // unmarked
  642. chr(198).chr(160) => 'O', chr(198).chr(161) => 'o',
  643. chr(198).chr(175) => 'U', chr(198).chr(176) => 'u',
  644. // grave accent
  645. chr(225).chr(186).chr(166) => 'A', chr(225).chr(186).chr(167) => 'a',
  646. chr(225).chr(186).chr(176) => 'A', chr(225).chr(186).chr(177) => 'a',
  647. chr(225).chr(187).chr(128) => 'E', chr(225).chr(187).chr(129) => 'e',
  648. chr(225).chr(187).chr(146) => 'O', chr(225).chr(187).chr(147) => 'o',
  649. chr(225).chr(187).chr(156) => 'O', chr(225).chr(187).chr(157) => 'o',
  650. chr(225).chr(187).chr(170) => 'U', chr(225).chr(187).chr(171) => 'u',
  651. chr(225).chr(187).chr(178) => 'Y', chr(225).chr(187).chr(179) => 'y',
  652. // hook
  653. chr(225).chr(186).chr(162) => 'A', chr(225).chr(186).chr(163) => 'a',
  654. chr(225).chr(186).chr(168) => 'A', chr(225).chr(186).chr(169) => 'a',
  655. chr(225).chr(186).chr(178) => 'A', chr(225).chr(186).chr(179) => 'a',
  656. chr(225).chr(186).chr(186) => 'E', chr(225).chr(186).chr(187) => 'e',
  657. chr(225).chr(187).chr(130) => 'E', chr(225).chr(187).chr(131) => 'e',
  658. chr(225).chr(187).chr(136) => 'I', chr(225).chr(187).chr(137) => 'i',
  659. chr(225).chr(187).chr(142) => 'O', chr(225).chr(187).chr(143) => 'o',
  660. chr(225).chr(187).chr(148) => 'O', chr(225).chr(187).chr(149) => 'o',
  661. chr(225).chr(187).chr(158) => 'O', chr(225).chr(187).chr(159) => 'o',
  662. chr(225).chr(187).chr(166) => 'U', chr(225).chr(187).chr(167) => 'u',
  663. chr(225).chr(187).chr(172) => 'U', chr(225).chr(187).chr(173) => 'u',
  664. chr(225).chr(187).chr(182) => 'Y', chr(225).chr(187).chr(183) => 'y',
  665. // tilde
  666. chr(225).chr(186).chr(170) => 'A', chr(225).chr(186).chr(171) => 'a',
  667. chr(225).chr(186).chr(180) => 'A', chr(225).chr(186).chr(181) => 'a',
  668. chr(225).chr(186).chr(188) => 'E', chr(225).chr(186).chr(189) => 'e',
  669. chr(225).chr(187).chr(132) => 'E', chr(225).chr(187).chr(133) => 'e',
  670. chr(225).chr(187).chr(150) => 'O', chr(225).chr(187).chr(151) => 'o',
  671. chr(225).chr(187).chr(160) => 'O', chr(225).chr(187).chr(161) => 'o',
  672. chr(225).chr(187).chr(174) => 'U', chr(225).chr(187).chr(175) => 'u',
  673. chr(225).chr(187).chr(184) => 'Y', chr(225).chr(187).chr(185) => 'y',
  674. // acute accent
  675. chr(225).chr(186).chr(164) => 'A', chr(225).chr(186).chr(165) => 'a',
  676. chr(225).chr(186).chr(174) => 'A', chr(225).chr(186).chr(175) => 'a',
  677. chr(225).chr(186).chr(190) => 'E', chr(225).chr(186).chr(191) => 'e',
  678. chr(225).chr(187).chr(144) => 'O', chr(225).chr(187).chr(145) => 'o',
  679. chr(225).chr(187).chr(154) => 'O', chr(225).chr(187).chr(155) => 'o',
  680. chr(225).chr(187).chr(168) => 'U', chr(225).chr(187).chr(169) => 'u',
  681. // dot below
  682. chr(225).chr(186).chr(160) => 'A', chr(225).chr(186).chr(161) => 'a',
  683. chr(225).chr(186).chr(172) => 'A', chr(225).chr(186).chr(173) => 'a',
  684. chr(225).chr(186).chr(182) => 'A', chr(225).chr(186).chr(183) => 'a',
  685. chr(225).chr(186).chr(184) => 'E', chr(225).chr(186).chr(185) => 'e',
  686. chr(225).chr(187).chr(134) => 'E', chr(225).chr(187).chr(135) => 'e',
  687. chr(225).chr(187).chr(138) => 'I', chr(225).chr(187).chr(139) => 'i',
  688. chr(225).chr(187).chr(140) => 'O', chr(225).chr(187).chr(141) => 'o',
  689. chr(225).chr(187).chr(152) => 'O', chr(225).chr(187).chr(153) => 'o',
  690. chr(225).chr(187).chr(162) => 'O', chr(225).chr(187).chr(163) => 'o',
  691. chr(225).chr(187).chr(164) => 'U', chr(225).chr(187).chr(165) => 'u',
  692. chr(225).chr(187).chr(176) => 'U', chr(225).chr(187).chr(177) => 'u',
  693. chr(225).chr(187).chr(180) => 'Y', chr(225).chr(187).chr(181) => 'y',
  694. );
  695. $string = strtr($string, $chars);
  696. } else {
  697. // Assume ISO-8859-1 if not UTF-8
  698. $chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
  699. .chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
  700. .chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
  701. .chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
  702. .chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
  703. .chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
  704. .chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
  705. .chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
  706. .chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
  707. .chr(252).chr(253).chr(255);
  708. $chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
  709. $string = strtr($string, $chars['in'], $chars['out']);
  710. $double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
  711. $double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
  712. $string = str_replace($double_chars['in'], $double_chars['out'], $string);
  713. }
  714. return $string;
  715. }
  716. /**
  717. * Sanitizes a filename replacing whitespace with dashes
  718. *
  719. * Removes special characters that are illegal in filenames on certain
  720. * operating systems and special characters requiring special escaping
  721. * to manipulate at the command line. Replaces spaces and consecutive
  722. * dashes with a single dash. Trim period, dash and underscore from beginning
  723. * and end of filename.
  724. *
  725. * @since 2.1.0
  726. *
  727. * @param string $filename The filename to be sanitized
  728. * @return string The sanitized filename
  729. */
  730. function sanitize_file_name( $filename ) {
  731. $filename_raw = $filename;
  732. $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
  733. $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
  734. $filename = str_replace($special_chars, '', $filename);
  735. $filename = preg_replace('/[\s-]+/', '-', $filename);
  736. $filename = trim($filename, '.-_');
  737. // Split the filename into a base and extension[s]
  738. $parts = explode('.', $filename);
  739. // Return if only one extension
  740. if ( count($parts) <= 2 )
  741. return apply_filters('sanitize_file_name', $filename, $filename_raw);
  742. // Process multiple extensions
  743. $filename = array_shift($parts);
  744. $extension = array_pop($parts);
  745. $mimes = get_allowed_mime_types();
  746. // Loop over any intermediate extensions. Munge them with a trailing underscore if they are a 2 - 5 character
  747. // long alpha string not in the extension whitelist.
  748. foreach ( (array) $parts as $part) {
  749. $filename .= '.' . $part;
  750. if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
  751. $allowed = false;
  752. foreach ( $mimes as $ext_preg => $mime_match ) {
  753. $ext_preg = '!^(' . $ext_preg . ')$!i';
  754. if ( preg_match( $ext_preg, $part ) ) {
  755. $allowed = true;
  756. break;
  757. }
  758. }
  759. if ( !$allowed )
  760. $filename .= '_';
  761. }
  762. }
  763. $filename .= '.' . $extension;
  764. return apply_filters('sanitize_file_name', $filename, $filename_raw);
  765. }
  766. /**
  767. * Sanitize username stripping out unsafe characters.
  768. *
  769. * Removes tags, octets, entities, and if strict is enabled, will only keep
  770. * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
  771. * raw username (the username in the parameter), and the value of $strict as
  772. * parameters for the 'sanitize_user' filter.
  773. *
  774. * @since 2.0.0
  775. * @uses apply_filters() Calls 'sanitize_user' hook on username, raw username,
  776. * and $strict parameter.
  777. *
  778. * @param string $username The username to be sanitized.
  779. * @param bool $strict If set limits $username to specific characters. Default false.
  780. * @return string The sanitized username, after passing through filters.
  781. */
  782. function sanitize_user( $username, $strict = false ) {
  783. $raw_username = $username;
  784. $username = wp_strip_all_tags( $username );
  785. $username = remove_accents( $username );
  786. // Kill octets
  787. $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
  788. $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
  789. // If strict, reduce to ASCII for max portability.
  790. if ( $strict )
  791. $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
  792. $username = trim( $username );
  793. // Consolidate contiguous whitespace
  794. $username = preg_replace( '|\s+|', ' ', $username );
  795. return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
  796. }
  797. /**
  798. * Sanitize a string key.
  799. *
  800. * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.
  801. *
  802. * @since 3.0.0
  803. *
  804. * @param string $key String key
  805. * @return string Sanitized key
  806. */
  807. function sanitize_key( $key ) {
  808. $raw_key = $key;
  809. $key = strtolower( $key );
  810. $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
  811. return apply_filters( 'sanitize_key', $key, $raw_key );
  812. }
  813. /**
  814. * Sanitizes title or use fallback title.
  815. *
  816. * Specifically, HTML and PHP tags are stripped. Further actions can be added
  817. * via the plugin API. If $title is empty and $fallback_title is set, the latter
  818. * will be used.
  819. *
  820. * @since 1.0.0
  821. *
  822. * @param string $title The string to be sanitized.
  823. * @param string $fallback_title Optional. A title to use if $title is empty.
  824. * @param string $context Optional. The operation for which the string is sanitized
  825. * @return string The sanitized string.
  826. */
  827. function sanitize_title($title, $fallback_title = '', $context = 'save') {
  828. $raw_title = $title;
  829. if ( 'save' == $context )
  830. $title = remove_accents($title);
  831. $title = apply_filters('sanitize_title', $title, $raw_title, $context);
  832. if ( '' === $title || false === $title )
  833. $title = $fallback_title;
  834. return $title;
  835. }
  836. function sanitize_title_for_query($title) {
  837. return sanitize_title($title, '', 'query');
  838. }
  839. /**
  840. * Sanitizes title, replacing whitespace and a few other characters with dashes.
  841. *
  842. * Limits the output to alphanumeric characters, underscore (_) and dash (-).
  843. * Whitespace becomes a dash.
  844. *
  845. * @since 1.2.0
  846. *
  847. * @param string $title The title to be sanitized.
  848. * @param string $raw_title Optional. Not used.
  849. * @param string $context Optional. The operation for which the string is sanitized.
  850. * @return string The sanitized title.
  851. */
  852. function sanitize_title_with_dashes($title, $raw_title = '', $context = 'display') {
  853. $title = strip_tags($title);
  854. // Preserve escaped octets.
  855. $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
  856. // Remove percent signs that are not part of an octet.
  857. $title = str_replace('%', '', $title);
  858. // Restore octets.
  859. $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
  860. if (seems_utf8($title)) {
  861. if (function_exists('mb_strtolower')) {
  862. $title = mb_strtolower($title, 'UTF-8');
  863. }
  864. $title = utf8_uri_encode($title, 200);
  865. }
  866. $title = strtolower($title);
  867. $title = preg_replace('/&.+?;/', '', $title); // kill entities
  868. $title = str_replace('.', '-', $title);
  869. if ( 'save' == $context ) {
  870. // Convert nbsp, ndash and mdash to hyphens
  871. $title = str_replace( array( '%c2%a0', '%e2%80%93', '%e2%80%94' ), '-', $title );
  872. // Strip these characters entirely
  873. $title = str_replace( array(
  874. // iexcl and iquest
  875. '%c2%a1', '%c2%bf',
  876. // angle quotes
  877. '%c2%ab', '%c2%bb', '%e2%80%b9', '%e2%80%ba',
  878. // curly quotes
  879. '%e2%80%98', '%e2%80%99', '%e2%80%9c', '%e2%80%9d',
  880. '%e2%80%9a', '%e2%80%9b', '%e2%80%9e', '%e2%80%9f',
  881. // copy, reg, deg, hellip and trade
  882. '%c2%a9', '%c2%ae', '%c2%b0', '%e2%80%a6', '%e2%84%a2',
  883. ), '', $title );
  884. // Convert times to x
  885. $title = str_replace( '%c3%97', 'x', $title );
  886. }
  887. $title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
  888. $title = preg_replace('/\s+/', '-', $title);
  889. $title = preg_replace('|-+|', '-', $title);
  890. $title = trim($title, '-');
  891. return $title;
  892. }
  893. /**
  894. * Ensures a string is a valid SQL order by clause.
  895. *
  896. * Accepts one or more columns, with or without ASC/DESC, and also accepts
  897. * RAND().
  898. *
  899. * @since 2.5.1
  900. *
  901. * @param string $orderby Order by string to be checked.
  902. * @return string|false Returns the order by clause if it is a match, false otherwise.
  903. */
  904. function sanitize_sql_orderby( $orderby ){
  905. preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
  906. if ( !$obmatches )
  907. return false;
  908. return $orderby;
  909. }
  910. /**
  911. * Santizes a html classname to ensure it only contains valid characters
  912. *
  913. * Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty
  914. * string then it will return the alternative value supplied.
  915. *
  916. * @todo Expand to support the full range of CDATA that a class attribute can contain.
  917. *
  918. * @since 2.8.0
  919. *
  920. * @param string $class The classname to be sanitized
  921. * @param string $fallback Optional. The value to return if the sanitization end's up as an empty string.
  922. * Defaults to an empty string.
  923. * @return string The sanitized value
  924. */
  925. function sanitize_html_class( $class, $fallback = '' ) {
  926. //Strip out any % encoded octets
  927. $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );
  928. //Limit to A-Z,a-z,0-9,_,-
  929. $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );
  930. if ( '' == $sanitized )
  931. $sanitized = $fallback;
  932. return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
  933. }
  934. /**
  935. * Converts a number of characters from a string.
  936. *
  937. * Metadata tags <<title>> and <<category>> are removed, <<br>> and <<hr>> are
  938. * converted into correct XHTML and Unicode characters are converted to the
  939. * valid range.
  940. *
  941. * @since 0.71
  942. *
  943. * @param string $content String of characters to be converted.
  944. * @param string $deprecated Not used.
  945. * @return string Converted string.
  946. */
  947. function convert_chars($content, $deprecated = '') {
  948. if ( !empty( $deprecated ) )
  949. _deprecated_argument( __FUNCTION__, '0.71' );
  950. // Translation of invalid Unicode references range to valid range
  951. $wp_htmltranswinuni = array(
  952. '&#128;' => '&#8364;', // the Euro sign
  953. '&#129;' => '',
  954. '&#130;' => '&#8218;', // these are Windows CP1252 specific characters
  955. '&#131;' => '&#402;', // they would look weird on non-Windows browsers
  956. '&#132;' => '&#8222;',
  957. '&#133;' => '&#8230;',
  958. '&#134;' => '&#8224;',
  959. '&#135;' => '&#8225;',
  960. '&#136;' => '&#710;',
  961. '&#137;' => '&#8240;',
  962. '&#138;' => '&#352;',
  963. '&#139;' => '&#8249;',
  964. '&#140;' => '&#338;',
  965. '&#141;' => '',
  966. '&#142;' => '&#381;',
  967. '&#143;' => '',
  968. '&#144;' => '',
  969. '&#145;' => '&#8216;',
  970. '&#146;' => '&#8217;',
  971. '&#147;' => '&#8220;',
  972. '&#148;' => '&#8221;',
  973. '&#149;' => '&#8226;',
  974. '&#150;' => '&#8211;',
  975. '&#151;' => '&#8212;',
  976. '&#152;' => '&#732;',
  977. '&#153;' => '&#8482;',
  978. '&#154;' => '&#353;',
  979. '&#155;' => '&#8250;',
  980. '&#156;' => '&#339;',
  981. '&#157;' => '',
  982. '&#158;' => '&#382;',
  983. '&#159;' => '&#376;'
  984. );
  985. // Remove metadata tags
  986. $content = preg_replace('/<title>(.+?)<\/title>/','',$content);
  987. $content = preg_replace('/<category>(.+?)<\/category>/','',$content);
  988. // Converts lone & characters into &#38; (a.k.a. &amp;)
  989. $content = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/i', '&#038;$1', $content);
  990. // Fix Word pasting
  991. $content = strtr($content, $wp_htmltranswinuni);
  992. // Just a little XHTML help
  993. $content = str_replace('<br>', '<br />', $content);
  994. $content = str_replace('<hr>', '<hr />', $content);
  995. return $content;
  996. }
  997. /**
  998. * Will only balance the tags if forced to and the option is set to balance tags.
  999. *
  1000. * The option 'use_balanceTags' is used to determine whether the tags will be balanced.
  1001. *
  1002. * @since 0.71
  1003. *
  1004. * @param string $text Text to be balanced
  1005. * @param bool $force If true, forces balancing, ignoring the value of the option. Default false.
  1006. * @return string Balanced text
  1007. */
  1008. function balanceTags( $text, $force = false ) {
  1009. if ( !$force && get_option('use_balanceTags') == 0 )
  1010. return $text;
  1011. return force_balance_tags( $text );
  1012. }
  1013. /**
  1014. * Balances tags of string using a modified stack.
  1015. *
  1016. * @since 2.0.4
  1017. *
  1018. * @author Leonard Lin <leonard@acm.org>
  1019. * @license GPL
  1020. * @copyright November 4, 2001
  1021. * @version 1.1
  1022. * @todo Make better - change loop condition to $text in 1.2
  1023. * @internal Modified by Scott Reilly (coffee2code) 02 Aug 2004
  1024. * 1.1 Fixed handling of append/stack pop order of end text
  1025. * Added Cleaning Hooks
  1026. * 1.0 First Version
  1027. *
  1028. * @param string $text Text to be balanced.
  1029. * @return string Balanced text.
  1030. */
  1031. function force_balance_tags( $text ) {
  1032. $tagstack = array();
  1033. $stacksize = 0;
  1034. $tagqueue = '';
  1035. $newtext = '';
  1036. $single_tags = array( 'br', 'hr', 'img', 'input' ); // Known single-entity/self-closing tags
  1037. $nestable_tags = array( 'blockquote', 'div', 'span', 'q' ); // Tags that can be immediately nested within themselves
  1038. // WP bug fix for comments - in case you REALLY meant to type '< !--'
  1039. $text = str_replace('< !--', '< !--', $text);
  1040. // WP bug fix for LOVE <3 (and other situations with '<' before a number)
  1041. $text = preg_replace('#<([0-9]{1})#', '&lt;$1', $text);
  1042. while ( preg_match("/<(\/?[\w:]*)\s*([^>]*)>/", $text, $regex) ) {
  1043. $newtext .= $tagqueue;
  1044. $i = strpos($text, $regex[0]);
  1045. $l = strlen($regex[0]);
  1046. // clear the shifter
  1047. $tagqueue = '';
  1048. // Pop or Push
  1049. if ( isset($regex[1][0]) && '/' == $regex[1][0] ) { // End Tag
  1050. $tag = strtolower(substr($regex[1],1));
  1051. // if too many closing tags
  1052. if( $stacksize <= 0 ) {
  1053. $tag = '';
  1054. // or close to be safe $tag = '/' . $tag;
  1055. }
  1056. // if stacktop value = tag close value then pop
  1057. else if ( $tagstack[$stacksize - 1] == $tag ) { // found closing tag
  1058. $tag = '</' . $tag . '>'; // Close Tag
  1059. // Pop
  1060. array_pop( $tagstack );
  1061. $stacksize--;
  1062. } else { // closing tag not at top, search for it
  1063. for ( $j = $stacksize-1; $j >= 0; $j-- ) {
  1064. if ( $tagstack[$j] == $tag ) {
  1065. // add tag to tagqueue
  1066. for ( $k = $stacksize-1; $k >= $j; $k--) {
  1067. $tagqueue .= '</' . array_pop( $tagstack ) . '>';
  1068. $stacksize--;
  1069. }
  1070. break;
  1071. }
  1072. }
  1073. $tag = '';
  1074. }
  1075. } else { // Begin Tag
  1076. $tag = strtolower($regex[1]);
  1077. // Tag Cleaning
  1078. // If self-closing or '', don't do anything.
  1079. if ( substr($regex[2],-1) == '/' || $tag == '' ) {
  1080. // do nothing
  1081. }
  1082. // ElseIf it's a known single-entity tag but it doesn't close itself, do so
  1083. elseif ( in_array($tag, $single_tags) ) {
  1084. $regex[2] .= '/';
  1085. } else { // Push the tag onto the stack
  1086. // If the top of the stack is the same as the tag we want to push, close previous tag
  1087. if ( $stacksize > 0 && !in_array($tag, $nestable_tags) && $tagstack[$stacksize - 1] == $tag ) {
  1088. $tagqueue = '</' . array_pop ($tagstack) . '>';
  1089. $stacksize--;
  1090. }
  1091. $stacksize = array_push ($tagstack, $tag);
  1092. }
  1093. // Attributes
  1094. $attributes = $regex[2];
  1095. if( !empty($attributes) )
  1096. $attributes = ' '.$attributes;
  1097. $tag = '<' . $tag . $attributes . '>';
  1098. //If already queuing a close tag, then put this tag on, too
  1099. if ( !empty($tagqueue) ) {
  1100. $tagqueue .= $tag;
  1101. $tag = '';
  1102. }
  1103. }
  1104. $newtext .= substr($text, 0, $i) . $tag;
  1105. $text = substr($text, $i + $l);
  1106. }
  1107. // Clear Tag Queue
  1108. $newtext .= $tagqueue;
  1109. // Add Remaining text
  1110. $newtext .= $text;
  1111. // Empty Stack
  1112. while( $x = array_pop($tagstack) )
  1113. $newtext .= '</' . $x . '>'; // Add remaining tags to close
  1114. // WP fix for the bug with HTML comments
  1115. $newtext = str_replace("< !--","<!--",$newtext);
  1116. $newtext = str_replace("< !--","< !--",$newtext);
  1117. return $newtext;
  1118. }
  1119. /**
  1120. * Acts on text which is about to be edited.
  1121. *
  1122. * The $content is run through esc_textarea(), which uses htmlspecialchars()
  1123. * to convert special characters to HTML entities. If $richedit is set to true,
  1124. * it is simply a holder for the 'format_to_edit' filter.
  1125. *
  1126. * @since 0.71
  1127. *
  1128. * @param string $content The text about to be edited.
  1129. * @param bool $richedit Whether the $content should not pass through htmlspecialchars(). Default false (meaning it will be passed).
  1130. * @return string The text after the filter (and possibly htmlspecialchars()) has been run.
  1131. */
  1132. function format_to_edit( $content, $richedit = false ) {
  1133. $content = apply_filters( 'format_to_edit', $content );
  1134. if ( ! $richedit )
  1135. $content = esc_textarea( $content );
  1136. return $content;
  1137. }
  1138. /**
  1139. * Holder for the 'format_to_post' filter.
  1140. *
  1141. * @since 0.71
  1142. *
  1143. * @param string $content The text to pass through the filter.
  1144. * @return string Text returned from the 'format_to_post' filter.
  1145. */
  1146. function format_to_post($content) {
  1147. $content = apply_filters('format_to_post', $content);
  1148. return $content;
  1149. }
  1150. /**
  1151. * Add leading zeros when necessary.
  1152. *
  1153. * If you set the threshold to '4' and the number is '10', then you will get
  1154. * back '0010'. If you set the threshold to '4' and the number is '5000', then you
  1155. * will get back '5000'.
  1156. *
  1157. * Uses sprintf to append the amount of zeros based on the $threshold parameter
  1158. * and the size of the number. If the number is large enough, then no zeros will
  1159. * be appended.
  1160. *
  1161. * @since 0.71
  1162. *
  1163. * @param mixed $number Number to append zeros to if not greater than threshold.
  1164. * @param int $threshold Digit places number needs to be to not have zeros added.
  1165. * @return string Adds leading zeros to number if needed.
  1166. */
  1167. function zeroise($number, $threshold) {
  1168. return sprintf('%0'.$threshold.'s', $number);
  1169. }
  1170. /**
  1171. * Adds backslashes before letters and before a number at the start of a string.
  1172. *
  1173. * @since 0.71
  1174. *
  1175. * @param string $string Value to which backslashes will be added.
  1176. * @return string String with backslashes inserted.
  1177. */
  1178. function backslashit($string) {
  1179. $string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
  1180. $string = preg_replace('/([a-z])/i', '\\\\\1', $string);
  1181. return $string;
  1182. }
  1183. /**
  1184. * Appends a trailing slash.
  1185. *
  1186. * Will remove trailing slash if it exists already before adding a trailing
  1187. * slash. This prevents double slashing a string or path.
  1188. *
  1189. * The primary use of this is for paths and thus should be used for paths. It is
  1190. * not restricted to paths and offers no specific path support.
  1191. *
  1192. * @…

Large files files are truncated, but you can click here to view the full file