PageRenderTime 73ms CodeModel.GetById 24ms RepoModel.GetById 1ms app.codeStats 0ms

/wp-includes/formatting.php

https://bitbucket.org/betaimages/taxdefense
PHP | 3308 lines | 2011 code | 275 blank | 1022 comment | 265 complexity | 1a8664f9385c28fc01c4224c51fcb72c MD5 | raw file
  1. <?php
  2. /**
  3. * Main WordPress Formatting API.
  4. *
  5. * Handles many functions for formatting output.
  6. *
  7. * @package WordPress
  8. **/
  9. /**
  10. * Replaces common plain text characters into formatted entities
  11. *
  12. * As an example,
  13. * <code>
  14. * 'cause today's effort makes it worth tomorrow's "holiday"...
  15. * </code>
  16. * Becomes:
  17. * <code>
  18. * &#8217;cause today&#8217;s effort makes it worth tomorrow&#8217;s &#8220;holiday&#8221;&#8230;
  19. * </code>
  20. * Code within certain html blocks are skipped.
  21. *
  22. * @since 0.71
  23. * @uses $wp_cockneyreplace Array of formatted entities for certain common phrases
  24. *
  25. * @param string $text The text to be formatted
  26. * @return string The string replaced with html entities
  27. */
  28. function wptexturize($text) {
  29. global $wp_cockneyreplace;
  30. static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements,
  31. $default_no_texturize_tags, $default_no_texturize_shortcodes;
  32. // No need to set up these static variables more than once
  33. if ( ! isset( $static_characters ) ) {
  34. /* translators: opening curly double quote */
  35. $opening_quote = _x( '&#8220;', 'opening curly double quote' );
  36. /* translators: closing curly double quote */
  37. $closing_quote = _x( '&#8221;', 'closing curly double quote' );
  38. /* translators: apostrophe, for example in 'cause or can't */
  39. $apos = _x( '&#8217;', 'apostrophe' );
  40. /* translators: prime, for example in 9' (nine feet) */
  41. $prime = _x( '&#8242;', 'prime' );
  42. /* translators: double prime, for example in 9" (nine inches) */
  43. $double_prime = _x( '&#8243;', 'double prime' );
  44. /* translators: opening curly single quote */
  45. $opening_single_quote = _x( '&#8216;', 'opening curly single quote' );
  46. /* translators: closing curly single quote */
  47. $closing_single_quote = _x( '&#8217;', 'closing curly single quote' );
  48. /* translators: en dash */
  49. $en_dash = _x( '&#8211;', 'en dash' );
  50. /* translators: em dash */
  51. $em_dash = _x( '&#8212;', 'em dash' );
  52. $default_no_texturize_tags = array('pre', 'code', 'kbd', 'style', 'script', 'tt');
  53. $default_no_texturize_shortcodes = array('code');
  54. // if a plugin has provided an autocorrect array, use it
  55. if ( isset($wp_cockneyreplace) ) {
  56. $cockney = array_keys($wp_cockneyreplace);
  57. $cockneyreplace = array_values($wp_cockneyreplace);
  58. } elseif ( "'" != $apos ) { // Only bother if we're doing a replacement.
  59. $cockney = array( "'tain't", "'twere", "'twas", "'tis", "'twill", "'til", "'bout", "'nuff", "'round", "'cause" );
  60. $cockneyreplace = array( $apos . "tain" . $apos . "t", $apos . "twere", $apos . "twas", $apos . "tis", $apos . "twill", $apos . "til", $apos . "bout", $apos . "nuff", $apos . "round", $apos . "cause" );
  61. } else {
  62. $cockney = $cockneyreplace = array();
  63. }
  64. $static_characters = array_merge( array( '---', ' -- ', '--', ' - ', 'xn&#8211;', '...', '``', '\'\'', ' (tm)' ), $cockney );
  65. $static_replacements = array_merge( array( $em_dash, ' ' . $em_dash . ' ', $en_dash, ' ' . $en_dash . ' ', 'xn--', '&#8230;', $opening_quote, $closing_quote, ' &#8482;' ), $cockneyreplace );
  66. $dynamic = array();
  67. if ( "'" != $apos ) {
  68. $dynamic[ '/\'(\d\d(?:&#8217;|\')?s)/' ] = $apos . '$1'; // '99's
  69. $dynamic[ '/\'(\d)/' ] = $apos . '$1'; // '99
  70. }
  71. if ( "'" != $opening_single_quote )
  72. $dynamic[ '/(\s|\A|[([{<]|")\'/' ] = '$1' . $opening_single_quote; // opening single quote, even after (, {, <, [
  73. if ( '"' != $double_prime )
  74. $dynamic[ '/(\d)"/' ] = '$1' . $double_prime; // 9" (double prime)
  75. if ( "'" != $prime )
  76. $dynamic[ '/(\d)\'/' ] = '$1' . $prime; // 9' (prime)
  77. if ( "'" != $apos )
  78. $dynamic[ '/(\S)\'([^\'\s])/' ] = '$1' . $apos . '$2'; // apostrophe in a word
  79. if ( '"' != $opening_quote )
  80. $dynamic[ '/(\s|\A|[([{<])"(?!\s)/' ] = '$1' . $opening_quote . '$2'; // opening double quote, even after (, {, <, [
  81. if ( '"' != $closing_quote )
  82. $dynamic[ '/"(\s|\S|\Z)/' ] = $closing_quote . '$1'; // closing double quote
  83. if ( "'" != $closing_single_quote )
  84. $dynamic[ '/\'([\s.]|\Z)/' ] = $closing_single_quote . '$1'; // closing single quote
  85. $dynamic[ '/\b(\d+)x(\d+)\b/' ] = '$1&#215;$2'; // 9x9 (times)
  86. $dynamic_characters = array_keys( $dynamic );
  87. $dynamic_replacements = array_values( $dynamic );
  88. }
  89. // Transform into regexp sub-expression used in _wptexturize_pushpop_element
  90. // Must do this every time in case plugins use these filters in a context sensitive manner
  91. $no_texturize_tags = '(' . implode('|', apply_filters('no_texturize_tags', $default_no_texturize_tags) ) . ')';
  92. $no_texturize_shortcodes = '(' . implode('|', apply_filters('no_texturize_shortcodes', $default_no_texturize_shortcodes) ) . ')';
  93. $no_texturize_tags_stack = array();
  94. $no_texturize_shortcodes_stack = array();
  95. $textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
  96. foreach ( $textarr as &$curl ) {
  97. if ( empty( $curl ) )
  98. continue;
  99. // Only call _wptexturize_pushpop_element if first char is correct tag opening
  100. $first = $curl[0];
  101. if ( '<' === $first ) {
  102. _wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
  103. } elseif ( '[' === $first ) {
  104. _wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
  105. } elseif ( empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack) ) {
  106. // This is not a tag, nor is the texturization disabled static strings
  107. $curl = str_replace($static_characters, $static_replacements, $curl);
  108. // regular expressions
  109. $curl = preg_replace($dynamic_characters, $dynamic_replacements, $curl);
  110. }
  111. $curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&#038;$1', $curl);
  112. }
  113. return implode( '', $textarr );
  114. }
  115. /**
  116. * Search for disabled element tags. Push element to stack on tag open and pop
  117. * on tag close. Assumes first character of $text is tag opening.
  118. *
  119. * @access private
  120. * @since 2.9.0
  121. *
  122. * @param string $text Text to check. First character is assumed to be $opening
  123. * @param array $stack Array used as stack of opened tag elements
  124. * @param string $disabled_elements Tags to match against formatted as regexp sub-expression
  125. * @param string $opening Tag opening character, assumed to be 1 character long
  126. * @param string $closing Tag closing character
  127. */
  128. function _wptexturize_pushpop_element($text, &$stack, $disabled_elements, $opening = '<', $closing = '>') {
  129. // Check if it is a closing tag -- otherwise assume opening tag
  130. if (strncmp($opening . '/', $text, 2)) {
  131. // Opening? Check $text+1 against disabled elements
  132. if (preg_match('/^' . $disabled_elements . '\b/', substr($text, 1), $matches)) {
  133. /*
  134. * This disables texturize until we find a closing tag of our type
  135. * (e.g. <pre>) even if there was invalid nesting before that
  136. *
  137. * Example: in the case <pre>sadsadasd</code>"baba"</pre>
  138. * "baba" won't be texturize
  139. */
  140. array_push($stack, $matches[1]);
  141. }
  142. } else {
  143. // Closing? Check $text+2 against disabled elements
  144. $c = preg_quote($closing, '/');
  145. if (preg_match('/^' . $disabled_elements . $c . '/', substr($text, 2), $matches)) {
  146. $last = array_pop($stack);
  147. // Make sure it matches the opening tag
  148. if ($last != $matches[1])
  149. array_push($stack, $last);
  150. }
  151. }
  152. }
  153. /**
  154. * Replaces double line-breaks with paragraph elements.
  155. *
  156. * A group of regex replaces used to identify text formatted with newlines and
  157. * replace double line-breaks with HTML paragraph tags. The remaining
  158. * line-breaks after conversion become <<br />> tags, unless $br is set to '0'
  159. * or 'false'.
  160. *
  161. * @since 0.71
  162. *
  163. * @param string $pee The text which has to be formatted.
  164. * @param bool $br Optional. If set, this will convert all remaining line-breaks after paragraphing. Default true.
  165. * @return string Text which has been converted into correct paragraph tags.
  166. */
  167. function wpautop($pee, $br = true) {
  168. $pre_tags = array();
  169. if ( trim($pee) === '' )
  170. return '';
  171. $pee = $pee . "\n"; // just to make things a little easier, pad the end
  172. if ( strpos($pee, '<pre') !== false ) {
  173. $pee_parts = explode( '</pre>', $pee );
  174. $last_pee = array_pop($pee_parts);
  175. $pee = '';
  176. $i = 0;
  177. foreach ( $pee_parts as $pee_part ) {
  178. $start = strpos($pee_part, '<pre');
  179. // Malformed html?
  180. if ( $start === false ) {
  181. $pee .= $pee_part;
  182. continue;
  183. }
  184. $name = "<pre wp-pre-tag-$i></pre>";
  185. $pre_tags[$name] = substr( $pee_part, $start ) . '</pre>';
  186. $pee .= substr( $pee_part, 0, $start ) . $name;
  187. $i++;
  188. }
  189. $pee .= $last_pee;
  190. }
  191. $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
  192. // Space things out a little
  193. $allblocks = '(?:table|thead|tfoot|caption|col|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|option|form|map|area|blockquote|address|math|style|p|h[1-6]|hr|fieldset|noscript|samp|legend|section|article|aside|hgroup|header|footer|nav|figure|figcaption|details|menu|summary)';
  194. $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
  195. $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
  196. $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
  197. if ( strpos($pee, '<object') !== false ) {
  198. $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
  199. $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
  200. }
  201. $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
  202. // make paragraphs, including one at the end
  203. $pees = preg_split('/\n\s*\n/', $pee, -1, PREG_SPLIT_NO_EMPTY);
  204. $pee = '';
  205. foreach ( $pees as $tinkle )
  206. $pee .= '<p>' . trim($tinkle, "\n") . "</p>\n";
  207. $pee = preg_replace('|<p>\s*</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
  208. $pee = preg_replace('!<p>([^<]+)</(div|address|form)>!', "<p>$1</p></$2>", $pee);
  209. $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
  210. $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
  211. $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
  212. $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
  213. $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
  214. $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
  215. if ( $br ) {
  216. $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', '_autop_newline_preservation_helper', $pee);
  217. $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
  218. $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
  219. }
  220. $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
  221. $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
  222. $pee = preg_replace( "|\n</p>$|", '</p>', $pee );
  223. if ( !empty($pre_tags) )
  224. $pee = str_replace(array_keys($pre_tags), array_values($pre_tags), $pee);
  225. return $pee;
  226. }
  227. /**
  228. * Newline preservation help function for wpautop
  229. *
  230. * @since 3.1.0
  231. * @access private
  232. * @param array $matches preg_replace_callback matches array
  233. * @return string
  234. */
  235. function _autop_newline_preservation_helper( $matches ) {
  236. return str_replace("\n", "<WPPreserveNewline />", $matches[0]);
  237. }
  238. /**
  239. * Don't auto-p wrap shortcodes that stand alone
  240. *
  241. * Ensures that shortcodes are not wrapped in <<p>>...<</p>>.
  242. *
  243. * @since 2.9.0
  244. *
  245. * @param string $pee The content.
  246. * @return string The filtered content.
  247. */
  248. function shortcode_unautop( $pee ) {
  249. global $shortcode_tags;
  250. if ( empty( $shortcode_tags ) || !is_array( $shortcode_tags ) ) {
  251. return $pee;
  252. }
  253. $tagregexp = join( '|', array_map( 'preg_quote', array_keys( $shortcode_tags ) ) );
  254. $pattern =
  255. '/'
  256. . '<p>' // Opening paragraph
  257. . '\\s*+' // Optional leading whitespace
  258. . '(' // 1: The shortcode
  259. . '\\[' // Opening bracket
  260. . "($tagregexp)" // 2: Shortcode name
  261. . '(?![\\w-])' // Not followed by word character or hyphen
  262. // Unroll the loop: Inside the opening shortcode tag
  263. . '[^\\]\\/]*' // Not a closing bracket or forward slash
  264. . '(?:'
  265. . '\\/(?!\\])' // A forward slash not followed by a closing bracket
  266. . '[^\\]\\/]*' // Not a closing bracket or forward slash
  267. . ')*?'
  268. . '(?:'
  269. . '\\/\\]' // Self closing tag and closing bracket
  270. . '|'
  271. . '\\]' // Closing bracket
  272. . '(?:' // Unroll the loop: Optionally, anything between the opening and closing shortcode tags
  273. . '[^\\[]*+' // Not an opening bracket
  274. . '(?:'
  275. . '\\[(?!\\/\\2\\])' // An opening bracket not followed by the closing shortcode tag
  276. . '[^\\[]*+' // Not an opening bracket
  277. . ')*+'
  278. . '\\[\\/\\2\\]' // Closing shortcode tag
  279. . ')?'
  280. . ')'
  281. . ')'
  282. . '\\s*+' // optional trailing whitespace
  283. . '<\\/p>' // closing paragraph
  284. . '/s';
  285. return preg_replace( $pattern, '$1', $pee );
  286. }
  287. /**
  288. * Checks to see if a string is utf8 encoded.
  289. *
  290. * NOTE: This function checks for 5-Byte sequences, UTF8
  291. * has Bytes Sequences with a maximum length of 4.
  292. *
  293. * @author bmorel at ssi dot fr (modified)
  294. * @since 1.2.1
  295. *
  296. * @param string $str The string to be checked
  297. * @return bool True if $str fits a UTF-8 model, false otherwise.
  298. */
  299. function seems_utf8($str) {
  300. $length = strlen($str);
  301. for ($i=0; $i < $length; $i++) {
  302. $c = ord($str[$i]);
  303. if ($c < 0x80) $n = 0; # 0bbbbbbb
  304. elseif (($c & 0xE0) == 0xC0) $n=1; # 110bbbbb
  305. elseif (($c & 0xF0) == 0xE0) $n=2; # 1110bbbb
  306. elseif (($c & 0xF8) == 0xF0) $n=3; # 11110bbb
  307. elseif (($c & 0xFC) == 0xF8) $n=4; # 111110bb
  308. elseif (($c & 0xFE) == 0xFC) $n=5; # 1111110b
  309. else return false; # Does not match any model
  310. for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
  311. if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80))
  312. return false;
  313. }
  314. }
  315. return true;
  316. }
  317. /**
  318. * Converts a number of special characters into their HTML entities.
  319. *
  320. * Specifically deals with: &, <, >, ", and '.
  321. *
  322. * $quote_style can be set to ENT_COMPAT to encode " to
  323. * &quot;, or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
  324. *
  325. * @since 1.2.2
  326. *
  327. * @param string $string The text which is to be encoded.
  328. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
  329. * @param string $charset Optional. The character encoding of the string. Default is false.
  330. * @param boolean $double_encode Optional. Whether to encode existing html entities. Default is false.
  331. * @return string The encoded text with HTML entities.
  332. */
  333. function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
  334. $string = (string) $string;
  335. if ( 0 === strlen( $string ) )
  336. return '';
  337. // Don't bother if there are no specialchars - saves some processing
  338. if ( ! preg_match( '/[&<>"\']/', $string ) )
  339. return $string;
  340. // Account for the previous behaviour of the function when the $quote_style is not an accepted value
  341. if ( empty( $quote_style ) )
  342. $quote_style = ENT_NOQUOTES;
  343. elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) )
  344. $quote_style = ENT_QUOTES;
  345. // Store the site charset as a static to avoid multiple calls to wp_load_alloptions()
  346. if ( ! $charset ) {
  347. static $_charset;
  348. if ( ! isset( $_charset ) ) {
  349. $alloptions = wp_load_alloptions();
  350. $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : '';
  351. }
  352. $charset = $_charset;
  353. }
  354. if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) )
  355. $charset = 'UTF-8';
  356. $_quote_style = $quote_style;
  357. if ( $quote_style === 'double' ) {
  358. $quote_style = ENT_COMPAT;
  359. $_quote_style = ENT_COMPAT;
  360. } elseif ( $quote_style === 'single' ) {
  361. $quote_style = ENT_NOQUOTES;
  362. }
  363. // Handle double encoding ourselves
  364. if ( $double_encode ) {
  365. $string = @htmlspecialchars( $string, $quote_style, $charset );
  366. } else {
  367. // Decode &amp; into &
  368. $string = wp_specialchars_decode( $string, $_quote_style );
  369. // Guarantee every &entity; is valid or re-encode the &
  370. $string = wp_kses_normalize_entities( $string );
  371. // Now re-encode everything except &entity;
  372. $string = preg_split( '/(&#?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE );
  373. for ( $i = 0; $i < count( $string ); $i += 2 )
  374. $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset );
  375. $string = implode( '', $string );
  376. }
  377. // Backwards compatibility
  378. if ( 'single' === $_quote_style )
  379. $string = str_replace( "'", '&#039;', $string );
  380. return $string;
  381. }
  382. /**
  383. * Converts a number of HTML entities into their special characters.
  384. *
  385. * Specifically deals with: &, <, >, ", and '.
  386. *
  387. * $quote_style can be set to ENT_COMPAT to decode " entities,
  388. * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded.
  389. *
  390. * @since 2.8
  391. *
  392. * @param string $string The text which is to be decoded.
  393. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
  394. * @return string The decoded text without HTML entities.
  395. */
  396. function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
  397. $string = (string) $string;
  398. if ( 0 === strlen( $string ) ) {
  399. return '';
  400. }
  401. // Don't bother if there are no entities - saves a lot of processing
  402. if ( strpos( $string, '&' ) === false ) {
  403. return $string;
  404. }
  405. // Match the previous behaviour of _wp_specialchars() when the $quote_style is not an accepted value
  406. if ( empty( $quote_style ) ) {
  407. $quote_style = ENT_NOQUOTES;
  408. } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
  409. $quote_style = ENT_QUOTES;
  410. }
  411. // More complete than get_html_translation_table( HTML_SPECIALCHARS )
  412. $single = array( '&#039;' => '\'', '&#x27;' => '\'' );
  413. $single_preg = array( '/&#0*39;/' => '&#039;', '/&#x0*27;/i' => '&#x27;' );
  414. $double = array( '&quot;' => '"', '&#034;' => '"', '&#x22;' => '"' );
  415. $double_preg = array( '/&#0*34;/' => '&#034;', '/&#x0*22;/i' => '&#x22;' );
  416. $others = array( '&lt;' => '<', '&#060;' => '<', '&gt;' => '>', '&#062;' => '>', '&amp;' => '&', '&#038;' => '&', '&#x26;' => '&' );
  417. $others_preg = array( '/&#0*60;/' => '&#060;', '/&#0*62;/' => '&#062;', '/&#0*38;/' => '&#038;', '/&#x0*26;/i' => '&#x26;' );
  418. if ( $quote_style === ENT_QUOTES ) {
  419. $translation = array_merge( $single, $double, $others );
  420. $translation_preg = array_merge( $single_preg, $double_preg, $others_preg );
  421. } elseif ( $quote_style === ENT_COMPAT || $quote_style === 'double' ) {
  422. $translation = array_merge( $double, $others );
  423. $translation_preg = array_merge( $double_preg, $others_preg );
  424. } elseif ( $quote_style === 'single' ) {
  425. $translation = array_merge( $single, $others );
  426. $translation_preg = array_merge( $single_preg, $others_preg );
  427. } elseif ( $quote_style === ENT_NOQUOTES ) {
  428. $translation = $others;
  429. $translation_preg = $others_preg;
  430. }
  431. // Remove zero padding on numeric entities
  432. $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string );
  433. // Replace characters according to translation table
  434. return strtr( $string, $translation );
  435. }
  436. /**
  437. * Checks for invalid UTF8 in a string.
  438. *
  439. * @since 2.8
  440. *
  441. * @param string $string The text which is to be checked.
  442. * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
  443. * @return string The checked text.
  444. */
  445. function wp_check_invalid_utf8( $string, $strip = false ) {
  446. $string = (string) $string;
  447. if ( 0 === strlen( $string ) ) {
  448. return '';
  449. }
  450. // Store the site charset as a static to avoid multiple calls to get_option()
  451. static $is_utf8;
  452. if ( !isset( $is_utf8 ) ) {
  453. $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) );
  454. }
  455. if ( !$is_utf8 ) {
  456. return $string;
  457. }
  458. // Check for support for utf8 in the installed PCRE library once and store the result in a static
  459. static $utf8_pcre;
  460. if ( !isset( $utf8_pcre ) ) {
  461. $utf8_pcre = @preg_match( '/^./u', 'a' );
  462. }
  463. // We can't demand utf8 in the PCRE installation, so just return the string in those cases
  464. if ( !$utf8_pcre ) {
  465. return $string;
  466. }
  467. // preg_match fails when it encounters invalid UTF8 in $string
  468. if ( 1 === @preg_match( '/^./us', $string ) ) {
  469. return $string;
  470. }
  471. // Attempt to strip the bad chars if requested (not recommended)
  472. if ( $strip && function_exists( 'iconv' ) ) {
  473. return iconv( 'utf-8', 'utf-8', $string );
  474. }
  475. return '';
  476. }
  477. /**
  478. * Encode the Unicode values to be used in the URI.
  479. *
  480. * @since 1.5.0
  481. *
  482. * @param string $utf8_string
  483. * @param int $length Max length of the string
  484. * @return string String with Unicode encoded for URI.
  485. */
  486. function utf8_uri_encode( $utf8_string, $length = 0 ) {
  487. $unicode = '';
  488. $values = array();
  489. $num_octets = 1;
  490. $unicode_length = 0;
  491. $string_length = strlen( $utf8_string );
  492. for ($i = 0; $i < $string_length; $i++ ) {
  493. $value = ord( $utf8_string[ $i ] );
  494. if ( $value < 128 ) {
  495. if ( $length && ( $unicode_length >= $length ) )
  496. break;
  497. $unicode .= chr($value);
  498. $unicode_length++;
  499. } else {
  500. if ( count( $values ) == 0 ) $num_octets = ( $value < 224 ) ? 2 : 3;
  501. $values[] = $value;
  502. if ( $length && ( $unicode_length + ($num_octets * 3) ) > $length )
  503. break;
  504. if ( count( $values ) == $num_octets ) {
  505. if ($num_octets == 3) {
  506. $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]) . '%' . dechex($values[2]);
  507. $unicode_length += 9;
  508. } else {
  509. $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]);
  510. $unicode_length += 6;
  511. }
  512. $values = array();
  513. $num_octets = 1;
  514. }
  515. }
  516. }
  517. return $unicode;
  518. }
  519. /**
  520. * Converts all accent characters to ASCII characters.
  521. *
  522. * If there are no accent characters, then the string given is just returned.
  523. *
  524. * @since 1.2.1
  525. *
  526. * @param string $string Text that might have accent characters
  527. * @return string Filtered string with replaced "nice" characters.
  528. */
  529. function remove_accents($string) {
  530. if ( !preg_match('/[\x80-\xff]/', $string) )
  531. return $string;
  532. if (seems_utf8($string)) {
  533. $chars = array(
  534. // Decompositions for Latin-1 Supplement
  535. chr(194).chr(170) => 'a', chr(194).chr(186) => 'o',
  536. chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
  537. chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
  538. chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
  539. chr(195).chr(134) => 'AE',chr(195).chr(135) => 'C',
  540. chr(195).chr(136) => 'E', chr(195).chr(137) => 'E',
  541. chr(195).chr(138) => 'E', chr(195).chr(139) => 'E',
  542. chr(195).chr(140) => 'I', chr(195).chr(141) => 'I',
  543. chr(195).chr(142) => 'I', chr(195).chr(143) => 'I',
  544. chr(195).chr(144) => 'D', chr(195).chr(145) => 'N',
  545. chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
  546. chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
  547. chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
  548. chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
  549. chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
  550. chr(195).chr(158) => 'TH',chr(195).chr(159) => 's',
  551. chr(195).chr(160) => 'a', chr(195).chr(161) => 'a',
  552. chr(195).chr(162) => 'a', chr(195).chr(163) => 'a',
  553. chr(195).chr(164) => 'a', chr(195).chr(165) => 'a',
  554. chr(195).chr(166) => 'ae',chr(195).chr(167) => 'c',
  555. chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
  556. chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
  557. chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
  558. chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
  559. chr(195).chr(176) => 'd', chr(195).chr(177) => 'n',
  560. chr(195).chr(178) => 'o', chr(195).chr(179) => 'o',
  561. chr(195).chr(180) => 'o', chr(195).chr(181) => 'o',
  562. chr(195).chr(182) => 'o', chr(195).chr(184) => 'o',
  563. chr(195).chr(185) => 'u', chr(195).chr(186) => 'u',
  564. chr(195).chr(187) => 'u', chr(195).chr(188) => 'u',
  565. chr(195).chr(189) => 'y', chr(195).chr(190) => 'th',
  566. chr(195).chr(191) => 'y', chr(195).chr(152) => 'O',
  567. // Decompositions for Latin Extended-A
  568. chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
  569. chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
  570. chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
  571. chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
  572. chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
  573. chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
  574. chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
  575. chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
  576. chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
  577. chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
  578. chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
  579. chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
  580. chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
  581. chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
  582. chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
  583. chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
  584. chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
  585. chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
  586. chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
  587. chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
  588. chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
  589. chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
  590. chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
  591. chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
  592. chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
  593. chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
  594. chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
  595. chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
  596. chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
  597. chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
  598. chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
  599. chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
  600. chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
  601. chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
  602. chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
  603. chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
  604. chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
  605. chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
  606. chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
  607. chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
  608. chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
  609. chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
  610. chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
  611. chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
  612. chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
  613. chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
  614. chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
  615. chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
  616. chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
  617. chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
  618. chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
  619. chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
  620. chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
  621. chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
  622. chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
  623. chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
  624. chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
  625. chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
  626. chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
  627. chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
  628. chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
  629. chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
  630. chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
  631. chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
  632. // Decompositions for Latin Extended-B
  633. chr(200).chr(152) => 'S', chr(200).chr(153) => 's',
  634. chr(200).chr(154) => 'T', chr(200).chr(155) => 't',
  635. // Euro Sign
  636. chr(226).chr(130).chr(172) => 'E',
  637. // GBP (Pound) Sign
  638. chr(194).chr(163) => '',
  639. // Vowels with diacritic (Vietnamese)
  640. // unmarked
  641. chr(198).chr(160) => 'O', chr(198).chr(161) => 'o',
  642. chr(198).chr(175) => 'U', chr(198).chr(176) => 'u',
  643. // grave accent
  644. chr(225).chr(186).chr(166) => 'A', chr(225).chr(186).chr(167) => 'a',
  645. chr(225).chr(186).chr(176) => 'A', chr(225).chr(186).chr(177) => 'a',
  646. chr(225).chr(187).chr(128) => 'E', chr(225).chr(187).chr(129) => 'e',
  647. chr(225).chr(187).chr(146) => 'O', chr(225).chr(187).chr(147) => 'o',
  648. chr(225).chr(187).chr(156) => 'O', chr(225).chr(187).chr(157) => 'o',
  649. chr(225).chr(187).chr(170) => 'U', chr(225).chr(187).chr(171) => 'u',
  650. chr(225).chr(187).chr(178) => 'Y', chr(225).chr(187).chr(179) => 'y',
  651. // hook
  652. chr(225).chr(186).chr(162) => 'A', chr(225).chr(186).chr(163) => 'a',
  653. chr(225).chr(186).chr(168) => 'A', chr(225).chr(186).chr(169) => 'a',
  654. chr(225).chr(186).chr(178) => 'A', chr(225).chr(186).chr(179) => 'a',
  655. chr(225).chr(186).chr(186) => 'E', chr(225).chr(186).chr(187) => 'e',
  656. chr(225).chr(187).chr(130) => 'E', chr(225).chr(187).chr(131) => 'e',
  657. chr(225).chr(187).chr(136) => 'I', chr(225).chr(187).chr(137) => 'i',
  658. chr(225).chr(187).chr(142) => 'O', chr(225).chr(187).chr(143) => 'o',
  659. chr(225).chr(187).chr(148) => 'O', chr(225).chr(187).chr(149) => 'o',
  660. chr(225).chr(187).chr(158) => 'O', chr(225).chr(187).chr(159) => 'o',
  661. chr(225).chr(187).chr(166) => 'U', chr(225).chr(187).chr(167) => 'u',
  662. chr(225).chr(187).chr(172) => 'U', chr(225).chr(187).chr(173) => 'u',
  663. chr(225).chr(187).chr(182) => 'Y', chr(225).chr(187).chr(183) => 'y',
  664. // tilde
  665. chr(225).chr(186).chr(170) => 'A', chr(225).chr(186).chr(171) => 'a',
  666. chr(225).chr(186).chr(180) => 'A', chr(225).chr(186).chr(181) => 'a',
  667. chr(225).chr(186).chr(188) => 'E', chr(225).chr(186).chr(189) => 'e',
  668. chr(225).chr(187).chr(132) => 'E', chr(225).chr(187).chr(133) => 'e',
  669. chr(225).chr(187).chr(150) => 'O', chr(225).chr(187).chr(151) => 'o',
  670. chr(225).chr(187).chr(160) => 'O', chr(225).chr(187).chr(161) => 'o',
  671. chr(225).chr(187).chr(174) => 'U', chr(225).chr(187).chr(175) => 'u',
  672. chr(225).chr(187).chr(184) => 'Y', chr(225).chr(187).chr(185) => 'y',
  673. // acute accent
  674. chr(225).chr(186).chr(164) => 'A', chr(225).chr(186).chr(165) => 'a',
  675. chr(225).chr(186).chr(174) => 'A', chr(225).chr(186).chr(175) => 'a',
  676. chr(225).chr(186).chr(190) => 'E', chr(225).chr(186).chr(191) => 'e',
  677. chr(225).chr(187).chr(144) => 'O', chr(225).chr(187).chr(145) => 'o',
  678. chr(225).chr(187).chr(154) => 'O', chr(225).chr(187).chr(155) => 'o',
  679. chr(225).chr(187).chr(168) => 'U', chr(225).chr(187).chr(169) => 'u',
  680. // dot below
  681. chr(225).chr(186).chr(160) => 'A', chr(225).chr(186).chr(161) => 'a',
  682. chr(225).chr(186).chr(172) => 'A', chr(225).chr(186).chr(173) => 'a',
  683. chr(225).chr(186).chr(182) => 'A', chr(225).chr(186).chr(183) => 'a',
  684. chr(225).chr(186).chr(184) => 'E', chr(225).chr(186).chr(185) => 'e',
  685. chr(225).chr(187).chr(134) => 'E', chr(225).chr(187).chr(135) => 'e',
  686. chr(225).chr(187).chr(138) => 'I', chr(225).chr(187).chr(139) => 'i',
  687. chr(225).chr(187).chr(140) => 'O', chr(225).chr(187).chr(141) => 'o',
  688. chr(225).chr(187).chr(152) => 'O', chr(225).chr(187).chr(153) => 'o',
  689. chr(225).chr(187).chr(162) => 'O', chr(225).chr(187).chr(163) => 'o',
  690. chr(225).chr(187).chr(164) => 'U', chr(225).chr(187).chr(165) => 'u',
  691. chr(225).chr(187).chr(176) => 'U', chr(225).chr(187).chr(177) => 'u',
  692. chr(225).chr(187).chr(180) => 'Y', chr(225).chr(187).chr(181) => 'y',
  693. // Vowels with diacritic (Chinese, Hanyu Pinyin)
  694. chr(201).chr(145) => 'a',
  695. // macron
  696. chr(199).chr(149) => 'U', chr(199).chr(150) => 'u',
  697. // acute accent
  698. chr(199).chr(151) => 'U', chr(199).chr(152) => 'u',
  699. // caron
  700. chr(199).chr(141) => 'A', chr(199).chr(142) => 'a',
  701. chr(199).chr(143) => 'I', chr(199).chr(144) => 'i',
  702. chr(199).chr(145) => 'O', chr(199).chr(146) => 'o',
  703. chr(199).chr(147) => 'U', chr(199).chr(148) => 'u',
  704. chr(199).chr(153) => 'U', chr(199).chr(154) => 'u',
  705. // grave accent
  706. chr(199).chr(155) => 'U', chr(199).chr(156) => 'u',
  707. );
  708. $string = strtr($string, $chars);
  709. } else {
  710. // Assume ISO-8859-1 if not UTF-8
  711. $chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
  712. .chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
  713. .chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
  714. .chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
  715. .chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
  716. .chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
  717. .chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
  718. .chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
  719. .chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
  720. .chr(252).chr(253).chr(255);
  721. $chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
  722. $string = strtr($string, $chars['in'], $chars['out']);
  723. $double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
  724. $double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
  725. $string = str_replace($double_chars['in'], $double_chars['out'], $string);
  726. }
  727. return $string;
  728. }
  729. /**
  730. * Sanitizes a filename replacing whitespace with dashes
  731. *
  732. * Removes special characters that are illegal in filenames on certain
  733. * operating systems and special characters requiring special escaping
  734. * to manipulate at the command line. Replaces spaces and consecutive
  735. * dashes with a single dash. Trim period, dash and underscore from beginning
  736. * and end of filename.
  737. *
  738. * @since 2.1.0
  739. *
  740. * @param string $filename The filename to be sanitized
  741. * @return string The sanitized filename
  742. */
  743. function sanitize_file_name( $filename ) {
  744. $filename_raw = $filename;
  745. $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
  746. $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
  747. $filename = str_replace($special_chars, '', $filename);
  748. $filename = preg_replace('/[\s-]+/', '-', $filename);
  749. $filename = trim($filename, '.-_');
  750. // Split the filename into a base and extension[s]
  751. $parts = explode('.', $filename);
  752. // Return if only one extension
  753. if ( count($parts) <= 2 )
  754. return apply_filters('sanitize_file_name', $filename, $filename_raw);
  755. // Process multiple extensions
  756. $filename = array_shift($parts);
  757. $extension = array_pop($parts);
  758. $mimes = get_allowed_mime_types();
  759. // Loop over any intermediate extensions. Munge them with a trailing underscore if they are a 2 - 5 character
  760. // long alpha string not in the extension whitelist.
  761. foreach ( (array) $parts as $part) {
  762. $filename .= '.' . $part;
  763. if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
  764. $allowed = false;
  765. foreach ( $mimes as $ext_preg => $mime_match ) {
  766. $ext_preg = '!^(' . $ext_preg . ')$!i';
  767. if ( preg_match( $ext_preg, $part ) ) {
  768. $allowed = true;
  769. break;
  770. }
  771. }
  772. if ( !$allowed )
  773. $filename .= '_';
  774. }
  775. }
  776. $filename .= '.' . $extension;
  777. return apply_filters('sanitize_file_name', $filename, $filename_raw);
  778. }
  779. /**
  780. * Sanitize username stripping out unsafe characters.
  781. *
  782. * Removes tags, octets, entities, and if strict is enabled, will only keep
  783. * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
  784. * raw username (the username in the parameter), and the value of $strict as
  785. * parameters for the 'sanitize_user' filter.
  786. *
  787. * @since 2.0.0
  788. * @uses apply_filters() Calls 'sanitize_user' hook on username, raw username,
  789. * and $strict parameter.
  790. *
  791. * @param string $username The username to be sanitized.
  792. * @param bool $strict If set limits $username to specific characters. Default false.
  793. * @return string The sanitized username, after passing through filters.
  794. */
  795. function sanitize_user( $username, $strict = false ) {
  796. $raw_username = $username;
  797. $username = wp_strip_all_tags( $username );
  798. $username = remove_accents( $username );
  799. // Kill octets
  800. $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
  801. $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
  802. // If strict, reduce to ASCII for max portability.
  803. if ( $strict )
  804. $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
  805. $username = trim( $username );
  806. // Consolidate contiguous whitespace
  807. $username = preg_replace( '|\s+|', ' ', $username );
  808. return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
  809. }
  810. /**
  811. * Sanitize a string key.
  812. *
  813. * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.
  814. *
  815. * @since 3.0.0
  816. *
  817. * @param string $key String key
  818. * @return string Sanitized key
  819. */
  820. function sanitize_key( $key ) {
  821. $raw_key = $key;
  822. $key = strtolower( $key );
  823. $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
  824. return apply_filters( 'sanitize_key', $key, $raw_key );
  825. }
  826. /**
  827. * Sanitizes title or use fallback title.
  828. *
  829. * Specifically, HTML and PHP tags are stripped. Further actions can be added
  830. * via the plugin API. If $title is empty and $fallback_title is set, the latter
  831. * will be used.
  832. *
  833. * @since 1.0.0
  834. *
  835. * @param string $title The string to be sanitized.
  836. * @param string $fallback_title Optional. A title to use if $title is empty.
  837. * @param string $context Optional. The operation for which the string is sanitized
  838. * @return string The sanitized string.
  839. */
  840. function sanitize_title($title, $fallback_title = '', $context = 'save') {
  841. $raw_title = $title;
  842. if ( 'save' == $context )
  843. $title = remove_accents($title);
  844. $title = apply_filters('sanitize_title', $title, $raw_title, $context);
  845. if ( '' === $title || false === $title )
  846. $title = $fallback_title;
  847. return $title;
  848. }
  849. function sanitize_title_for_query($title) {
  850. return sanitize_title($title, '', 'query');
  851. }
  852. /**
  853. * Sanitizes title, replacing whitespace and a few other characters with dashes.
  854. *
  855. * Limits the output to alphanumeric characters, underscore (_) and dash (-).
  856. * Whitespace becomes a dash.
  857. *
  858. * @since 1.2.0
  859. *
  860. * @param string $title The title to be sanitized.
  861. * @param string $raw_title Optional. Not used.
  862. * @param string $context Optional. The operation for which the string is sanitized.
  863. * @return string The sanitized title.
  864. */
  865. function sanitize_title_with_dashes($title, $raw_title = '', $context = 'display') {
  866. $title = strip_tags($title);
  867. // Preserve escaped octets.
  868. $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
  869. // Remove percent signs that are not part of an octet.
  870. $title = str_replace('%', '', $title);
  871. // Restore octets.
  872. $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
  873. if (seems_utf8($title)) {
  874. if (function_exists('mb_strtolower')) {
  875. $title = mb_strtolower($title, 'UTF-8');
  876. }
  877. $title = utf8_uri_encode($title, 200);
  878. }
  879. $title = strtolower($title);
  880. $title = preg_replace('/&.+?;/', '', $title); // kill entities
  881. $title = str_replace('.', '-', $title);
  882. if ( 'save' == $context ) {
  883. // Convert nbsp, ndash and mdash to hyphens
  884. $title = str_replace( array( '%c2%a0', '%e2%80%93', '%e2%80%94' ), '-', $title );
  885. // Strip these characters entirely
  886. $title = str_replace( array(
  887. // iexcl and iquest
  888. '%c2%a1', '%c2%bf',
  889. // angle quotes
  890. '%c2%ab', '%c2%bb', '%e2%80%b9', '%e2%80%ba',
  891. // curly quotes
  892. '%e2%80%98', '%e2%80%99', '%e2%80%9c', '%e2%80%9d',
  893. '%e2%80%9a', '%e2%80%9b', '%e2%80%9e', '%e2%80%9f',
  894. // copy, reg, deg, hellip and trade
  895. '%c2%a9', '%c2%ae', '%c2%b0', '%e2%80%a6', '%e2%84%a2',
  896. // grave accent, acute accent, macron, caron
  897. '%cc%80', '%cc%81', '%cc%84', '%cc%8c',
  898. ), '', $title );
  899. // Convert times to x
  900. $title = str_replace( '%c3%97', 'x', $title );
  901. }
  902. $title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
  903. $title = preg_replace('/\s+/', '-', $title);
  904. $title = preg_replace('|-+|', '-', $title);
  905. $title = trim($title, '-');
  906. return $title;
  907. }
  908. /**
  909. * Ensures a string is a valid SQL order by clause.
  910. *
  911. * Accepts one or more columns, with or without ASC/DESC, and also accepts
  912. * RAND().
  913. *
  914. * @since 2.5.1
  915. *
  916. * @param string $orderby Order by string to be checked.
  917. * @return string|bool Returns the order by clause if it is a match, false otherwise.
  918. */
  919. function sanitize_sql_orderby( $orderby ){
  920. preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
  921. if ( !$obmatches )
  922. return false;
  923. return $orderby;
  924. }
  925. /**
  926. * Santizes a html classname to ensure it only contains valid characters
  927. *
  928. * Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty
  929. * string then it will return the alternative value supplied.
  930. *
  931. * @todo Expand to support the full range of CDATA that a class attribute can contain.
  932. *
  933. * @since 2.8.0
  934. *
  935. * @param string $class The classname to be sanitized
  936. * @param string $fallback Optional. The value to return if the sanitization end's up as an empty string.
  937. * Defaults to an empty string.
  938. * @return string The sanitized value
  939. */
  940. function sanitize_html_class( $class, $fallback = '' ) {
  941. //Strip out any % encoded octets
  942. $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );
  943. //Limit to A-Z,a-z,0-9,_,-
  944. $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );
  945. if ( '' == $sanitized )
  946. $sanitized = $fallback;
  947. return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
  948. }
  949. /**
  950. * Converts a number of characters from a string.
  951. *
  952. * Metadata tags <<title>> and <<category>> are removed, <<br>> and <<hr>> are
  953. * converted into correct XHTML and Unicode characters are converted to the
  954. * valid range.
  955. *
  956. * @since 0.71
  957. *
  958. * @param string $content String of characters to be converted.
  959. * @param string $deprecated Not used.
  960. * @return string Converted string.
  961. */
  962. function convert_chars($content, $deprecated = '') {
  963. if ( !empty( $deprecated ) )
  964. _deprecated_argument( __FUNCTION__, '0.71' );
  965. // Translation of invalid Unicode references range to valid range
  966. $wp_htmltranswinuni = array(
  967. '&#128;' => '&#8364;', // the Euro sign
  968. '&#129;' => '',
  969. '&#130;' => '&#8218;', // these are Windows CP1252 specific characters
  970. '&#131;' => '&#402;', // they would look weird on non-Windows browsers
  971. '&#132;' => '&#8222;',
  972. '&#133;' => '&#8230;',
  973. '&#134;' => '&#8224;',
  974. '&#135;' => '&#8225;',
  975. '&#136;' => '&#710;',
  976. '&#137;' => '&#8240;',
  977. '&#138;' => '&#352;',
  978. '&#139;' => '&#8249;',
  979. '&#140;' => '&#338;',
  980. '&#141;' => '',
  981. '&#142;' => '&#381;',
  982. '&#143;' => '',
  983. '&#144;' => '',
  984. '&#145;' => '&#8216;',
  985. '&#146;' => '&#8217;',
  986. '&#147;' => '&#8220;',
  987. '&#148;' => '&#8221;',
  988. '&#149;' => '&#8226;',
  989. '&#150;' => '&#8211;',
  990. '&#151;' => '&#8212;',
  991. '&#152;' => '&#732;',
  992. '&#153;' => '&#8482;',
  993. '&#154;' => '&#353;',
  994. '&#155;' => '&#8250;',
  995. '&#156;' => '&#339;',
  996. '&#157;' => '',
  997. '&#158;' => '&#382;',
  998. '&#159;' => '&#376;'
  999. );
  1000. // Remove metadata tags
  1001. $content = preg_replace('/<title>(.+?)<\/title>/','',$content);
  1002. $content = preg_replace('/<category>(.+?)<\/category>/','',$content);
  1003. // Converts lone & characters into &#38; (a.k.a. &amp;)
  1004. $content = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/i', '&#038;$1', $content);
  1005. // Fix Word pasting
  1006. $content = strtr($content, $wp_htmltranswinuni);
  1007. // Just a little XHTML help
  1008. $content = str_replace('<br>', '<br />', $content);
  1009. $content = str_replace('<hr>', '<hr />', $content);
  1010. return $content;
  1011. }
  1012. /**
  1013. * Will only balance the tags if forced to and the option is set to balance tags.
  1014. *
  1015. * The option 'use_balanceTags' is used to determine whether the tags will be balanced.
  1016. *
  1017. * @since 0.71
  1018. *
  1019. * @param string $text Text to be balanced
  1020. * @param bool $force If true, forces balancing, ignoring the value of the option. Default false.
  1021. * @return string Balanced text
  1022. */
  1023. function balanceTags( $text, $force = false ) {
  1024. if ( !$force && get_option('use_balanceTags') == 0 )
  1025. return $text;
  1026. return force_balance_tags( $text );
  1027. }
  1028. /**
  1029. * Balances tags of string using a modified stack.
  1030. *
  1031. * @since 2.0.4
  1032. *
  1033. * @author Leonard Lin <leonard@acm.org>
  1034. * @license GPL
  1035. * @copyright November 4, 2001
  1036. * @version 1.1
  1037. * @todo Make better - change loop condition to $text in 1.2
  1038. * @internal Modified by Scott Reilly (coffee2code) 02 Aug 2004
  1039. * 1.1 Fixed handling of append/stack pop order of end text
  1040. * Added Cleaning Hooks
  1041. * 1.0 First Version
  1042. *
  1043. * @param string $text Text to be balanced.
  1044. * @return string Balanced text.
  1045. */
  1046. function force_balance_tags( $text ) {
  1047. $tagstack = array();
  1048. $stacksize = 0;
  1049. $tagqueue = '';
  1050. $newtext = '';
  1051. // Known single-entity/self-closing tags
  1052. $single_tags = array( 'area', 'base', 'basefont', 'br', 'col', 'command', 'embed', 'frame', 'hr', 'img', 'input', 'isindex', 'link', 'meta', 'param', 'source' );
  1053. // Tags that can be immediately nested within themselves
  1054. $nestable_tags = array( 'blockquote', 'div', 'object', 'q', 'span' );
  1055. // WP bug fix for comments - in case you REALLY meant to type '< !--'
  1056. $text = str_replace('< !--', '< !--', $text);
  1057. // WP bug fix for LOVE <3 (and other situations with '<' before a number)
  1058. $text = preg_replace('#<([0-9]{1})#', '&lt;$1', $text);
  1059. while ( preg_match("/<(\/?[\w:]*)\s*([^>]*)>/", $text, $regex) ) {
  1060. $newtext .= $tagqueue;
  1061. $i = strpos($text, $regex[0]);
  1062. $l = strlen($regex[0]);
  1063. // clear the shifter
  1064. $tagqueue = '';
  1065. // Pop or Push
  1066. if ( isset($regex[1][0]) && '/' == $regex[1][0] ) { // End Tag
  1067. $tag = strtolower(substr($regex[1],1));
  1068. // if too many closing tags
  1069. if( $stacksize <= 0 ) {
  1070. $tag = '';
  1071. // or close to be safe $tag = '/' . $tag;
  1072. }
  1073. // if stacktop value = tag close value then pop
  1074. else if ( $tagstack[$stacksize - 1] == $tag ) { // found closing tag
  1075. $tag = '</' . $tag . '>'; // Close Tag
  1076. // Pop
  1077. array_pop( $tagstack );
  1078. $stacksize--;
  1079. } else { // closing tag not at top, search for it
  1080. for ( $j = $stacksize-1; $j >= 0; $j-- ) {
  1081. if ( $tagstack[$j] == $tag ) {
  1082. // add tag to tagqueue
  1083. for ( $k = $stacksize-1; $k >= $j; $k--) {
  1084. $tagqueue .= '</' . array_pop( $tagstack ) . '>';
  1085. $stacksize--;
  1086. }
  1087. break;
  1088. }
  1089. }
  1090. $tag = '';
  1091. }
  1092. } else { // Begin Tag
  1093. $tag = strtolower($regex[1]);
  1094. // Tag Cleaning
  1095. // If it's an empty tag "< >", do nothing
  1096. if ( '' == $tag ) {
  1097. // do nothing
  1098. }
  1099. // ElseIf it presents itself as a self-closing tag...
  1100. elseif ( substr( $regex[2], -1 ) == '/' ) {
  1101. // ...but it isn't a known single-entity self-closing tag, then don't let it be treated as such and
  1102. // immediately close it with a closing tag (the tag will encapsulate no text as a result)
  1103. if ( ! in_array( $tag, $single_tags ) )
  1104. $regex[2] = trim( substr( $regex[2], 0, -1 ) ) . "></$tag";
  1105. }
  1106. // ElseIf it's a known single-entity tag but it doesn't close itself, do so
  1107. elseif ( in_array($tag, $single_tags) ) {
  1108. $regex[2] .= '/';
  1109. }
  1110. // Else it's not a single-entity tag
  1111. else {
  1112. // If the top of the stack is the same as the tag we want to push, close previous tag
  1113. if ( $stacksize > 0 && !in_array($tag, $nestable_tags) && $tagstack[$stacksize - 1] == $tag ) {
  1114. $tagqueue = '</' . array_pop( $tagstack ) . '>';
  1115. $stacksize--;
  1116. }
  1117. $stacksize = array_push( $tagstack, $tag );
  1118. }
  1119. // Attributes
  1120. $attributes = $regex[2];
  1121. if( ! empty( $attributes ) && $attributes[0] != '>' )
  1122. $attributes = ' ' . $attributes;
  1123. $tag = '<' . $tag . $attributes . '>';
  1124. //If already queuing a close tag, then put this tag on, too
  1125. if ( !empty($tagqueue) ) {
  1126. $tagqueue .= $tag;
  1127. $tag = '';
  1128. }
  1129. }
  1130. $newtext .= substr($text, 0, $i) . $tag;
  1131. $text = substr($text, $i + $l);
  1132. }
  1133. // Clear Tag Queue
  1134. $newtext .= $tagqueue;
  1135. // Add Remaining text
  1136. $newtext .= $text;
  1137. // Empty Stack
  1138. while( $x = array_pop($tagstack) )
  1139. $newtext .= '</' . $x . '>'; // Add remaining tags to close
  1140. // WP fix for the bug with HTML comments
  1141. $newtext = str_replace("< !--","<!--",$newtext);
  1142. $newtext = str_replace("< !--","< !--",$newtext);
  1143. return $newtext;
  1144. }
  1145. /**
  1146. * Acts on text which is about to be edited.
  1147. *
  1148. * The $content is run through esc_textarea(), which uses htmlspecialchars()
  1149. * to convert special characters to HTML entities. If $richedit is set to true,
  1150. * it is simply a holder for the 'format_to_edit' filter.
  1151. *
  1152. * @since 0.71
  1153. *
  1154. * @param string $content The text about to be edited.
  1155. * @param bool $richedit Whether the $content should not pass through htmlspecialchars(). Default false (meaning it will be passed).
  1156. * @return string The text after the filter (and possibly htmlspecialchars()) has been run.
  1157. */
  1158. function format_to_edit( $content, $richedit = false ) {
  1159. $content = apply_filters( 'format_to_edit', $content );
  1160. if ( ! $richedit )
  1161. $content = esc_textarea( $content );
  1162. return $content;
  1163. }
  1164. /**
  1165. * Holder for the 'format_to_post' filter.
  1166. *
  1167. * @since 0.71
  1168. *
  1169. * @param string $content The text to pass through the filter.
  1170. * @return string Text returned from the 'format_to_post' filter.
  1171. */
  1172. function format_to_post($content) {
  1173. $content = apply_filters('format_to_post', $content);
  1174. return $content;
  1175. }
  1176. /**
  1177. * Add leading zeros when necessary.
  1178. *
  1179. * If you set the threshold to '4' and the number is '10', then you will get
  1180. * back '0010'. If you set the threshold to '4' and the number is '5000', then you
  1181. * will get back '5000'.
  1182. *
  1183. * Uses sprintf to append the amount of zeros based on the $threshold parameter
  1184. * and the size of the number. If the number is large enough, then no zeros will
  1185. * be appended.
  1186. *
  1187. * @since 0.71
  1188. *
  1189. * @param mixed $number Number to append zeros to if not greater than threshold.
  1190. * @param int $threshold Digit places number needs to be to not have zeros added.
  1191. * @return string Adds leading zeros to number if needed.
  1192. */
  1193. function zeroise($number, $threshold) {
  1194. return sprintf('%0'.$threshold.'s', $number);
  1195. }
  1196. /**
  1197. * Adds backslashes before letters and before a number at the start of a string.
  1198. *
  1199. * @since 0.71
  1200. *
  1201. * @param string $string Value to which backslashes will be added.
  1202. * @return string String with backslashes inserted.
  1203. */
  1204. function backslashit($string) {
  1205. $string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
  1206. $string = preg_replace('/([a-z])/i', '\\\\\1', $string);
  1207. return $string;
  1208. }
  1209. /**
  1210. * Appends a trailing slash.
  1211. *
  1212. * Will remove trailing slash if it exists already before adding a trailing
  1213. * slash. This prevents double slashing a string or path.
  1214. *
  1215. * The primary use of this is for paths and thus should be used for paths. It is
  1216. * not restricted to paths and offers no specific path support.
  1217. *
  1218. * @since 1.2.0
  1219. * @uses untrailingslashit() Unslashes string if it was slashed already.
  1220. *
  1221. * @param string $string What to add the trailing slash to.
  1222. * @return string String with trailing slash added.
  1223. */
  1224. function trailingslashit($string) {
  1225. return untrailingslashit($string) . '/';
  1226. }
  1227. /**
  1228. * Removes trailing slash if it exists.
  1229. *
  1230. * The primary use of this is for paths and thus should be used for paths. It is
  1231. * not restricted to paths and offers no specific path support.
  1232. *
  1233. * @since 2.2.0
  1234. *
  1235. * @param string $string What to remove the trailing slash from.
  1236. * @return string String without the trailing slash.
  1237. */
  1238. function untrailingslashit($string) {
  1239. return rtrim($string, '/');
  1240. }
  1241. /**
  1242. * Adds slashes to escape strings.
  1243. *
  1244. * Slashes will first be removed if magic_quotes_gpc is set, see {@link
  1245. * http://www.php.net/magic_quotes} for more details.
  1246. *
  1247. * @since 0.71
  1248. *
  1249. * @param string $gpc The string returned from HTTP request data.
  1250. * @return string Returns a string escaped with slashes.
  1251. */
  1252. function addslashes_gpc($gpc) {
  1253. if ( get_magic_quotes_gpc() )
  1254. $gpc = stripslashes($gpc);
  1255. return esc_sql($gpc);
  1256. }
  1257. /**
  1258. * Navigates through an array and removes slashes from the values.
  1259. *
  1260. * If an array is passed, the array_map() function causes a callback to pass the
  1261. * value back to the function. The slashes from this value will removed.
  1262. *
  1263. * @since 2.0.0
  1264. *
  1265. * @param mixed $value The value to be stripped.
  1266. * @return mixed Stripped value.
  1267. */
  1268. function stripslashes_deep($value) {
  1269. if ( is_array($value) ) {
  1270. $value = array_map('stripslashes_deep', $value);
  1271. } elseif ( is_object($value) ) {
  1272. $vars = get_object_vars( $value );
  1273. foreach ($vars as $key=>$data) {
  1274. $value->{$key} = stripslashes_deep( $data );
  1275. }
  1276. } elseif ( is_string( $value ) ) {
  1277. $value = stripslashes($value);
  1278. }
  1279. return $value;
  1280. }
  1281. /**
  1282. * Navigates through an array and encodes the values to be used in a URL.
  1283. *
  1284. *
  1285. * @since 2.2.0
  1286. *
  1287. * @param array|string $value The array or string to be encoded.
  1288. * @return array|string $value The encoded array (or string from the callback).
  1289. */
  1290. function urlencode_deep($value) {
  1291. $value = is_array($value) ? array_map('urlencode_deep', $value) : urlencode($value);
  1292. return $value;
  1293. }
  1294. /**
  1295. * Navigates through an array and raw encodes the values to be used in a URL.
  1296. *
  1297. * @since 3.4.0
  1298. *
  1299. * @param array|string $value The array or string to be encoded.
  1300. * @return array|string $value The encoded array (or string from the callback).
  1301. */
  1302. function rawurlencode_deep( $value ) {
  1303. return is_array( $value ) ? array_map( 'rawurlencode_deep', $value ) : rawurlencode( $value );
  1304. }
  1305. /**
  1306. * Converts email addresses characters to HTML entities to block spam bots.
  1307. *
  1308. * @since 0.71
  1309. *
  1310. * @param string $emailaddy Email address.
  1311. * @param int $mailto Optional. Range from 0 to 1. Used for encoding.
  1312. * @return string Converted email address.
  1313. */
  1314. function antispambot($emailaddy, $mailto=0) {
  1315. $emailNOSPAMaddy = '';
  1316. srand ((float) microtime() * 1000000);
  1317. for ($i = 0; $i < strlen($emailaddy); $i = $i + 1) {
  1318. $j = floor(rand(0, 1+$mailto));
  1319. if ($j==0) {
  1320. $emailNOSPAMaddy .= '&#'.ord(substr($emailaddy,$i,1)).';';
  1321. } elseif ($j==1) {
  1322. $emailNOSPAMaddy .= substr($emailaddy,$i,1);
  1323. } elseif ($j==2) {
  1324. $emailNOSPAMaddy .= '%'.zeroise(dechex(ord(substr($emailaddy, $i, 1))), 2);
  1325. }
  1326. }
  1327. $emailNOSPAMaddy = str_replace('@','&#64;',$emailNOSPAMaddy);
  1328. return $emailNOSPAMaddy;
  1329. }
  1330. /**
  1331. * Callback to convert URI match to HTML A element.
  1332. *
  1333. * This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
  1334. * make_clickable()}.
  1335. *
  1336. * @since 2.3.2
  1337. * @access private
  1338. *
  1339. * @param array $matches Single Regex Match.
  1340. * @return string HTML A element with URI address.
  1341. */
  1342. function _make_url_clickable_cb($matches) {
  1343. $url = $matches[2];
  1344. if ( ')' == $matches[3] && strpos( $url, '(' ) ) {
  1345. // If the trailing character is a closing parethesis, and the URL has an opening parenthesis in it, add the closing parenthesis to the URL.
  1346. // Then we can let the parenthesis balancer do its thing below.
  1347. $url .= $matches[3];
  1348. $suffix = '';
  1349. } else {
  1350. $suffix = $matches[3];
  1351. }
  1352. // Include parentheses in the URL only if paired
  1353. while ( substr_count( $url, '(' ) < substr_count( $url, ')' ) ) {
  1354. $suffix = strrchr( $url, ')' ) . $suffix;
  1355. $url = substr( $url, 0, strrpos( $url, ')' ) );
  1356. }
  1357. $url = esc_url($url);
  1358. if ( empty($url) )
  1359. return $matches[0];
  1360. return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>" . $suffix;
  1361. }
  1362. /**
  1363. * Callback to convert URL match to HTML A element.
  1364. *
  1365. * This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
  1366. * make_clickable()}.
  1367. *
  1368. * @since 2.3.2
  1369. * @access private
  1370. *
  1371. * @param array $matches Single Regex Match.
  1372. * @return string HTML A element with URL address.
  1373. */
  1374. function _make_web_ftp_clickable_cb($matches) {
  1375. $ret = '';
  1376. $dest = $matches[2];
  1377. $dest = 'http://' . $dest;
  1378. $dest = esc_url($dest);
  1379. if ( empty($dest) )
  1380. return $matches[0];
  1381. // removed trailing [.,;:)] from URL
  1382. if ( in_array( substr($dest, -1), array('.', ',', ';', ':', ')') ) === true ) {
  1383. $ret = substr($dest, -1);
  1384. $dest = substr($dest, 0, strlen($dest)-1);
  1385. }
  1386. return $matches[1] . "<a href=\"$dest\" rel=\"nofollow\">$dest</a>$ret";
  1387. }
  1388. /**
  1389. * Callback to convert email address match to HTML A element.
  1390. *
  1391. * This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
  1392. * make_clickable()}.
  1393. *
  1394. * @since 2.3.2
  1395. * @access private
  1396. *
  1397. * @param array $matches Single Regex Match.
  1398. * @return string HTML A element with email address.
  1399. */
  1400. function _make_email_clickable_cb($matches) {
  1401. $email = $matches[2] . '@' . $matches[3];
  1402. return $matches[1] . "<a href=\"mailto:$email\">$email</a>";
  1403. }
  1404. /**
  1405. * Convert plaintext URI to HTML links.
  1406. *
  1407. * Converts URI, www and ftp, and email addresses. Finishes by fixing links
  1408. * within links.
  1409. *
  1410. * @since 0.71
  1411. *
  1412. * @param string $text Content to convert URIs.
  1413. * @return string Content with converted URIs.
  1414. */
  1415. function make_clickable( $text ) {
  1416. $r = '';
  1417. $textarr = preg_split( '/(<[^<>]+>)/', $text, -1, PREG_SPLIT_DELIM_CAPTURE ); // split out HTML tags
  1418. foreach ( $textarr as $piece ) {
  1419. if ( empty( $piece ) || ( $piece[0] == '<' && ! preg_match('|^<\s*[\w]{1,20}+://|', $piece) ) ) {
  1420. $r .= $piece;
  1421. continue;
  1422. }
  1423. // Long strings might contain expensive edge cases ...
  1424. if ( 10000 < strlen( $piece ) ) {
  1425. // ... break it up
  1426. foreach ( _split_str_by_whitespace( $piece, 2100 ) as $chunk ) { // 2100: Extra room for scheme and leading and trailing paretheses
  1427. if ( 2101 < strlen( $chunk ) ) {
  1428. $r .= $chunk; // Too big, no whitespace: bail.
  1429. } else {
  1430. $r .= make_clickable( $chunk );
  1431. }
  1432. }
  1433. } else {
  1434. $ret = " $piece "; // Pad with whitespace to simplify the regexes
  1435. $url_clickable = '~
  1436. ([\\s(<.,;:!?]) # 1: Leading whitespace, or punctuation
  1437. ( # 2: URL
  1438. [\\w]{1,20}+:// # Scheme and hier-part prefix
  1439. (?=\S{1,2000}\s) # Limit to URLs less than about 2000 characters long
  1440. [\\w\\x80-\\xff#%\\~/@\\[\\]*(+=&$-]*+ # Non-punctuation URL character
  1441. (?: # Unroll the Loop: Only allow puctuation URL character if followed by a non-punctuation URL character
  1442. [\'.,;:!?)] # Punctuation URL character
  1443. [\\w\\x80-\\xff#%\\~/@\\[\\]*(+=&$-]++ # Non-punctuation URL character
  1444. )*
  1445. )
  1446. (\)?) # 3: Trailing closing parenthesis (for parethesis balancing post processing)
  1447. ~xS'; // The regex is a non-anchored pattern and does not have a single fixed starting character.
  1448. // Tell PCRE to spend more time optimizing since, when used on a page load, it will probably be used several times.
  1449. $ret = preg_replace_callback( $url_clickable, '_make_url_clickable_cb', $ret );
  1450. $ret = preg_replace_callback( '#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]+)#is', '_make_web_ftp_clickable_cb', $ret );
  1451. $ret = preg_replace_callback( '#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret );
  1452. $ret = substr( $ret, 1, -1 ); // Remove our whitespace padding.
  1453. $r .= $ret;
  1454. }
  1455. }
  1456. // Cleanup of accidental links within links
  1457. $r = preg_replace( '#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i', "$1$3</a>", $r );
  1458. return $r;
  1459. }
  1460. /**
  1461. * Breaks a string into chunks by splitting at whitespace characters.
  1462. * The length of each returned chunk is as close to the specified length goal as possible,
  1463. * with the caveat that each chunk includes its trailing delimiter.
  1464. * Chunks longer than the goal are guaranteed to not have any inner whitespace.
  1465. *
  1466. * Joining the returned chunks with empty delimiters reconstructs the input string losslessly.
  1467. *
  1468. * Input string must have no null characters (or eventual transformations on output chunks must not care about null characters)
  1469. *
  1470. * <code>
  1471. * _split_str_by_whitespace( "1234 67890 1234 67890a cd 1234 890 123456789 1234567890a 45678 1 3 5 7 90 ", 10 ) ==
  1472. * array (
  1473. * 0 => '1234 67890 ', // 11 characters: Perfect split
  1474. * 1 => '1234 ', // 5 characters: '1234 67890a' was too long
  1475. * 2 => '67890a cd ', // 10 characters: '67890a cd 1234' was too long
  1476. * 3 => '1234 890 ', // 11 characters: Perfect split
  1477. * 4 => '123456789 ', // 10 characters: '123456789 1234567890a' was too long
  1478. * 5 => '1234567890a ', // 12 characters: Too long, but no inner whitespace on which to split
  1479. * 6 => ' 45678 ', // 11 characters: Perfect split
  1480. * 7 => '1 3 5 7 9', // 9 characters: End of $string
  1481. * );
  1482. * </code>
  1483. *
  1484. * @since 3.4.0
  1485. * @access private
  1486. *
  1487. * @param string $string The string to split.
  1488. * @param int $goal The desired chunk length.
  1489. * @return array Numeric array of chunks.
  1490. */
  1491. function _split_str_by_whitespace( $string, $goal ) {
  1492. $chunks = array();
  1493. $string_nullspace = strtr( $string, "\r\n\t\v\f ", "\000\000\000\000\000\000" );
  1494. while ( $goal < strlen( $string_nullspace ) ) {
  1495. $pos = strrpos( substr( $string_nullspace, 0, $goal + 1 ), "\000" );
  1496. if ( false === $pos ) {
  1497. $pos = strpos( $string_nullspace, "\000", $goal + 1 );
  1498. if ( false === $pos ) {
  1499. break;
  1500. }
  1501. }
  1502. $chunks[] = substr( $string, 0, $pos + 1 );
  1503. $string = substr( $string, $pos + 1 );
  1504. $string_nullspace = substr( $string_nullspace, $pos + 1 );
  1505. }
  1506. if ( $string ) {
  1507. $chunks[] = $string;
  1508. }
  1509. return $chunks;
  1510. }
  1511. /**
  1512. * Adds rel nofollow string to all HTML A elements in content.
  1513. *
  1514. * @since 1.5.0
  1515. *
  1516. * @param string $text Content that may contain HTML A elements.
  1517. * @return string Converted content.
  1518. */
  1519. function wp_rel_nofollow( $text ) {
  1520. // This is a pre save filter, so text is already escaped.
  1521. $text = stripslashes($text);
  1522. $text = preg_replace_callback('|<a (.+?)>|i', 'wp_rel_nofollow_callback', $text);
  1523. $text = esc_sql($text);
  1524. return $text;
  1525. }
  1526. /**
  1527. * Callback to used to add rel=nofollow string to HTML A element.
  1528. *
  1529. * Will remove already existing rel="nofollow" and rel='nofollow' from the
  1530. * string to prevent from invalidating (X)HTML.
  1531. *
  1532. * @since 2.3.0
  1533. *
  1534. * @param array $matches Single Match
  1535. * @return string HTML A Element with rel nofollow.
  1536. */
  1537. function wp_rel_nofollow_callback( $matches ) {
  1538. $text = $matches[1];
  1539. $text = str_replace(array(' rel="nofollow"', " rel='nofollow'"), '', $text);
  1540. return "<a $text rel=\"nofollow\">";
  1541. }
  1542. /**
  1543. * Convert one smiley code to the icon graphic file equivalent.
  1544. *
  1545. * Looks up one smiley code in the $wpsmiliestrans global array and returns an
  1546. * <img> string for that smiley.
  1547. *
  1548. * @global array $wpsmiliestrans
  1549. * @since 2.8.0
  1550. *
  1551. * @param string $smiley Smiley code to convert to image.
  1552. * @return string Image string for smiley.
  1553. */
  1554. function translate_smiley($smiley) {
  1555. global $wpsmiliestrans;
  1556. if (count($smiley) == 0) {
  1557. return '';
  1558. }
  1559. $smiley = trim(reset($smiley));
  1560. $img = $wpsmiliestrans[$smiley];
  1561. $smiley_masked = esc_attr($smiley);
  1562. $srcurl = apply_filters('smilies_src', includes_url("images/smilies/$img"), $img, site_url());
  1563. return " <img src='$srcurl' alt='$smiley_masked' class='wp-smiley' /> ";
  1564. }
  1565. /**
  1566. * Convert text equivalent of smilies to images.
  1567. *
  1568. * Will only convert smilies if the option 'use_smilies' is true and the global
  1569. * used in the function isn't empty.
  1570. *
  1571. * @since 0.71
  1572. * @uses $wp_smiliessearch
  1573. *
  1574. * @param string $text Content to convert smilies from text.
  1575. * @return string Converted content with text smilies replaced with images.
  1576. */
  1577. function convert_smilies($text) {
  1578. global $wp_smiliessearch;
  1579. $output = '';
  1580. if ( get_option('use_smilies') && !empty($wp_smiliessearch) ) {
  1581. // HTML loop taken from texturize function, could possible be consolidated
  1582. $textarr = preg_split("/(<.*>)/U", $text, -1, PREG_SPLIT_DELIM_CAPTURE); // capture the tags as well as in between
  1583. $stop = count($textarr);// loop stuff
  1584. for ($i = 0; $i < $stop; $i++) {
  1585. $content = $textarr[$i];
  1586. if ((strlen($content) > 0) && ('<' != $content[0])) { // If it's not a tag
  1587. $content = preg_replace_callback($wp_smiliessearch, 'translate_smiley', $content);
  1588. }
  1589. $output .= $content;
  1590. }
  1591. } else {
  1592. // return default text.
  1593. $output = $text;
  1594. }
  1595. return $output;
  1596. }
  1597. /**
  1598. * Verifies that an email is valid.
  1599. *
  1600. * Does not grok i18n domains. Not RFC compliant.
  1601. *
  1602. * @since 0.71
  1603. *
  1604. * @param string $email Email address to verify.
  1605. * @param boolean $deprecated Deprecated.
  1606. * @return string|bool Either false or the valid email address.
  1607. */
  1608. function is_email( $email, $deprecated = false ) {
  1609. if ( ! empty( $deprecated ) )
  1610. _deprecated_argument( __FUNCTION__, '3.0' );
  1611. // Test for the minimum length the email can be
  1612. if ( strlen( $email ) < 3 ) {
  1613. return apply_filters( 'is_email', false, $email, 'email_too_short' );
  1614. }
  1615. // Test for an @ character after the first position
  1616. if ( strpos( $email, '@', 1 ) === false ) {
  1617. return apply_filters( 'is_email', false, $email, 'email_no_at' );
  1618. }
  1619. // Split out the local and domain parts
  1620. list( $local, $domain ) = explode( '@', $email, 2 );
  1621. // LOCAL PART
  1622. // Test for invalid characters
  1623. if ( !preg_match( '/^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+$/', $local ) ) {
  1624. return apply_filters( 'is_email', false, $email, 'local_invalid_chars' );
  1625. }
  1626. // DOMAIN PART
  1627. // Test for sequences of periods
  1628. if ( preg_match( '/\.{2,}/', $domain ) ) {
  1629. return apply_filters( 'is_email', false, $email, 'domain_period_sequence' );
  1630. }
  1631. // Test for leading and trailing periods and whitespace
  1632. if ( trim( $domain, " \t\n\r\0\x0B." ) !== $domain ) {
  1633. return apply_filters( 'is_email', false, $email, 'domain_period_limits' );
  1634. }
  1635. // Split the domain into subs
  1636. $subs = explode( '.', $domain );
  1637. // Assume the domain will have at least two subs
  1638. if ( 2 > count( $subs ) ) {
  1639. return apply_filters( 'is_email', false, $email, 'domain_no_periods' );
  1640. }
  1641. // Loop through each sub
  1642. foreach ( $subs as $sub ) {
  1643. // Test for leading and trailing hyphens and whitespace
  1644. if ( trim( $sub, " \t\n\r\0\x0B-" ) !== $sub ) {
  1645. return apply_filters( 'is_email', false, $email, 'sub_hyphen_limits' );
  1646. }
  1647. // Test for invalid characters
  1648. if ( !preg_match('/^[a-z0-9-]+$/i', $sub ) ) {
  1649. return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' );
  1650. }
  1651. }
  1652. // Congratulations your email made it!
  1653. return apply_filters( 'is_email', $email, $email, null );
  1654. }
  1655. /**
  1656. * Convert to ASCII from email subjects.
  1657. *
  1658. * @since 1.2.0
  1659. *
  1660. * @param string $string Subject line
  1661. * @return string Converted string to ASCII
  1662. */
  1663. function wp_iso_descrambler($string) {
  1664. /* this may only work with iso-8859-1, I'm afraid */
  1665. if (!preg_match('#\=\?(.+)\?Q\?(.+)\?\=#i', $string, $matches)) {
  1666. return $string;
  1667. } else {
  1668. $subject = str_replace('_', ' ', $matches[2]);
  1669. $subject = preg_replace_callback('#\=([0-9a-f]{2})#i', '_wp_iso_convert', $subject);
  1670. return $subject;
  1671. }
  1672. }
  1673. /**
  1674. * Helper function to convert hex encoded chars to ASCII
  1675. *
  1676. * @since 3.1.0
  1677. * @access private
  1678. * @param array $match The preg_replace_callback matches array
  1679. * @return array Converted chars
  1680. */
  1681. function _wp_iso_convert( $match ) {
  1682. return chr( hexdec( strtolower( $match[1] ) ) );
  1683. }
  1684. /**
  1685. * Returns a date in the GMT equivalent.
  1686. *
  1687. * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
  1688. * value of the 'gmt_offset' option. Return format can be overridden using the
  1689. * $format parameter. The DateTime and DateTimeZone classes are used to respect
  1690. * time zone differences in DST.
  1691. *
  1692. * @since 1.2.0
  1693. *
  1694. * @uses get_option() to retrieve the the value of 'gmt_offset'.
  1695. * @param string $string The date to be converted.
  1696. * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
  1697. * @return string GMT version of the date provided.
  1698. */
  1699. function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
  1700. preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
  1701. if ( ! $matches )
  1702. return date( $format, 0 );
  1703. $tz = get_option('timezone_string');
  1704. if ( $tz ) {
  1705. date_default_timezone_set( $tz );
  1706. $datetime = date_create( $string );
  1707. if ( ! $datetime )
  1708. return date( $format, 0 );
  1709. $datetime->setTimezone( new DateTimeZone('UTC') );
  1710. $offset = $datetime->getOffset();
  1711. $datetime->modify( '+' . $offset / HOUR_IN_SECONDS . ' hours');
  1712. $string_gmt = gmdate($format, $datetime->format('U'));
  1713. date_default_timezone_set('UTC');
  1714. } else {
  1715. $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
  1716. $string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * HOUR_IN_SECONDS);
  1717. }
  1718. return $string_gmt;
  1719. }
  1720. /**
  1721. * Converts a GMT date into the correct format for the blog.
  1722. *
  1723. * Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
  1724. * gmt_offset.Return format can be overridden using the $format parameter
  1725. *
  1726. * @since 1.2.0
  1727. *
  1728. * @param string $string The date to be converted.
  1729. * @param string $format The format string for the returned date (default is Y-m-d H:i:s)
  1730. * @return string Formatted date relative to the GMT offset.
  1731. */
  1732. function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') {
  1733. preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
  1734. $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
  1735. $string_localtime = gmdate($format, $string_time + get_option('gmt_offset') * HOUR_IN_SECONDS);
  1736. return $string_localtime;
  1737. }
  1738. /**
  1739. * Computes an offset in seconds from an iso8601 timezone.
  1740. *
  1741. * @since 1.5.0
  1742. *
  1743. * @param string $timezone Either 'Z' for 0 offset or '±hhmm'.
  1744. * @return int|float The offset in seconds.
  1745. */
  1746. function iso8601_timezone_to_offset($timezone) {
  1747. // $timezone is either 'Z' or '[+|-]hhmm'
  1748. if ($timezone == 'Z') {
  1749. $offset = 0;
  1750. } else {
  1751. $sign = (substr($timezone, 0, 1) == '+') ? 1 : -1;
  1752. $hours = intval(substr($timezone, 1, 2));
  1753. $minutes = intval(substr($timezone, 3, 4)) / 60;
  1754. $offset = $sign * HOUR_IN_SECONDS * ($hours + $minutes);
  1755. }
  1756. return $offset;
  1757. }
  1758. /**
  1759. * Converts an iso8601 date to MySQL DateTime format used by post_date[_gmt].
  1760. *
  1761. * @since 1.5.0
  1762. *
  1763. * @param string $date_string Date and time in ISO 8601 format {@link http://en.wikipedia.org/wiki/ISO_8601}.
  1764. * @param string $timezone Optional. If set to GMT returns the time minus gmt_offset. Default is 'user'.
  1765. * @return string The date and time in MySQL DateTime format - Y-m-d H:i:s.
  1766. */
  1767. function iso8601_to_datetime($date_string, $timezone = 'user') {
  1768. $timezone = strtolower($timezone);
  1769. if ($timezone == 'gmt') {
  1770. preg_match('#([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(Z|[\+|\-][0-9]{2,4}){0,1}#', $date_string, $date_bits);
  1771. if (!empty($date_bits[7])) { // we have a timezone, so let's compute an offset
  1772. $offset = iso8601_timezone_to_offset($date_bits[7]);
  1773. } else { // we don't have a timezone, so we assume user local timezone (not server's!)
  1774. $offset = HOUR_IN_SECONDS * get_option('gmt_offset');
  1775. }
  1776. $timestamp = gmmktime($date_bits[4], $date_bits[5], $date_bits[6], $date_bits[2], $date_bits[3], $date_bits[1]);
  1777. $timestamp -= $offset;
  1778. return gmdate('Y-m-d H:i:s', $timestamp);
  1779. } else if ($timezone == 'user') {
  1780. return preg_replace('#([0-9]{4})([0-9]{2})([0-9]{2})T([0-9]{2}):([0-9]{2}):([0-9]{2})(Z|[\+|\-][0-9]{2,4}){0,1}#', '$1-$2-$3 $4:$5:$6', $date_string);
  1781. }
  1782. }
  1783. /**
  1784. * Adds a element attributes to open links in new windows.
  1785. *
  1786. * Comment text in popup windows should be filtered through this. Right now it's
  1787. * a moderately dumb function, ideally it would detect whether a target or rel
  1788. * attribute was already there and adjust its actions accordingly.
  1789. *
  1790. * @since 0.71
  1791. *
  1792. * @param string $text Content to replace links to open in a new window.
  1793. * @return string Content that has filtered links.
  1794. */
  1795. function popuplinks($text) {
  1796. $text = preg_replace('/<a (.+?)>/i', "<a $1 target='_blank' rel='external'>", $text);
  1797. return $text;
  1798. }
  1799. /**
  1800. * Strips out all characters that are not allowable in an email.
  1801. *
  1802. * @since 1.5.0
  1803. *
  1804. * @param string $email Email address to filter.
  1805. * @return string Filtered email address.
  1806. */
  1807. function sanitize_email( $email ) {
  1808. // Test for the minimum length the email can be
  1809. if ( strlen( $email ) < 3 ) {
  1810. return apply_filters( 'sanitize_email', '', $email, 'email_too_short' );
  1811. }
  1812. // Test for an @ character after the first position
  1813. if ( strpos( $email, '@', 1 ) === false ) {
  1814. return apply_filters( 'sanitize_email', '', $email, 'email_no_at' );
  1815. }
  1816. // Split out the local and domain parts
  1817. list( $local, $domain ) = explode( '@', $email, 2 );
  1818. // LOCAL PART
  1819. // Test for invalid characters
  1820. $local = preg_replace( '/[^a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]/', '', $local );
  1821. if ( '' === $local ) {
  1822. return apply_filters( 'sanitize_email', '', $email, 'local_invalid_chars' );
  1823. }
  1824. // DOMAIN PART
  1825. // Test for sequences of periods
  1826. $domain = preg_replace( '/\.{2,}/', '', $domain );
  1827. if ( '' === $domain ) {
  1828. return apply_filters( 'sanitize_email', '', $email, 'domain_period_sequence' );
  1829. }
  1830. // Test for leading and trailing periods and whitespace
  1831. $domain = trim( $domain, " \t\n\r\0\x0B." );
  1832. if ( '' === $domain ) {
  1833. return apply_filters( 'sanitize_email', '', $email, 'domain_period_limits' );
  1834. }
  1835. // Split the domain into subs
  1836. $subs = explode( '.', $domain );
  1837. // Assume the domain will have at least two subs
  1838. if ( 2 > count( $subs ) ) {
  1839. return apply_filters( 'sanitize_email', '', $email, 'domain_no_periods' );
  1840. }
  1841. // Create an array that will contain valid subs
  1842. $new_subs = array();
  1843. // Loop through each sub
  1844. foreach ( $subs as $sub ) {
  1845. // Test for leading and trailing hyphens
  1846. $sub = trim( $sub, " \t\n\r\0\x0B-" );
  1847. // Test for invalid characters
  1848. $sub = preg_replace( '/[^a-z0-9-]+/i', '', $sub );
  1849. // If there's anything left, add it to the valid subs
  1850. if ( '' !== $sub ) {
  1851. $new_subs[] = $sub;
  1852. }
  1853. }
  1854. // If there aren't 2 or more valid subs
  1855. if ( 2 > count( $new_subs ) ) {
  1856. return apply_filters( 'sanitize_email', '', $email, 'domain_no_valid_subs' );
  1857. }
  1858. // Join valid subs into the new domain
  1859. $domain = join( '.', $new_subs );
  1860. // Put the email back together
  1861. $email = $local . '@' . $domain;
  1862. // Congratulations your email made it!
  1863. return apply_filters( 'sanitize_email', $email, $email, null );
  1864. }
  1865. /**
  1866. * Determines the difference between two timestamps.
  1867. *
  1868. * The difference is returned in a human readable format such as "1 hour",
  1869. * "5 mins", "2 days".
  1870. *
  1871. * @since 1.5.0
  1872. *
  1873. * @param int $from Unix timestamp from which the difference begins.
  1874. * @param int $to Optional. Unix timestamp to end the time difference. Default becomes time() if not set.
  1875. * @return string Human readable time difference.
  1876. */
  1877. function human_time_diff( $from, $to = '' ) {
  1878. if ( empty( $to ) )
  1879. $to = time();
  1880. $diff = (int) abs( $to - $from );
  1881. if ( $diff <= HOUR_IN_SECONDS ) {
  1882. $mins = round( $diff / MINUTE_IN_SECONDS );
  1883. if ( $mins <= 1 ) {
  1884. $mins = 1;
  1885. }
  1886. /* translators: min=minute */
  1887. $since = sprintf( _n( '%s min', '%s mins', $mins ), $mins );
  1888. } elseif ( ( $diff <= DAY_IN_SECONDS ) && ( $diff > HOUR_IN_SECONDS ) ) {
  1889. $hours = round( $diff / HOUR_IN_SECONDS );
  1890. if ( $hours <= 1 ) {
  1891. $hours = 1;
  1892. }
  1893. $since = sprintf( _n( '%s hour', '%s hours', $hours ), $hours );
  1894. } elseif ( $diff >= DAY_IN_SECONDS ) {
  1895. $days = round( $diff / DAY_IN_SECONDS );
  1896. if ( $days <= 1 ) {
  1897. $days = 1;
  1898. }
  1899. $since = sprintf( _n( '%s day', '%s days', $days ), $days );
  1900. }
  1901. return $since;
  1902. }
  1903. /**
  1904. * Generates an excerpt from the content, if needed.
  1905. *
  1906. * The excerpt word amount will be 55 words and if the amount is greater than
  1907. * that, then the string ' [...]' will be appended to the excerpt. If the string
  1908. * is less than 55 words, then the content will be returned as is.
  1909. *
  1910. * The 55 word limit can be modified by plugins/themes using the excerpt_length filter
  1911. * The ' [...]' string can be modified by plugins/themes using the excerpt_more filter
  1912. *
  1913. * @since 1.5.0
  1914. *
  1915. * @param string $text Optional. The excerpt. If set to empty, an excerpt is generated.
  1916. * @return string The excerpt.
  1917. */
  1918. function wp_trim_excerpt($text = '') {
  1919. $raw_excerpt = $text;
  1920. if ( '' == $text ) {
  1921. $text = get_the_content('');
  1922. $text = strip_shortcodes( $text );
  1923. $text = apply_filters('the_content', $text);
  1924. $text = str_replace(']]>', ']]&gt;', $text);
  1925. $excerpt_length = apply_filters('excerpt_length', 55);
  1926. $excerpt_more = apply_filters('excerpt_more', ' ' . '[...]');
  1927. $text = wp_trim_words( $text, $excerpt_length, $excerpt_more );
  1928. }
  1929. return apply_filters('wp_trim_excerpt', $text, $raw_excerpt);
  1930. }
  1931. /**
  1932. * Trims text to a certain number of words.
  1933. *
  1934. * This function is localized. For languages that count 'words' by the individual
  1935. * character (such as East Asian languages), the $num_words argument will apply
  1936. * to the number of individual characters.
  1937. *
  1938. * @since 3.3.0
  1939. *
  1940. * @param string $text Text to trim.
  1941. * @param int $num_words Number of words. Default 55.
  1942. * @param string $more What to append if $text needs to be trimmed. Default '&hellip;'.
  1943. * @return string Trimmed text.
  1944. */
  1945. function wp_trim_words( $text, $num_words = 55, $more = null ) {
  1946. if ( null === $more )
  1947. $more = __( '&hellip;' );
  1948. $original_text = $text;
  1949. $text = wp_strip_all_tags( $text );
  1950. /* translators: If your word count is based on single characters (East Asian characters),
  1951. enter 'characters'. Otherwise, enter 'words'. Do not translate into your own language. */
  1952. if ( 'characters' == _x( 'words', 'word count: words or characters?' ) && preg_match( '/^utf\-?8$/i', get_option( 'blog_charset' ) ) ) {
  1953. $text = trim( preg_replace( "/[\n\r\t ]+/", ' ', $text ), ' ' );
  1954. preg_match_all( '/./u', $text, $words_array );
  1955. $words_array = array_slice( $words_array[0], 0, $num_words + 1 );
  1956. $sep = '';
  1957. } else {
  1958. $words_array = preg_split( "/[\n\r\t ]+/", $text, $num_words + 1, PREG_SPLIT_NO_EMPTY );
  1959. $sep = ' ';
  1960. }
  1961. if ( count( $words_array ) > $num_words ) {
  1962. array_pop( $words_array );
  1963. $text = implode( $sep, $words_array );
  1964. $text = $text . $more;
  1965. } else {
  1966. $text = implode( $sep, $words_array );
  1967. }
  1968. return apply_filters( 'wp_trim_words', $text, $num_words, $more, $original_text );
  1969. }
  1970. /**
  1971. * Converts named entities into numbered entities.
  1972. *
  1973. * @since 1.5.1
  1974. *
  1975. * @param string $text The text within which entities will be converted.
  1976. * @return string Text with converted entities.
  1977. */
  1978. function ent2ncr($text) {
  1979. // Allow a plugin to short-circuit and override the mappings.
  1980. $filtered = apply_filters( 'pre_ent2ncr', null, $text );
  1981. if( null !== $filtered )
  1982. return $filtered;
  1983. $to_ncr = array(
  1984. '&quot;' => '&#34;',
  1985. '&amp;' => '&#38;',
  1986. '&frasl;' => '&#47;',
  1987. '&lt;' => '&#60;',
  1988. '&gt;' => '&#62;',
  1989. '|' => '&#124;',
  1990. '&nbsp;' => '&#160;',
  1991. '&iexcl;' => '&#161;',
  1992. '&cent;' => '&#162;',
  1993. '&pound;' => '&#163;',
  1994. '&curren;' => '&#164;',
  1995. '&yen;' => '&#165;',
  1996. '&brvbar;' => '&#166;',
  1997. '&brkbar;' => '&#166;',
  1998. '&sect;' => '&#167;',
  1999. '&uml;' => '&#168;',
  2000. '&die;' => '&#168;',
  2001. '&copy;' => '&#169;',
  2002. '&ordf;' => '&#170;',
  2003. '&laquo;' => '&#171;',
  2004. '&not;' => '&#172;',
  2005. '&shy;' => '&#173;',
  2006. '&reg;' => '&#174;',
  2007. '&macr;' => '&#175;',
  2008. '&hibar;' => '&#175;',
  2009. '&deg;' => '&#176;',
  2010. '&plusmn;' => '&#177;',
  2011. '&sup2;' => '&#178;',
  2012. '&sup3;' => '&#179;',
  2013. '&acute;' => '&#180;',
  2014. '&micro;' => '&#181;',
  2015. '&para;' => '&#182;',
  2016. '&middot;' => '&#183;',
  2017. '&cedil;' => '&#184;',
  2018. '&sup1;' => '&#185;',
  2019. '&ordm;' => '&#186;',
  2020. '&raquo;' => '&#187;',
  2021. '&frac14;' => '&#188;',
  2022. '&frac12;' => '&#189;',
  2023. '&frac34;' => '&#190;',
  2024. '&iquest;' => '&#191;',
  2025. '&Agrave;' => '&#192;',
  2026. '&Aacute;' => '&#193;',
  2027. '&Acirc;' => '&#194;',
  2028. '&Atilde;' => '&#195;',
  2029. '&Auml;' => '&#196;',
  2030. '&Aring;' => '&#197;',
  2031. '&AElig;' => '&#198;',
  2032. '&Ccedil;' => '&#199;',
  2033. '&Egrave;' => '&#200;',
  2034. '&Eacute;' => '&#201;',
  2035. '&Ecirc;' => '&#202;',
  2036. '&Euml;' => '&#203;',
  2037. '&Igrave;' => '&#204;',
  2038. '&Iacute;' => '&#205;',
  2039. '&Icirc;' => '&#206;',
  2040. '&Iuml;' => '&#207;',
  2041. '&ETH;' => '&#208;',
  2042. '&Ntilde;' => '&#209;',
  2043. '&Ograve;' => '&#210;',
  2044. '&Oacute;' => '&#211;',
  2045. '&Ocirc;' => '&#212;',
  2046. '&Otilde;' => '&#213;',
  2047. '&Ouml;' => '&#214;',
  2048. '&times;' => '&#215;',
  2049. '&Oslash;' => '&#216;',
  2050. '&Ugrave;' => '&#217;',
  2051. '&Uacute;' => '&#218;',
  2052. '&Ucirc;' => '&#219;',
  2053. '&Uuml;' => '&#220;',
  2054. '&Yacute;' => '&#221;',
  2055. '&THORN;' => '&#222;',
  2056. '&szlig;' => '&#223;',
  2057. '&agrave;' => '&#224;',
  2058. '&aacute;' => '&#225;',
  2059. '&acirc;' => '&#226;',
  2060. '&atilde;' => '&#227;',
  2061. '&auml;' => '&#228;',
  2062. '&aring;' => '&#229;',
  2063. '&aelig;' => '&#230;',
  2064. '&ccedil;' => '&#231;',
  2065. '&egrave;' => '&#232;',
  2066. '&eacute;' => '&#233;',
  2067. '&ecirc;' => '&#234;',
  2068. '&euml;' => '&#235;',
  2069. '&igrave;' => '&#236;',
  2070. '&iacute;' => '&#237;',
  2071. '&icirc;' => '&#238;',
  2072. '&iuml;' => '&#239;',
  2073. '&eth;' => '&#240;',
  2074. '&ntilde;' => '&#241;',
  2075. '&ograve;' => '&#242;',
  2076. '&oacute;' => '&#243;',
  2077. '&ocirc;' => '&#244;',
  2078. '&otilde;' => '&#245;',
  2079. '&ouml;' => '&#246;',
  2080. '&divide;' => '&#247;',
  2081. '&oslash;' => '&#248;',
  2082. '&ugrave;' => '&#249;',
  2083. '&uacute;' => '&#250;',
  2084. '&ucirc;' => '&#251;',
  2085. '&uuml;' => '&#252;',
  2086. '&yacute;' => '&#253;',
  2087. '&thorn;' => '&#254;',
  2088. '&yuml;' => '&#255;',
  2089. '&OElig;' => '&#338;',
  2090. '&oelig;' => '&#339;',
  2091. '&Scaron;' => '&#352;',
  2092. '&scaron;' => '&#353;',
  2093. '&Yuml;' => '&#376;',
  2094. '&fnof;' => '&#402;',
  2095. '&circ;' => '&#710;',
  2096. '&tilde;' => '&#732;',
  2097. '&Alpha;' => '&#913;',
  2098. '&Beta;' => '&#914;',
  2099. '&Gamma;' => '&#915;',
  2100. '&Delta;' => '&#916;',
  2101. '&Epsilon;' => '&#917;',
  2102. '&Zeta;' => '&#918;',
  2103. '&Eta;' => '&#919;',
  2104. '&Theta;' => '&#920;',
  2105. '&Iota;' => '&#921;',
  2106. '&Kappa;' => '&#922;',
  2107. '&Lambda;' => '&#923;',
  2108. '&Mu;' => '&#924;',
  2109. '&Nu;' => '&#925;',
  2110. '&Xi;' => '&#926;',
  2111. '&Omicron;' => '&#927;',
  2112. '&Pi;' => '&#928;',
  2113. '&Rho;' => '&#929;',
  2114. '&Sigma;' => '&#931;',
  2115. '&Tau;' => '&#932;',
  2116. '&Upsilon;' => '&#933;',
  2117. '&Phi;' => '&#934;',
  2118. '&Chi;' => '&#935;',
  2119. '&Psi;' => '&#936;',
  2120. '&Omega;' => '&#937;',
  2121. '&alpha;' => '&#945;',
  2122. '&beta;' => '&#946;',
  2123. '&gamma;' => '&#947;',
  2124. '&delta;' => '&#948;',
  2125. '&epsilon;' => '&#949;',
  2126. '&zeta;' => '&#950;',
  2127. '&eta;' => '&#951;',
  2128. '&theta;' => '&#952;',
  2129. '&iota;' => '&#953;',
  2130. '&kappa;' => '&#954;',
  2131. '&lambda;' => '&#955;',
  2132. '&mu;' => '&#956;',
  2133. '&nu;' => '&#957;',
  2134. '&xi;' => '&#958;',
  2135. '&omicron;' => '&#959;',
  2136. '&pi;' => '&#960;',
  2137. '&rho;' => '&#961;',
  2138. '&sigmaf;' => '&#962;',
  2139. '&sigma;' => '&#963;',
  2140. '&tau;' => '&#964;',
  2141. '&upsilon;' => '&#965;',
  2142. '&phi;' => '&#966;',
  2143. '&chi;' => '&#967;',
  2144. '&psi;' => '&#968;',
  2145. '&omega;' => '&#969;',
  2146. '&thetasym;' => '&#977;',
  2147. '&upsih;' => '&#978;',
  2148. '&piv;' => '&#982;',
  2149. '&ensp;' => '&#8194;',
  2150. '&emsp;' => '&#8195;',
  2151. '&thinsp;' => '&#8201;',
  2152. '&zwnj;' => '&#8204;',
  2153. '&zwj;' => '&#8205;',
  2154. '&lrm;' => '&#8206;',
  2155. '&rlm;' => '&#8207;',
  2156. '&ndash;' => '&#8211;',
  2157. '&mdash;' => '&#8212;',
  2158. '&lsquo;' => '&#8216;',
  2159. '&rsquo;' => '&#8217;',
  2160. '&sbquo;' => '&#8218;',
  2161. '&ldquo;' => '&#8220;',
  2162. '&rdquo;' => '&#8221;',
  2163. '&bdquo;' => '&#8222;',
  2164. '&dagger;' => '&#8224;',
  2165. '&Dagger;' => '&#8225;',
  2166. '&bull;' => '&#8226;',
  2167. '&hellip;' => '&#8230;',
  2168. '&permil;' => '&#8240;',
  2169. '&prime;' => '&#8242;',
  2170. '&Prime;' => '&#8243;',
  2171. '&lsaquo;' => '&#8249;',
  2172. '&rsaquo;' => '&#8250;',
  2173. '&oline;' => '&#8254;',
  2174. '&frasl;' => '&#8260;',
  2175. '&euro;' => '&#8364;',
  2176. '&image;' => '&#8465;',
  2177. '&weierp;' => '&#8472;',
  2178. '&real;' => '&#8476;',
  2179. '&trade;' => '&#8482;',
  2180. '&alefsym;' => '&#8501;',
  2181. '&crarr;' => '&#8629;',
  2182. '&lArr;' => '&#8656;',
  2183. '&uArr;' => '&#8657;',
  2184. '&rArr;' => '&#8658;',
  2185. '&dArr;' => '&#8659;',
  2186. '&hArr;' => '&#8660;',
  2187. '&forall;' => '&#8704;',
  2188. '&part;' => '&#8706;',
  2189. '&exist;' => '&#8707;',
  2190. '&empty;' => '&#8709;',
  2191. '&nabla;' => '&#8711;',
  2192. '&isin;' => '&#8712;',
  2193. '&notin;' => '&#8713;',
  2194. '&ni;' => '&#8715;',
  2195. '&prod;' => '&#8719;',
  2196. '&sum;' => '&#8721;',
  2197. '&minus;' => '&#8722;',
  2198. '&lowast;' => '&#8727;',
  2199. '&radic;' => '&#8730;',
  2200. '&prop;' => '&#8733;',
  2201. '&infin;' => '&#8734;',
  2202. '&ang;' => '&#8736;',
  2203. '&and;' => '&#8743;',
  2204. '&or;' => '&#8744;',
  2205. '&cap;' => '&#8745;',
  2206. '&cup;' => '&#8746;',
  2207. '&int;' => '&#8747;',
  2208. '&there4;' => '&#8756;',
  2209. '&sim;' => '&#8764;',
  2210. '&cong;' => '&#8773;',
  2211. '&asymp;' => '&#8776;',
  2212. '&ne;' => '&#8800;',
  2213. '&equiv;' => '&#8801;',
  2214. '&le;' => '&#8804;',
  2215. '&ge;' => '&#8805;',
  2216. '&sub;' => '&#8834;',
  2217. '&sup;' => '&#8835;',
  2218. '&nsub;' => '&#8836;',
  2219. '&sube;' => '&#8838;',
  2220. '&supe;' => '&#8839;',
  2221. '&oplus;' => '&#8853;',
  2222. '&otimes;' => '&#8855;',
  2223. '&perp;' => '&#8869;',
  2224. '&sdot;' => '&#8901;',
  2225. '&lceil;' => '&#8968;',
  2226. '&rceil;' => '&#8969;',
  2227. '&lfloor;' => '&#8970;',
  2228. '&rfloor;' => '&#8971;',
  2229. '&lang;' => '&#9001;',
  2230. '&rang;' => '&#9002;',
  2231. '&larr;' => '&#8592;',
  2232. '&uarr;' => '&#8593;',
  2233. '&rarr;' => '&#8594;',
  2234. '&darr;' => '&#8595;',
  2235. '&harr;' => '&#8596;',
  2236. '&loz;' => '&#9674;',
  2237. '&spades;' => '&#9824;',
  2238. '&clubs;' => '&#9827;',
  2239. '&hearts;' => '&#9829;',
  2240. '&diams;' => '&#9830;'
  2241. );
  2242. return str_replace( array_keys($to_ncr), array_values($to_ncr), $text );
  2243. }
  2244. /**
  2245. * Formats text for the rich text editor.
  2246. *
  2247. * The filter 'richedit_pre' is applied here. If $text is empty the filter will
  2248. * be applied to an empty string.
  2249. *
  2250. * @since 2.0.0
  2251. *
  2252. * @param string $text The text to be formatted.
  2253. * @return string The formatted text after filter is applied.
  2254. */
  2255. function wp_richedit_pre($text) {
  2256. // Filtering a blank results in an annoying <br />\n
  2257. if ( empty($text) ) return apply_filters('richedit_pre', '');
  2258. $output = convert_chars($text);
  2259. $output = wpautop($output);
  2260. $output = htmlspecialchars($output, ENT_NOQUOTES);
  2261. return apply_filters('richedit_pre', $output);
  2262. }
  2263. /**
  2264. * Formats text for the HTML editor.
  2265. *
  2266. * Unless $output is empty it will pass through htmlspecialchars before the
  2267. * 'htmledit_pre' filter is applied.
  2268. *
  2269. * @since 2.5.0
  2270. *
  2271. * @param string $output The text to be formatted.
  2272. * @return string Formatted text after filter applied.
  2273. */
  2274. function wp_htmledit_pre($output) {
  2275. if ( !empty($output) )
  2276. $output = htmlspecialchars($output, ENT_NOQUOTES); // convert only < > &
  2277. return apply_filters('htmledit_pre', $output);
  2278. }
  2279. /**
  2280. * Perform a deep string replace operation to ensure the values in $search are no longer present
  2281. *
  2282. * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
  2283. * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
  2284. * str_replace would return
  2285. *
  2286. * @since 2.8.1
  2287. * @access private
  2288. *
  2289. * @param string|array $search
  2290. * @param string $subject
  2291. * @return string The processed string
  2292. */
  2293. function _deep_replace( $search, $subject ) {
  2294. $found = true;
  2295. $subject = (string) $subject;
  2296. while ( $found ) {
  2297. $found = false;
  2298. foreach ( (array) $search as $val ) {
  2299. while ( strpos( $subject, $val ) !== false ) {
  2300. $found = true;
  2301. $subject = str_replace( $val, '', $subject );
  2302. }
  2303. }
  2304. }
  2305. return $subject;
  2306. }
  2307. /**
  2308. * Escapes data for use in a MySQL query
  2309. *
  2310. * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
  2311. *
  2312. * @since 2.8.0
  2313. * @param string $sql Unescaped SQL data
  2314. * @return string The cleaned $sql
  2315. */
  2316. function esc_sql( $sql ) {
  2317. global $wpdb;
  2318. return $wpdb->escape( $sql );
  2319. }
  2320. /**
  2321. * Checks and cleans a URL.
  2322. *
  2323. * A number of characters are removed from the URL. If the URL is for displaying
  2324. * (the default behaviour) ampersands are also replaced. The 'clean_url' filter
  2325. * is applied to the returned cleaned URL.
  2326. *
  2327. * @since 2.8.0
  2328. * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
  2329. * via $protocols or the common ones set in the function.
  2330. *
  2331. * @param string $url The URL to be cleaned.
  2332. * @param array $protocols Optional. An array of acceptable protocols.
  2333. * Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn' if not set.
  2334. * @param string $_context Private. Use esc_url_raw() for database usage.
  2335. * @return string The cleaned $url after the 'clean_url' filter is applied.
  2336. */
  2337. function esc_url( $url, $protocols = null, $_context = 'display' ) {
  2338. $original_url = $url;
  2339. if ( '' == $url )
  2340. return $url;
  2341. $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
  2342. $strip = array('%0d', '%0a', '%0D', '%0A');
  2343. $url = _deep_replace($strip, $url);
  2344. $url = str_replace(';//', '://', $url);
  2345. /* If the URL doesn't appear to contain a scheme, we
  2346. * presume it needs http:// appended (unless a relative
  2347. * link starting with /, # or ? or a php file).
  2348. */
  2349. if ( strpos($url, ':') === false && ! in_array( $url[0], array( '/', '#', '?' ) ) &&
  2350. ! preg_match('/^[a-z0-9-]+?\.php/i', $url) )
  2351. $url = 'http://' . $url;
  2352. // Replace ampersands and single quotes only when displaying.
  2353. if ( 'display' == $_context ) {
  2354. $url = wp_kses_normalize_entities( $url );
  2355. $url = str_replace( '&amp;', '&#038;', $url );
  2356. $url = str_replace( "'", '&#039;', $url );
  2357. }
  2358. if ( ! is_array( $protocols ) )
  2359. $protocols = wp_allowed_protocols();
  2360. if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
  2361. return '';
  2362. return apply_filters('clean_url', $url, $original_url, $_context);
  2363. }
  2364. /**
  2365. * Performs esc_url() for database usage.
  2366. *
  2367. * @since 2.8.0
  2368. * @uses esc_url()
  2369. *
  2370. * @param string $url The URL to be cleaned.
  2371. * @param array $protocols An array of acceptable protocols.
  2372. * @return string The cleaned URL.
  2373. */
  2374. function esc_url_raw( $url, $protocols = null ) {
  2375. return esc_url( $url, $protocols, 'db' );
  2376. }
  2377. /**
  2378. * Convert entities, while preserving already-encoded entities.
  2379. *
  2380. * @link http://www.php.net/htmlentities Borrowed from the PHP Manual user notes.
  2381. *
  2382. * @since 1.2.2
  2383. *
  2384. * @param string $myHTML The text to be converted.
  2385. * @return string Converted text.
  2386. */
  2387. function htmlentities2($myHTML) {
  2388. $translation_table = get_html_translation_table( HTML_ENTITIES, ENT_QUOTES );
  2389. $translation_table[chr(38)] = '&';
  2390. return preg_replace( "/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/", "&amp;", strtr($myHTML, $translation_table) );
  2391. }
  2392. /**
  2393. * Escape single quotes, htmlspecialchar " < > &, and fix line endings.
  2394. *
  2395. * Escapes text strings for echoing in JS. It is intended to be used for inline JS
  2396. * (in a tag attribute, for example onclick="..."). Note that the strings have to
  2397. * be in single quotes. The filter 'js_escape' is also applied here.
  2398. *
  2399. * @since 2.8.0
  2400. *
  2401. * @param string $text The text to be escaped.
  2402. * @return string Escaped text.
  2403. */
  2404. function esc_js( $text ) {
  2405. $safe_text = wp_check_invalid_utf8( $text );
  2406. $safe_text = _wp_specialchars( $safe_text, ENT_COMPAT );
  2407. $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
  2408. $safe_text = str_replace( "\r", '', $safe_text );
  2409. $safe_text = str_replace( "\n", '\\n', addslashes( $safe_text ) );
  2410. return apply_filters( 'js_escape', $safe_text, $text );
  2411. }
  2412. /**
  2413. * Escaping for HTML blocks.
  2414. *
  2415. * @since 2.8.0
  2416. *
  2417. * @param string $text
  2418. * @return string
  2419. */
  2420. function esc_html( $text ) {
  2421. $safe_text = wp_check_invalid_utf8( $text );
  2422. $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
  2423. return apply_filters( 'esc_html', $safe_text, $text );
  2424. }
  2425. /**
  2426. * Escaping for HTML attributes.
  2427. *
  2428. * @since 2.8.0
  2429. *
  2430. * @param string $text
  2431. * @return string
  2432. */
  2433. function esc_attr( $text ) {
  2434. $safe_text = wp_check_invalid_utf8( $text );
  2435. $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
  2436. return apply_filters( 'attribute_escape', $safe_text, $text );
  2437. }
  2438. /**
  2439. * Escaping for textarea values.
  2440. *
  2441. * @since 3.1
  2442. *
  2443. * @param string $text
  2444. * @return string
  2445. */
  2446. function esc_textarea( $text ) {
  2447. $safe_text = htmlspecialchars( $text, ENT_QUOTES );
  2448. return apply_filters( 'esc_textarea', $safe_text, $text );
  2449. }
  2450. /**
  2451. * Escape a HTML tag name.
  2452. *
  2453. * @since 2.5.0
  2454. *
  2455. * @param string $tag_name
  2456. * @return string
  2457. */
  2458. function tag_escape($tag_name) {
  2459. $safe_tag = strtolower( preg_replace('/[^a-zA-Z0-9_:]/', '', $tag_name) );
  2460. return apply_filters('tag_escape', $safe_tag, $tag_name);
  2461. }
  2462. /**
  2463. * Escapes text for SQL LIKE special characters % and _.
  2464. *
  2465. * @since 2.5.0
  2466. *
  2467. * @param string $text The text to be escaped.
  2468. * @return string text, safe for inclusion in LIKE query.
  2469. */
  2470. function like_escape($text) {
  2471. return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
  2472. }
  2473. /**
  2474. * Convert full URL paths to absolute paths.
  2475. *
  2476. * Removes the http or https protocols and the domain. Keeps the path '/' at the
  2477. * beginning, so it isn't a true relative link, but from the web root base.
  2478. *
  2479. * @since 2.1.0
  2480. *
  2481. * @param string $link Full URL path.
  2482. * @return string Absolute path.
  2483. */
  2484. function wp_make_link_relative( $link ) {
  2485. return preg_replace( '|https?://[^/]+(/.*)|i', '$1', $link );
  2486. }
  2487. /**
  2488. * Sanitises various option values based on the nature of the option.
  2489. *
  2490. * This is basically a switch statement which will pass $value through a number
  2491. * of functions depending on the $option.
  2492. *
  2493. * @since 2.0.5
  2494. *
  2495. * @param string $option The name of the option.
  2496. * @param string $value The unsanitised value.
  2497. * @return string Sanitized value.
  2498. */
  2499. function sanitize_option($option, $value) {
  2500. switch ( $option ) {
  2501. case 'admin_email' :
  2502. case 'new_admin_email' :
  2503. $value = sanitize_email( $value );
  2504. if ( ! is_email( $value ) ) {
  2505. $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
  2506. if ( function_exists( 'add_settings_error' ) )
  2507. add_settings_error( $option, 'invalid_admin_email', __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ) );
  2508. }
  2509. break;
  2510. case 'thumbnail_size_w':
  2511. case 'thumbnail_size_h':
  2512. case 'medium_size_w':
  2513. case 'medium_size_h':
  2514. case 'large_size_w':
  2515. case 'large_size_h':
  2516. case 'mailserver_port':
  2517. case 'comment_max_links':
  2518. case 'page_on_front':
  2519. case 'page_for_posts':
  2520. case 'rss_excerpt_length':
  2521. case 'default_category':
  2522. case 'default_email_category':
  2523. case 'default_link_category':
  2524. case 'close_comments_days_old':
  2525. case 'comments_per_page':
  2526. case 'thread_comments_depth':
  2527. case 'users_can_register':
  2528. case 'start_of_week':
  2529. $value = absint( $value );
  2530. break;
  2531. case 'posts_per_page':
  2532. case 'posts_per_rss':
  2533. $value = (int) $value;
  2534. if ( empty($value) )
  2535. $value = 1;
  2536. if ( $value < -1 )
  2537. $value = abs($value);
  2538. break;
  2539. case 'default_ping_status':
  2540. case 'default_comment_status':
  2541. // Options that if not there have 0 value but need to be something like "closed"
  2542. if ( $value == '0' || $value == '')
  2543. $value = 'closed';
  2544. break;
  2545. case 'blogdescription':
  2546. case 'blogname':
  2547. $value = wp_kses_post( $value );
  2548. $value = esc_html( $value );
  2549. break;
  2550. case 'blog_charset':
  2551. $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
  2552. break;
  2553. case 'blog_public':
  2554. // This is the value if the settings checkbox is not checked on POST. Don't rely on this.
  2555. if ( null === $value )
  2556. $value = 1;
  2557. else
  2558. $value = intval( $value );
  2559. break;
  2560. case 'date_format':
  2561. case 'time_format':
  2562. case 'mailserver_url':
  2563. case 'mailserver_login':
  2564. case 'mailserver_pass':
  2565. case 'upload_path':
  2566. $value = strip_tags( $value );
  2567. $value = wp_kses_data( $value );
  2568. break;
  2569. case 'ping_sites':
  2570. $value = explode( "\n", $value );
  2571. $value = array_filter( array_map( 'trim', $value ) );
  2572. $value = array_filter( array_map( 'esc_url_raw', $value ) );
  2573. $value = implode( "\n", $value );
  2574. break;
  2575. case 'gmt_offset':
  2576. $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
  2577. break;
  2578. case 'siteurl':
  2579. if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
  2580. $value = esc_url_raw($value);
  2581. } else {
  2582. $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
  2583. if ( function_exists('add_settings_error') )
  2584. add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.'));
  2585. }
  2586. break;
  2587. case 'home':
  2588. if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
  2589. $value = esc_url_raw($value);
  2590. } else {
  2591. $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
  2592. if ( function_exists('add_settings_error') )
  2593. add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));
  2594. }
  2595. break;
  2596. case 'WPLANG':
  2597. $allowed = get_available_languages();
  2598. if ( ! in_array( $value, $allowed ) && ! empty( $value ) )
  2599. $value = get_option( $option );
  2600. break;
  2601. case 'illegal_names':
  2602. if ( ! is_array( $value ) )
  2603. $value = explode( "\n", $value );
  2604. $value = array_values( array_filter( array_map( 'trim', $value ) ) );
  2605. if ( ! $value )
  2606. $value = '';
  2607. break;
  2608. case 'limited_email_domains':
  2609. case 'banned_email_domains':
  2610. if ( ! is_array( $value ) )
  2611. $value = explode( "\n", $value );
  2612. $domains = array_values( array_filter( array_map( 'trim', $value ) ) );
  2613. $value = array();
  2614. foreach ( $domains as $domain ) {
  2615. if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
  2616. $value[] = $domain;
  2617. }
  2618. if ( ! $value )
  2619. $value = '';
  2620. break;
  2621. case 'timezone_string':
  2622. $allowed_zones = timezone_identifiers_list();
  2623. if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) {
  2624. $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
  2625. if ( function_exists('add_settings_error') )
  2626. add_settings_error('timezone_string', 'invalid_timezone_string', __('The timezone you have entered is not valid. Please select a valid timezone.') );
  2627. }
  2628. break;
  2629. case 'permalink_structure':
  2630. case 'category_base':
  2631. case 'tag_base':
  2632. $value = esc_url_raw( $value );
  2633. $value = str_replace( 'http://', '', $value );
  2634. break;
  2635. }
  2636. $value = apply_filters("sanitize_option_{$option}", $value, $option);
  2637. return $value;
  2638. }
  2639. /**
  2640. * Parses a string into variables to be stored in an array.
  2641. *
  2642. * Uses {@link http://www.php.net/parse_str parse_str()} and stripslashes if
  2643. * {@link http://www.php.net/magic_quotes magic_quotes_gpc} is on.
  2644. *
  2645. * @since 2.2.1
  2646. * @uses apply_filters() for the 'wp_parse_str' filter.
  2647. *
  2648. * @param string $string The string to be parsed.
  2649. * @param array $array Variables will be stored in this array.
  2650. */
  2651. function wp_parse_str( $string, &$array ) {
  2652. parse_str( $string, $array );
  2653. if ( get_magic_quotes_gpc() )
  2654. $array = stripslashes_deep( $array );
  2655. $array = apply_filters( 'wp_parse_str', $array );
  2656. }
  2657. /**
  2658. * Convert lone less than signs.
  2659. *
  2660. * KSES already converts lone greater than signs.
  2661. *
  2662. * @uses wp_pre_kses_less_than_callback in the callback function.
  2663. * @since 2.3.0
  2664. *
  2665. * @param string $text Text to be converted.
  2666. * @return string Converted text.
  2667. */
  2668. function wp_pre_kses_less_than( $text ) {
  2669. return preg_replace_callback('%<[^>]*?((?=<)|>|$)%', 'wp_pre_kses_less_than_callback', $text);
  2670. }
  2671. /**
  2672. * Callback function used by preg_replace.
  2673. *
  2674. * @uses esc_html to format the $matches text.
  2675. * @since 2.3.0
  2676. *
  2677. * @param array $matches Populated by matches to preg_replace.
  2678. * @return string The text returned after esc_html if needed.
  2679. */
  2680. function wp_pre_kses_less_than_callback( $matches ) {
  2681. if ( false === strpos($matches[0], '>') )
  2682. return esc_html($matches[0]);
  2683. return $matches[0];
  2684. }
  2685. /**
  2686. * WordPress implementation of PHP sprintf() with filters.
  2687. *
  2688. * @since 2.5.0
  2689. * @link http://www.php.net/sprintf
  2690. *
  2691. * @param string $pattern The string which formatted args are inserted.
  2692. * @param mixed $args,... Arguments to be formatted into the $pattern string.
  2693. * @return string The formatted string.
  2694. */
  2695. function wp_sprintf( $pattern ) {
  2696. $args = func_get_args( );
  2697. $len = strlen($pattern);
  2698. $start = 0;
  2699. $result = '';
  2700. $arg_index = 0;
  2701. while ( $len > $start ) {
  2702. // Last character: append and break
  2703. if ( strlen($pattern) - 1 == $start ) {
  2704. $result .= substr($pattern, -1);
  2705. break;
  2706. }
  2707. // Literal %: append and continue
  2708. if ( substr($pattern, $start, 2) == '%%' ) {
  2709. $start += 2;
  2710. $result .= '%';
  2711. continue;
  2712. }
  2713. // Get fragment before next %
  2714. $end = strpos($pattern, '%', $start + 1);
  2715. if ( false === $end )
  2716. $end = $len;
  2717. $fragment = substr($pattern, $start, $end - $start);
  2718. // Fragment has a specifier
  2719. if ( $pattern[$start] == '%' ) {
  2720. // Find numbered arguments or take the next one in order
  2721. if ( preg_match('/^%(\d+)\$/', $fragment, $matches) ) {
  2722. $arg = isset($args[$matches[1]]) ? $args[$matches[1]] : '';
  2723. $fragment = str_replace("%{$matches[1]}$", '%', $fragment);
  2724. } else {
  2725. ++$arg_index;
  2726. $arg = isset($args[$arg_index]) ? $args[$arg_index] : '';
  2727. }
  2728. // Apply filters OR sprintf
  2729. $_fragment = apply_filters( 'wp_sprintf', $fragment, $arg );
  2730. if ( $_fragment != $fragment )
  2731. $fragment = $_fragment;
  2732. else
  2733. $fragment = sprintf($fragment, strval($arg) );
  2734. }
  2735. // Append to result and move to next fragment
  2736. $result .= $fragment;
  2737. $start = $end;
  2738. }
  2739. return $result;
  2740. }
  2741. /**
  2742. * Localize list items before the rest of the content.
  2743. *
  2744. * The '%l' must be at the first characters can then contain the rest of the
  2745. * content. The list items will have ', ', ', and', and ' and ' added depending
  2746. * on the amount of list items in the $args parameter.
  2747. *
  2748. * @since 2.5.0
  2749. *
  2750. * @param string $pattern Content containing '%l' at the beginning.
  2751. * @param array $args List items to prepend to the content and replace '%l'.
  2752. * @return string Localized list items and rest of the content.
  2753. */
  2754. function wp_sprintf_l($pattern, $args) {
  2755. // Not a match
  2756. if ( substr($pattern, 0, 2) != '%l' )
  2757. return $pattern;
  2758. // Nothing to work with
  2759. if ( empty($args) )
  2760. return '';
  2761. // Translate and filter the delimiter set (avoid ampersands and entities here)
  2762. $l = apply_filters('wp_sprintf_l', array(
  2763. /* translators: used between list items, there is a space after the comma */
  2764. 'between' => __(', '),
  2765. /* translators: used between list items, there is a space after the and */
  2766. 'between_last_two' => __(', and '),
  2767. /* translators: used between only two list items, there is a space after the and */
  2768. 'between_only_two' => __(' and '),
  2769. ));
  2770. $args = (array) $args;
  2771. $result = array_shift($args);
  2772. if ( count($args) == 1 )
  2773. $result .= $l['between_only_two'] . array_shift($args);
  2774. // Loop when more than two args
  2775. $i = count($args);
  2776. while ( $i ) {
  2777. $arg = array_shift($args);
  2778. $i--;
  2779. if ( 0 == $i )
  2780. $result .= $l['between_last_two'] . $arg;
  2781. else
  2782. $result .= $l['between'] . $arg;
  2783. }
  2784. return $result . substr($pattern, 2);
  2785. }
  2786. /**
  2787. * Safely extracts not more than the first $count characters from html string.
  2788. *
  2789. * UTF-8, tags and entities safe prefix extraction. Entities inside will *NOT*
  2790. * be counted as one character. For example &amp; will be counted as 4, &lt; as
  2791. * 3, etc.
  2792. *
  2793. * @since 2.5.0
  2794. *
  2795. * @param integer $str String to get the excerpt from.
  2796. * @param integer $count Maximum number of characters to take.
  2797. * @return string The excerpt.
  2798. */
  2799. function wp_html_excerpt( $str, $count ) {
  2800. $str = wp_strip_all_tags( $str, true );
  2801. $str = mb_substr( $str, 0, $count );
  2802. // remove part of an entity at the end
  2803. $str = preg_replace( '/&[^;\s]{0,6}$/', '', $str );
  2804. return $str;
  2805. }
  2806. /**
  2807. * Add a Base url to relative links in passed content.
  2808. *
  2809. * By default it supports the 'src' and 'href' attributes. However this can be
  2810. * changed via the 3rd param.
  2811. *
  2812. * @since 2.7.0
  2813. *
  2814. * @param string $content String to search for links in.
  2815. * @param string $base The base URL to prefix to links.
  2816. * @param array $attrs The attributes which should be processed.
  2817. * @return string The processed content.
  2818. */
  2819. function links_add_base_url( $content, $base, $attrs = array('src', 'href') ) {
  2820. global $_links_add_base;
  2821. $_links_add_base = $base;
  2822. $attrs = implode('|', (array)$attrs);
  2823. return preg_replace_callback( "!($attrs)=(['\"])(.+?)\\2!i", '_links_add_base', $content );
  2824. }
  2825. /**
  2826. * Callback to add a base url to relative links in passed content.
  2827. *
  2828. * @since 2.7.0
  2829. * @access private
  2830. *
  2831. * @param string $m The matched link.
  2832. * @return string The processed link.
  2833. */
  2834. function _links_add_base($m) {
  2835. global $_links_add_base;
  2836. //1 = attribute name 2 = quotation mark 3 = URL
  2837. return $m[1] . '=' . $m[2] .
  2838. ( preg_match( '#^(\w{1,20}):#', $m[3], $protocol ) && in_array( $protocol[1], wp_allowed_protocols() ) ?
  2839. $m[3] :
  2840. path_join( $_links_add_base, $m[3] ) )
  2841. . $m[2];
  2842. }
  2843. /**
  2844. * Adds a Target attribute to all links in passed content.
  2845. *
  2846. * This function by default only applies to <a> tags, however this can be
  2847. * modified by the 3rd param.
  2848. *
  2849. * <b>NOTE:</b> Any current target attributed will be stripped and replaced.
  2850. *
  2851. * @since 2.7.0
  2852. *
  2853. * @param string $content String to search for links in.
  2854. * @param string $target The Target to add to the links.
  2855. * @param array $tags An array of tags to apply to.
  2856. * @return string The processed content.
  2857. */
  2858. function links_add_target( $content, $target = '_blank', $tags = array('a') ) {
  2859. global $_links_add_target;
  2860. $_links_add_target = $target;
  2861. $tags = implode('|', (array)$tags);
  2862. return preg_replace_callback( "!<($tags)(.+?)>!i", '_links_add_target', $content );
  2863. }
  2864. /**
  2865. * Callback to add a target attribute to all links in passed content.
  2866. *
  2867. * @since 2.7.0
  2868. * @access private
  2869. *
  2870. * @param string $m The matched link.
  2871. * @return string The processed link.
  2872. */
  2873. function _links_add_target( $m ) {
  2874. global $_links_add_target;
  2875. $tag = $m[1];
  2876. $link = preg_replace('|(target=[\'"](.*?)[\'"])|i', '', $m[2]);
  2877. return '<' . $tag . $link . ' target="' . esc_attr( $_links_add_target ) . '">';
  2878. }
  2879. // normalize EOL characters and strip duplicate whitespace
  2880. function normalize_whitespace( $str ) {
  2881. $str = trim($str);
  2882. $str = str_replace("\r", "\n", $str);
  2883. $str = preg_replace( array( '/\n+/', '/[ \t]+/' ), array( "\n", ' ' ), $str );
  2884. return $str;
  2885. }
  2886. /**
  2887. * Properly strip all HTML tags including script and style
  2888. *
  2889. * @since 2.9.0
  2890. *
  2891. * @param string $string String containing HTML tags
  2892. * @param bool $remove_breaks optional Whether to remove left over line breaks and white space chars
  2893. * @return string The processed string.
  2894. */
  2895. function wp_strip_all_tags($string, $remove_breaks = false) {
  2896. $string = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $string );
  2897. $string = strip_tags($string);
  2898. if ( $remove_breaks )
  2899. $string = preg_replace('/[\r\n\t ]+/', ' ', $string);
  2900. return trim( $string );
  2901. }
  2902. /**
  2903. * Sanitize a string from user input or from the db
  2904. *
  2905. * check for invalid UTF-8,
  2906. * Convert single < characters to entity,
  2907. * strip all tags,
  2908. * remove line breaks, tabs and extra white space,
  2909. * strip octets.
  2910. *
  2911. * @since 2.9.0
  2912. *
  2913. * @param string $str
  2914. * @return string
  2915. */
  2916. function sanitize_text_field($str) {
  2917. $filtered = wp_check_invalid_utf8( $str );
  2918. if ( strpos($filtered, '<') !== false ) {
  2919. $filtered = wp_pre_kses_less_than( $filtered );
  2920. // This will strip extra whitespace for us.
  2921. $filtered = wp_strip_all_tags( $filtered, true );
  2922. } else {
  2923. $filtered = trim( preg_replace('/[\r\n\t ]+/', ' ', $filtered) );
  2924. }
  2925. $match = array();
  2926. $found = false;
  2927. while ( preg_match('/%[a-f0-9]{2}/i', $filtered, $match) ) {
  2928. $filtered = str_replace($match[0], '', $filtered);
  2929. $found = true;
  2930. }
  2931. if ( $found ) {
  2932. // Strip out the whitespace that may now exist after removing the octets.
  2933. $filtered = trim( preg_replace('/ +/', ' ', $filtered) );
  2934. }
  2935. return apply_filters('sanitize_text_field', $filtered, $str);
  2936. }
  2937. /**
  2938. * i18n friendly version of basename()
  2939. *
  2940. * @since 3.1.0
  2941. *
  2942. * @param string $path A path.
  2943. * @param string $suffix If the filename ends in suffix this will also be cut off.
  2944. * @return string
  2945. */
  2946. function wp_basename( $path, $suffix = '' ) {
  2947. return urldecode( basename( str_replace( array( '%2F', '%5C' ), '/', urlencode( $path ) ), $suffix ) );
  2948. }
  2949. /**
  2950. * Forever eliminate "Wordpress" from the planet (or at least the little bit we can influence).
  2951. *
  2952. * Violating our coding standards for a good function name.
  2953. *
  2954. * @since 3.0.0
  2955. */
  2956. function capital_P_dangit( $text ) {
  2957. // Simple replacement for titles
  2958. if ( 'the_title' === current_filter() )
  2959. return str_replace( 'Wordpress', 'WordPress', $text );
  2960. // Still here? Use the more judicious replacement
  2961. static $dblq = false;
  2962. if ( false === $dblq )
  2963. $dblq = _x( '&#8220;', 'opening curly double quote' );
  2964. return str_replace(
  2965. array( ' Wordpress', '&#8216;Wordpress', $dblq . 'Wordpress', '>Wordpress', '(Wordpress' ),
  2966. array( ' WordPress', '&#8216;WordPress', $dblq . 'WordPress', '>WordPress', '(WordPress' ),
  2967. $text );
  2968. }
  2969. /**
  2970. * Sanitize a mime type
  2971. *
  2972. * @since 3.1.3
  2973. *
  2974. * @param string $mime_type Mime type
  2975. * @return string Sanitized mime type
  2976. */
  2977. function sanitize_mime_type( $mime_type ) {
  2978. $sani_mime_type = preg_replace( '/[^-+*.a-zA-Z0-9\/]/', '', $mime_type );
  2979. return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
  2980. }
  2981. /**
  2982. * Sanitize space or carriage return separated URLs that are used to send trackbacks.
  2983. *
  2984. * @since 3.4.0
  2985. *
  2986. * @param string $to_ping Space or carriage return separated URLs
  2987. * @return string URLs starting with the http or https protocol, separated by a carriage return.
  2988. */
  2989. function sanitize_trackback_urls( $to_ping ) {
  2990. $urls_to_ping = preg_split( '/[\r\n\t ]/', trim( $to_ping ), -1, PREG_SPLIT_NO_EMPTY );
  2991. foreach ( $urls_to_ping as $k => $url ) {
  2992. if ( !preg_match( '#^https?://.#i', $url ) )
  2993. unset( $urls_to_ping[$k] );
  2994. }
  2995. $urls_to_ping = array_map( 'esc_url_raw', $urls_to_ping );
  2996. $urls_to_ping = implode( "\n", $urls_to_ping );
  2997. return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping );
  2998. }