*/
function wptexturize($text) {
global $wp_cockneyreplace;
- $next = true;
- $has_pre_parent = false;
$output = '';
$curl = '';
$textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
$stop = count($textarr);
+
+ /* translators: opening curly quote */
+ $opening_quote = _x('“', 'opening curly quote');
+ /* translators: closing curly quote */
+ $closing_quote = _x('”', 'closing curly quote');
+
+ $no_texturize_tags = apply_filters('no_texturize_tags', array('pre', 'code', 'kbd', 'style', 'script', 'tt'));
+ $no_texturize_shortcodes = apply_filters('no_texturize_shortcodes', array('code'));
+ $no_texturize_tags_stack = array();
+ $no_texturize_shortcodes_stack = array();
// if a plugin has provided an autocorrect array, use it
if ( isset($wp_cockneyreplace) ) {
$cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause");
}
- $static_characters = array_merge(array('---', ' -- ', '--', 'xn–', '...', '``', '\'s', '\'\'', ' (tm)'), $cockney);
- $static_replacements = array_merge(array('—', ' — ', '–', 'xn--', '…', '“', '’s', '”', ' ™'), $cockneyreplace);
+ $static_characters = array_merge(array('---', ' -- ', '--', ' - ', 'xn–', '...', '``', '\'s', '\'\'', ' (tm)'), $cockney);
+ $static_replacements = array_merge(array('—', ' — ', '–', ' – ', 'xn--', '…', $opening_quote, '’s', $closing_quote, ' ™'), $cockneyreplace);
$dynamic_characters = array('/\'(\d\d(?:’|\')?s)/', '/(\s|\A|")\'/', '/(\d+)"/', '/(\d+)\'/', '/(\S)\'([^\'\s])/', '/(\s|\A)"(?!\s)/', '/"(\s|\S|\Z)/', '/\'([\s.]|\Z)/', '/(\d+)x(\d+)/');
- $dynamic_replacements = array('’$1','$1‘', '$1″', '$1′', '$1’$2', '$1“$2', '”$1', '’$1', '$1×$2');
+ $dynamic_replacements = array('’$1','$1‘', '$1″', '$1′', '$1’$2', '$1' . $opening_quote . '$2', $closing_quote . '$1', '’$1', '$1×$2');
for ( $i = 0; $i < $stop; $i++ ) {
$curl = $textarr[$i];
- if ( !empty($curl) && '<' != $curl{0} && '[' != $curl{0} && $next && !$has_pre_parent) { // If it's not a tag
+ if ( !empty($curl) && '<' != $curl{0} && '[' != $curl{0}
+ && empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack)) { // If it's not a tag
// static strings
$curl = str_replace($static_characters, $static_replacements, $curl);
// regular expressions
$curl = preg_replace($dynamic_characters, $dynamic_replacements, $curl);
- } elseif (strpos($curl, '<code') !== false || strpos($curl, '<kbd') !== false || strpos($curl, '<style') !== false || strpos($curl, '<script') !== false) {
- $next = false;
- } elseif (strpos($curl, '<pre') !== false) {
- $has_pre_parent = true;
- } elseif (strpos($curl, '</pre>') !== false) {
- $has_pre_parent = false;
} else {
- $next = true;
+ wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
+ wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
}
$curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&$1', $curl);
return $output;
}
+function wptexturize_pushpop_element($text, &$stack, $disabled_elements, $opening = '<', $closing = '>') {
+ $o = preg_quote($opening, '/');
+ $c = preg_quote($closing, '/');
+ foreach($disabled_elements as $element) {
+ if (preg_match('/^'.$o.$element.'\b/', $text)) array_push($stack, $element);
+ if (preg_match('/^'.$o.'\/'.$element.$c.'/', $text)) {
+ $last = array_pop($stack);
+ // disable texturize until we find a closing tag of our type (e.g. <pre>)
+ // even if there was invalid nesting before that
+ // Example: in the case <pre>sadsadasd</code>"baba"</pre> "baba" won't be texturized
+ if ($last != $element) array_push($stack, $last);
+ }
+ }
+}
+
/**
* Accepts matches array from preg_replace_callback in wpautop() or a string.
*
* @return string Text which has been converted into correct paragraph tags.
*/
function wpautop($pee, $br = 1) {
+ if ( trim($pee) === '' )
+ return '';
$pee = $pee . "\n"; // just to make things a little easier, pad the end
$pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
// Space things out a little
- $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
+ $allblocks = '(?:table|thead|tfoot|caption|col|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
$pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
$pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
$pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
$pee = '';
foreach ( $pees as $tinkle )
$pee .= '<p>' . trim($tinkle, "\n") . "</p>\n";
- $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
- $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
- $pee = preg_replace( '|<p>|', "$1<p>", $pee );
+ $pee = preg_replace('|<p>\s*</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
+ $pee = preg_replace('!<p>([^<]+)</(div|address|form)>!', "<p>$1</p></$2>", $pee);
$pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
$pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
$pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
$pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
$pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
if (strpos($pee, '<pre') !== false)
- $pee = preg_replace_callback('!(<pre.*?>)(.*?)</pre>!is', 'clean_pre', $pee );
+ $pee = preg_replace_callback('!(<pre[^>]*>)(.*?)</pre>!is', 'clean_pre', $pee );
$pee = preg_replace( "|\n</p>$|", '</p>', $pee );
$pee = preg_replace('/<p>\s*?(' . get_shortcode_regex() . ')\s*<\/p>/s', '$1', $pee); // don't auto-p wrap shortcodes that stand alone
/**
* Checks to see if a string is utf8 encoded.
*
- * @author bmorel at ssi dot fr
+ * NOTE: This function checks for 5-Byte sequences, UTF8
+ * has Bytes Sequences with a maximum length of 4.
*
+ * @author bmorel at ssi dot fr (modified)
* @since 1.2.1
*
- * @param string $Str The string to be checked
- * @return bool True if $Str fits a UTF-8 model, false otherwise.
+ * @param string $str The string to be checked
+ * @return bool True if $str fits a UTF-8 model, false otherwise.
*/
-function seems_utf8($Str) { # by bmorel at ssi dot fr
- $length = strlen($Str);
+function seems_utf8($str) {
+ $length = strlen($str);
for ($i=0; $i < $length; $i++) {
- if (ord($Str[$i]) < 0x80) continue; # 0bbbbbbb
- elseif ((ord($Str[$i]) & 0xE0) == 0xC0) $n=1; # 110bbbbb
- elseif ((ord($Str[$i]) & 0xF0) == 0xE0) $n=2; # 1110bbbb
- elseif ((ord($Str[$i]) & 0xF8) == 0xF0) $n=3; # 11110bbb
- elseif ((ord($Str[$i]) & 0xFC) == 0xF8) $n=4; # 111110bb
- elseif ((ord($Str[$i]) & 0xFE) == 0xFC) $n=5; # 1111110b
+ $c = ord($str[$i]);
+ if ($c < 0x80) $n = 0; # 0bbbbbbb
+ elseif (($c & 0xE0) == 0xC0) $n=1; # 110bbbbb
+ elseif (($c & 0xF0) == 0xE0) $n=2; # 1110bbbb
+ elseif (($c & 0xF8) == 0xF0) $n=3; # 11110bbb
+ elseif (($c & 0xFC) == 0xF8) $n=4; # 111110bb
+ elseif (($c & 0xFE) == 0xFC) $n=5; # 1111110b
else return false; # Does not match any model
for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
- if ((++$i == $length) || ((ord($Str[$i]) & 0xC0) != 0x80))
- return false;
+ if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80))
+ return false;
}
}
return true;
* @param boolean $double_encode Optional. Whether or not to encode existing html entities. Default is false.
* @return string The encoded text with HTML entities.
*/
-function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false )
-{
+function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
$string = (string) $string;
if ( 0 === strlen( $string ) ) {
// Handle double encoding ourselves
if ( !$double_encode ) {
$string = wp_specialchars_decode( $string, $_quote_style );
- $string = preg_replace( '/&(#?x?[0-9]+|[a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string );
+ $string = preg_replace( '/&(#?x?[0-9a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string );
}
$string = @htmlspecialchars( $string, $quote_style, $charset );
* @since 2.8
*
* @param string $string The text which is to be decoded.
- * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
+ * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
* @return string The decoded text without HTML entities.
*/
-function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES )
-{
+function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
$string = (string) $string;
if ( 0 === strlen( $string ) ) {
return $string;
}
- // Match the previous behaviour of wp_specialchars() when the $quote_style is not an accepted value
+ // Match the previous behaviour of _wp_specialchars() when the $quote_style is not an accepted value
if ( empty( $quote_style ) ) {
$quote_style = ENT_NOQUOTES;
} elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
* @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
* @return string The checked text.
*/
-function wp_check_invalid_utf8( $string, $strip = false )
-{
+function wp_check_invalid_utf8( $string, $strip = false ) {
$string = (string) $string;
if ( 0 === strlen( $string ) ) {
}
/**
- * Filters certain characters from the file name.
+ * Sanitizes a filename replacing whitespace with dashes
*
- * Turns all strings to lowercase removing most characters except alphanumeric
- * with spaces, dashes and periods. All spaces and underscores are converted to
- * dashes. Multiple dashes are converted to a single dash. Finally, if the file
- * name ends with a dash, it is removed.
+ * Removes special characters that are illegal in filenames on certain
+ * operating systems and special characters requiring special escaping
+ * to manipulate at the command line. Replaces spaces and consecutive
+ * dashes with a single dash. Trim period, dash and underscore from beginning
+ * and end of filename.
*
* @since 2.1.0
*
- * @param string $name The file name
- * @return string Sanitized file name
+ * @param string $filename The filename to be sanitized
+ * @return string The sanitized filename
*/
-function sanitize_file_name( $name ) { // Like sanitize_title, but with periods
- $name = strtolower( $name );
- $name = preg_replace('/&.+?;/', '', $name); // kill entities
- $name = str_replace( '_', '-', $name );
- $name = preg_replace('/[^a-z0-9\s-.]/', '', $name);
- $name = preg_replace('/\s+/', '-', $name);
- $name = preg_replace('|-+|', '-', $name);
- $name = trim($name, '-');
- return $name;
+function sanitize_file_name( $filename ) {
+ $filename_raw = $filename;
+ $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}");
+ $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
+ $filename = str_replace($special_chars, '', $filename);
+ $filename = preg_replace('/[\s-]+/', '-', $filename);
+ $filename = trim($filename, '.-_');
+ return apply_filters('sanitize_file_name', $filename, $filename_raw);
}
/**
* @return string The sanitized string.
*/
function sanitize_title($title, $fallback_title = '') {
+ $raw_title = $title;
$title = strip_tags($title);
- $title = apply_filters('sanitize_title', $title);
+ $title = apply_filters('sanitize_title', $title, $raw_title);
if ( '' === $title || false === $title )
$title = $fallback_title;
$title = strtolower($title);
$title = preg_replace('/&.+?;/', '', $title); // kill entities
+ $title = str_replace('.', '-', $title);
$title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
$title = preg_replace('/\s+/', '-', $title);
$title = preg_replace('|-+|', '-', $title);
return $orderby;
}
+/**
+ * Santizes a html classname to ensure it only contains valid characters
+ *
+ * Strips the string down to A-Z,a-z,0-9,'-' if this results in an empty
+ * string then it will return the alternative value supplied.
+ *
+ * @todo Expand to support the full range of CDATA that a class attribute can contain.
+ *
+ * @since 2.8.0
+ *
+ * @param string $class The classname to be sanitized
+ * @param string $fallback The value to return if the sanitization end's up as an empty string.
+ * @return string The sanitized value
+ */
+function sanitize_html_class($class, $fallback){
+ //Strip out any % encoded octets
+ $sanitized = preg_replace('|%[a-fA-F0-9][a-fA-F0-9]|', '', $class);
+
+ //Limit to A-Z,a-z,0-9,'-'
+ $sanitized = preg_replace('/[^A-Za-z0-9-]/', '', $sanitized);
+
+ if ('' == $sanitized)
+ $sanitized = $fallback;
+
+ return apply_filters('sanitize_html_class',$sanitized, $class, $fallback);
+}
+
/**
* Converts a number of characters from a string.
*
return $content;
}
+/**
+ * Callback used to change %uXXXX to &#YYY; syntax
+ *
+ * @since 2.8?
+ *
+ * @param array $matches Single Match
+ * @return string An HTML entity
+ */
+function funky_javascript_callback($matches) {
+ return "&#".base_convert($matches[1],16,10).";";
+}
+
/**
* Fixes javascript bugs in browsers.
*
// Fixes for browsers' javascript bugs
global $is_macIE, $is_winIE;
- /** @todo use preg_replace_callback() instead */
if ( $is_winIE || $is_macIE )
- $text = preg_replace("/\%u([0-9A-F]{4,4})/e", "'&#'.base_convert('\\1',16,10).';'", $text);
+ $text = preg_replace_callback("/\%u([0-9A-F]{4,4})/",
+ "funky_javascript_callback",
+ $text);
return $text;
}
// clear the shifter
$tagqueue = '';
// Pop or Push
- if ($regex[1][0] == "/") { // End Tag
+ if ( isset($regex[1][0]) && '/' == $regex[1][0] ) { // End Tag
$tag = strtolower(substr($regex[1],1));
// if too many closing tags
if($stacksize <= 0) {
* @return string HTML A element with URI address.
*/
function _make_url_clickable_cb($matches) {
- $ret = '';
$url = $matches[2];
- $url = clean_url($url);
+ $url = esc_url($url);
if ( empty($url) )
return $matches[0];
- // removed trailing [.,;:] from URL
- if ( in_array(substr($url, -1), array('.', ',', ';', ':')) === true ) {
- $ret = substr($url, -1);
- $url = substr($url, 0, strlen($url)-1);
- }
- return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>" . $ret;
+ return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>";
}
/**
$ret = '';
$dest = $matches[2];
$dest = 'http://' . $dest;
- $dest = clean_url($dest);
+ $dest = esc_url($dest);
if ( empty($dest) )
return $matches[0];
// removed trailing [,;:] from URL
function make_clickable($ret) {
$ret = ' ' . $ret;
// in testing, using arrays here was found to be faster
- $ret = preg_replace_callback('#([\s>])([\w]+?://[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_url_clickable_cb', $ret);
- $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]*)#is', '_make_web_ftp_clickable_cb', $ret);
+ $ret = preg_replace_callback('#(?<=[\s>])(\()?([\w]+?://(?:[\w\\x80-\\xff\#$%&~/\-=?@\[\](+]|[.,;:](?![\s<])|(?(1)\)(?![\s<])|\)))+)#is', '_make_url_clickable_cb', $ret);
+ $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]+)#is', '_make_web_ftp_clickable_cb', $ret);
$ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret);
// this one is not in an array because we need it to run last, for cleanup of accidental links within links
$ret = preg_replace("#(<a( [^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i", "$1$3</a>", $ret);
return "<a $text rel=\"nofollow\">";
}
+
+/**
+ * Convert one smiley code to the icon graphic file equivalent.
+ *
+ * Looks up one smiley code in the $wpsmiliestrans global array and returns an
+ * <img> string for that smiley.
+ *
+ * @global array $wpsmiliestrans
+ * @since 2.8.0
+ *
+ * @param string $smiley Smiley code to convert to image.
+ * @return string Image string for smiley.
+ */
+function translate_smiley($smiley) {
+ global $wpsmiliestrans;
+
+ if (count($smiley) == 0) {
+ return '';
+ }
+
+ $siteurl = get_option( 'siteurl' );
+
+ $smiley = trim(reset($smiley));
+ $img = $wpsmiliestrans[$smiley];
+ $smiley_masked = esc_attr($smiley);
+
+ return " <img src='$siteurl/wp-includes/images/smilies/$img' alt='$smiley_masked' class='wp-smiley' /> ";
+}
+
+
/**
* Convert text equivalent of smilies to images.
*
- * Will only convert smilies if the option 'use_smilies' is true and the globals
- * used in the function aren't empty.
+ * Will only convert smilies if the option 'use_smilies' is true and the global
+ * used in the function isn't empty.
*
* @since 0.71
- * @uses $wp_smiliessearch, $wp_smiliesreplace Smiley replacement arrays.
+ * @uses $wp_smiliessearch
*
* @param string $text Content to convert smilies from text.
* @return string Converted content with text smilies replaced with images.
*/
function convert_smilies($text) {
- global $wp_smiliessearch, $wp_smiliesreplace;
+ global $wp_smiliessearch;
$output = '';
- if ( get_option('use_smilies') && !empty($wp_smiliessearch) && !empty($wp_smiliesreplace) ) {
+ if ( get_option('use_smilies') && !empty($wp_smiliessearch) ) {
// HTML loop taken from texturize function, could possible be consolidated
$textarr = preg_split("/(<.*>)/U", $text, -1, PREG_SPLIT_DELIM_CAPTURE); // capture the tags as well as in between
$stop = count($textarr);// loop stuff
for ($i = 0; $i < $stop; $i++) {
$content = $textarr[$i];
if ((strlen($content) > 0) && ('<' != $content{0})) { // If it's not a tag
- $content = preg_replace($wp_smiliessearch, $wp_smiliesreplace, $content);
+ $content = preg_replace_callback($wp_smiliessearch, 'translate_smiley', $content);
}
$output .= $content;
}
}
/**
- * Checks to see if the text is a valid email address.
+ * Verifies that an email is valid.
+ *
+ * Does not grok i18n domains. Not RFC compliant.
*
* @since 0.71
*
- * @param string $user_email The email address to be checked.
- * @return bool Returns true if valid, otherwise false.
+ * @param string $email Email address to verify.
+ * @param boolean $check_dns Whether to check the DNS for the domain using checkdnsrr().
+ * @return string|bool Either false or the valid email address.
*/
-function is_email($user_email) {
- $chars = "/^([a-z0-9+_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,6}\$/i";
- if (strpos($user_email, '@') !== false && strpos($user_email, '.') !== false) {
- if (preg_match($chars, $user_email)) {
- return true;
- } else {
- return false;
+function is_email( $email, $check_dns = false ) {
+ // Test for the minimum length the email can be
+ if ( strlen( $email ) < 3 ) {
+ return apply_filters( 'is_email', false, $email, 'email_too_short' );
+ }
+
+ // Test for an @ character after the first position
+ if ( strpos( $email, '@', 1 ) === false ) {
+ return apply_filters( 'is_email', false, $email, 'email_no_at' );
+ }
+
+ // Split out the local and domain parts
+ list( $local, $domain ) = explode( '@', $email, 2 );
+
+ // LOCAL PART
+ // Test for invalid characters
+ if ( !preg_match( '/^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+$/', $local ) ) {
+ return apply_filters( 'is_email', false, $email, 'local_invalid_chars' );
+ }
+
+ // DOMAIN PART
+ // Test for sequences of periods
+ if ( preg_match( '/\.{2,}/', $domain ) ) {
+ return apply_filters( 'is_email', false, $email, 'domain_period_sequence' );
+ }
+
+ // Test for leading and trailing periods and whitespace
+ if ( trim( $domain, " \t\n\r\0\x0B." ) !== $domain ) {
+ return apply_filters( 'is_email', false, $email, 'domain_period_limits' );
+ }
+
+ // Split the domain into subs
+ $subs = explode( '.', $domain );
+
+ // Assume the domain will have at least two subs
+ if ( 2 > count( $subs ) ) {
+ return apply_filters( 'is_email', false, $email, 'domain_no_periods' );
+ }
+
+ // Loop through each sub
+ foreach ( $subs as $sub ) {
+ // Test for leading and trailing hyphens and whitespace
+ if ( trim( $sub, " \t\n\r\0\x0B-" ) !== $sub ) {
+ return apply_filters( 'is_email', false, $email, 'sub_hyphen_limits' );
+ }
+
+ // Test for invalid characters
+ if ( !preg_match('/^[a-z0-9-]+$/i', $sub ) ) {
+ return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' );
}
- } else {
- return false;
}
+
+ // DNS
+ // Check the domain has a valid MX and A resource record
+ if ( $check_dns && function_exists( 'checkdnsrr' ) && !( checkdnsrr( $domain . '.', 'MX' ) || checkdnsrr( $domain . '.', 'A' ) ) ) {
+ return apply_filters( 'is_email', false, $email, 'dns_no_rr' );
+ }
+
+ // Congratulations your email made it!
+ return apply_filters( 'is_email', $email, $email, null );
}
/**
* @param string $email Email address to filter.
* @return string Filtered email address.
*/
-function sanitize_email($email) {
- return preg_replace('/[^a-z0-9+_.@-]/i', '', $email);
+function sanitize_email( $email ) {
+ // Test for the minimum length the email can be
+ if ( strlen( $email ) < 3 ) {
+ return apply_filters( 'sanitize_email', '', $email, 'email_too_short' );
+ }
+
+ // Test for an @ character after the first position
+ if ( strpos( $email, '@', 1 ) === false ) {
+ return apply_filters( 'sanitize_email', '', $email, 'email_no_at' );
+ }
+
+ // Split out the local and domain parts
+ list( $local, $domain ) = explode( '@', $email, 2 );
+
+ // LOCAL PART
+ // Test for invalid characters
+ $local = preg_replace( '/[^a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]/', '', $local );
+ if ( '' === $local ) {
+ return apply_filters( 'sanitize_email', '', $email, 'local_invalid_chars' );
+ }
+
+ // DOMAIN PART
+ // Test for sequences of periods
+ $domain = preg_replace( '/\.{2,}/', '', $domain );
+ if ( '' === $domain ) {
+ return apply_filters( 'sanitize_email', '', $email, 'domain_period_sequence' );
+ }
+
+ // Test for leading and trailing periods and whitespace
+ $domain = trim( $domain, " \t\n\r\0\x0B." );
+ if ( '' === $domain ) {
+ return apply_filters( 'sanitize_email', '', $email, 'domain_period_limits' );
+ }
+
+ // Split the domain into subs
+ $subs = explode( '.', $domain );
+
+ // Assume the domain will have at least two subs
+ if ( 2 > count( $subs ) ) {
+ return apply_filters( 'sanitize_email', '', $email, 'domain_no_periods' );
+ }
+
+ // Create an array that will contain valid subs
+ $new_subs = array();
+
+ // Loop through each sub
+ foreach ( $subs as $sub ) {
+ // Test for leading and trailing hyphens
+ $sub = trim( $sub, " \t\n\r\0\x0B-" );
+
+ // Test for invalid characters
+ $sub = preg_replace( '/^[^a-z0-9-]+$/i', '', $sub );
+
+ // If there's anything left, add it to the valid subs
+ if ( '' !== $sub ) {
+ $new_subs[] = $sub;
+ }
+ }
+
+ // If there aren't 2 or more valid subs
+ if ( 2 > count( $new_subs ) ) {
+ return apply_filters( 'sanitize_email', '', $email, 'domain_no_valid_subs' );
+ }
+
+ // Join valid subs into the new domain
+ $domain = join( '.', $new_subs );
+
+ // Put the email back together
+ $email = $local . '@' . $domain;
+
+ // Congratulations your email made it!
+ return apply_filters( 'sanitize_email', $email, $email, null );
}
/**
if ($mins <= 1) {
$mins = 1;
}
- $since = sprintf(__ngettext('%s min', '%s mins', $mins), $mins);
+ $since = sprintf(_n('%s min', '%s mins', $mins), $mins);
} else if (($diff <= 86400) && ($diff > 3600)) {
$hours = round($diff / 3600);
if ($hours <= 1) {
$hours = 1;
}
- $since = sprintf(__ngettext('%s hour', '%s hours', $hours), $hours);
+ $since = sprintf(_n('%s hour', '%s hours', $hours), $hours);
} elseif ($diff >= 86400) {
$days = round($diff / 86400);
if ($days <= 1) {
$days = 1;
}
- $since = sprintf(__ngettext('%s day', '%s days', $days), $days);
+ $since = sprintf(_n('%s day', '%s days', $days), $days);
}
return $since;
}
* @return string The excerpt.
*/
function wp_trim_excerpt($text) {
+ $raw_excerpt = $text;
if ( '' == $text ) {
$text = get_the_content('');
$text = implode(' ', $words);
}
}
- return $text;
+ return apply_filters('wp_trim_excerpt', $text, $raw_excerpt);
}
/**
* Checks and cleans a URL.
*
* A number of characters are removed from the URL. If the URL is for displaying
- * (the default behaviour) amperstands are also replaced. The 'clean_url' filter
+ * (the default behaviour) amperstands are also replaced. The 'esc_url' filter
* is applied to the returned cleaned URL.
*
* @since 1.2.0
$original_url = $url;
if ('' == $url) return $url;
- $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$*\'()\\x80-\\xff]|i', '', $url);
- $strip = array('%0d', '%0a');
- $url = str_replace($strip, '', $url);
+ $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
+ $strip = array('%0d', '%0a', '%0D', '%0A');
+ $url = _deep_replace($strip, $url);
$url = str_replace(';//', '://', $url);
/* If the URL doesn't appear to contain a scheme, we
* presume it needs http:// appended (unless a relative
* link starting with / or a php file).
*/
if ( strpos($url, ':') === false &&
- substr( $url, 0, 1 ) != '/' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
+ substr( $url, 0, 1 ) != '/' && substr( $url, 0, 1 ) != '#' && !preg_match('/^[a-z0-9-]+?\.php/i', $url) )
$url = 'http://' . $url;
// Replace ampersands and single quotes only when displaying.
}
/**
- * Performs clean_url() for database usage.
+ * Perform a deep string replace operation to ensure the values in $search are no longer present
+ *
+ * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values
+ * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that
+ * str_replace would return
+ *
+ * @since 2.8.1
+ * @access private
+ *
+ * @param string|array $search
+ * @param string $subject
+ * @return string The processed string
+ */
+function _deep_replace($search, $subject){
+ $found = true;
+ while($found) {
+ $found = false;
+ foreach( (array) $search as $val ) {
+ while(strpos($subject, $val) !== false) {
+ $found = true;
+ $subject = str_replace($val, '', $subject);
+ }
+ }
+ }
+
+ return $subject;
+}
+
+/**
+ * Escapes data for use in a MySQL query
+ *
+ * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
+ *
+ * @since 2.8.0
+ * @param string $sql Unescaped SQL data
+ * @return string The cleaned $sql
+ */
+function esc_sql( $sql ) {
+ global $wpdb;
+ return $wpdb->escape( $sql );
+}
+
+
+/**
+ * Checks and cleans a URL.
+ *
+ * A number of characters are removed from the URL. If the URL is for displaying
+ * (the default behaviour) amperstands are also replaced. The 'esc_url' filter
+ * is applied to the returned cleaned URL.
+ *
+ * @since 2.8.0
+ * @uses esc_url()
+ * @uses wp_kses_bad_protocol() To only permit protocols in the URL set
+ * via $protocols or the common ones set in the function.
+ *
+ * @param string $url The URL to be cleaned.
+ * @param array $protocols Optional. An array of acceptable protocols.
+ * Defaults to 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet' if not set.
+ * @return string The cleaned $url after the 'cleaned_url' filter is applied.
+ */
+function esc_url( $url, $protocols = null ) {
+ return clean_url( $url, $protocols, 'display' );
+}
+
+/**
+ * Performs esc_url() for database usage.
+ *
+ * @see esc_url()
+ * @see esc_url()
+ *
+ * @since 2.8.0
+ *
+ * @param string $url The URL to be cleaned.
+ * @param array $protocols An array of acceptable protocols.
+ * @return string The cleaned URL.
+ */
+function esc_url_raw( $url, $protocols = null ) {
+ return clean_url( $url, $protocols, 'db' );
+}
+
+/**
+ * Performs esc_url() for database or redirect usage.
*
- * @see clean_url()
+ * @see esc_url()
+ * @deprecated 2.8.0
*
* @since 2.3.1
*
*
* The filter 'js_escape' is also applied here.
*
- * @since 2.0.4
+ * @since 2.8.0
*
* @param string $text The text to be escaped.
* @return string Escaped text.
*/
-function js_escape($text) {
+function esc_js( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
- $safe_text = wp_specialchars( $safe_text, ENT_COMPAT );
+ $safe_text = _wp_specialchars( $safe_text, ENT_COMPAT );
$safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) );
$safe_text = preg_replace( "/\r?\n/", "\\n", addslashes( $safe_text ) );
return apply_filters( 'js_escape', $safe_text, $text );
}
+/**
+ * Escape single quotes, specialchar double quotes, and fix line endings.
+ *
+ * The filter 'js_escape' is also applied by esc_js()
+ *
+ * @since 2.0.4
+ *
+ * @deprecated 2.8.0
+ * @see esc_js()
+ *
+ * @param string $text The text to be escaped.
+ * @return string Escaped text.
+ */
+function js_escape( $text ) {
+ return esc_js( $text );
+}
+
+/**
+ * Escaping for HTML blocks.
+ *
+ * @since 2.8.0
+ *
+ * @param string $text
+ * @return string
+ */
+function esc_html( $text ) {
+ $safe_text = wp_check_invalid_utf8( $text );
+ $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
+ return apply_filters( 'esc_html', $safe_text, $text );
+ return $text;
+}
+
+/**
+ * Escaping for HTML blocks
+ * @deprecated 2.8.0
+ * @see esc_html()
+ */
+function wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
+ if ( func_num_args() > 1 ) { // Maintain backwards compat for people passing additional args
+ $args = func_get_args();
+ return call_user_func_array( '_wp_specialchars', $args );
+ } else {
+ return esc_html( $string );
+ }
+}
+
/**
* Escaping for HTML attributes.
*
- * @since 2.0.6
+ * @since 2.8.0
*
* @param string $text
* @return string
*/
-function attribute_escape( $text ) {
+function esc_attr( $text ) {
$safe_text = wp_check_invalid_utf8( $text );
- $safe_text = wp_specialchars( $safe_text, ENT_QUOTES );
+ $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES );
return apply_filters( 'attribute_escape', $safe_text, $text );
}
+/**
+ * Escaping for HTML attributes.
+ *
+ * @since 2.0.6
+ *
+ * @deprecated 2.8.0
+ * @see esc_attr()
+ *
+ * @param string $text
+ * @return string
+ */
+function attribute_escape( $text ) {
+ return esc_attr( $text );
+}
+
/**
* Escape a HTML tag name.
*
$value = addslashes($value);
$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
$value = stripslashes($value);
- $value = wp_specialchars( $value );
+ $value = esc_html( $value );
break;
case 'blog_charset':
case 'siteurl':
case 'home':
$value = stripslashes($value);
- $value = clean_url($value);
+ $value = esc_url($value);
break;
default :
$value = apply_filters("sanitize_option_{$option}", $value, $option);
/**
* Callback function used by preg_replace.
*
- * @uses wp_specialchars to format the $matches text.
+ * @uses esc_html to format the $matches text.
* @since 2.3.0
*
* @param array $matches Populated by matches to preg_replace.
- * @return string The text returned after wp_specialchars if needed.
+ * @return string The text returned after esc_html if needed.
*/
function wp_pre_kses_less_than_callback( $matches ) {
if ( false === strpos($matches[0], '>') )
- return wp_specialchars($matches[0]);
+ return esc_html($matches[0]);
return $matches[0];
}
// Translate and filter the delimiter set (avoid ampersands and entities here)
$l = apply_filters('wp_sprintf_l', array(
- 'between' => _c(', |between list items'),
- 'between_last_two' => _c(', and |between last two list items'),
- 'between_only_two' => _c(' and |between only two list items'),
+ /* translators: used between list items, there is a space after the coma */
+ 'between' => __(', '),
+ /* translators: used between list items, there is a space after the and */
+ 'between_last_two' => __(', and '),
+ /* translators: used between only two list items, there is a space after the and */
+ 'between_only_two' => __(' and '),
));
$args = (array) $args;
while ( $i ) {
$arg = array_shift($args);
$i--;
- if ( $i == 1 )
+ if ( 0 == $i )
$result .= $l['between_last_two'] . $arg;
else
$result .= $l['between'] . $arg;
*/
function wp_html_excerpt( $str, $count ) {
$str = strip_tags( $str );
- $str = mb_strcut( $str, 0, $count );
+ $str = mb_substr( $str, 0, $count );
// remove part of an entity at the end
$str = preg_replace( '/&[^;\s]{0,6}$/', '', $str );
return $str;