+ $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
+
+ $username = trim( $username );
+ // Consolidate contiguous whitespace
+ $username = preg_replace( '|\s+|', ' ', $username );
+
+ /**
+ * Filter a sanitized username string.
+ *
+ * @since 2.0.1
+ *
+ * @param string $username Sanitized username.
+ * @param string $raw_username The username prior to sanitization.
+ * @param bool $strict Whether to limit the sanitization to specific characters. Default false.
+ */
+ return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
+}
+
+/**
+ * Sanitizes a string key.
+ *
+ * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.
+ *
+ * @since 3.0.0
+ *
+ * @param string $key String key
+ * @return string Sanitized key
+ */
+function sanitize_key( $key ) {
+ $raw_key = $key;
+ $key = strtolower( $key );
+ $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
+
+ /**
+ * Filter a sanitized key string.
+ *
+ * @since 3.0.0
+ *
+ * @param string $key Sanitized key.
+ * @param string $raw_key The key prior to sanitization.
+ */
+ return apply_filters( 'sanitize_key', $key, $raw_key );
+}
+
+/**
+ * Sanitizes a title, or returns a fallback title.
+ *
+ * Specifically, HTML and PHP tags are stripped. Further actions can be added
+ * via the plugin API. If $title is empty and $fallback_title is set, the latter
+ * will be used.
+ *
+ * @since 1.0.0
+ *
+ * @param string $title The string to be sanitized.
+ * @param string $fallback_title Optional. A title to use if $title is empty.
+ * @param string $context Optional. The operation for which the string is sanitized
+ * @return string The sanitized string.
+ */
+function sanitize_title( $title, $fallback_title = '', $context = 'save' ) {
+ $raw_title = $title;
+
+ if ( 'save' == $context )
+ $title = remove_accents($title);
+
+ /**
+ * Filter a sanitized title string.
+ *
+ * @since 1.2.0
+ *
+ * @param string $title Sanitized title.
+ * @param string $raw_title The title prior to sanitization.
+ * @param string $context The context for which the title is being sanitized.
+ */
+ $title = apply_filters( 'sanitize_title', $title, $raw_title, $context );
+
+ if ( '' === $title || false === $title )
+ $title = $fallback_title;
+
+ return $title;
+}
+
+/**
+ * Sanitizes a title with the 'query' context.
+ *
+ * Used for querying the database for a value from URL.
+ *
+ * @since 3.1.0
+ *
+ * @param string $title The string to be sanitized.
+ * @return string The sanitized string.
+ */
+function sanitize_title_for_query( $title ) {
+ return sanitize_title( $title, '', 'query' );
+}
+
+/**
+ * Sanitizes a title, replacing whitespace and a few other characters with dashes.
+ *
+ * Limits the output to alphanumeric characters, underscore (_) and dash (-).
+ * Whitespace becomes a dash.
+ *
+ * @since 1.2.0
+ *
+ * @param string $title The title to be sanitized.
+ * @param string $raw_title Optional. Not used.
+ * @param string $context Optional. The operation for which the string is sanitized.
+ * @return string The sanitized title.
+ */
+function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) {
+ $title = strip_tags($title);
+ // Preserve escaped octets.
+ $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
+ // Remove percent signs that are not part of an octet.
+ $title = str_replace('%', '', $title);
+ // Restore octets.
+ $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
+
+ if (seems_utf8($title)) {
+ if (function_exists('mb_strtolower')) {
+ $title = mb_strtolower($title, 'UTF-8');
+ }
+ $title = utf8_uri_encode($title, 200);
+ }
+
+ $title = strtolower($title);
+ $title = preg_replace('/&.+?;/', '', $title); // kill entities
+ $title = str_replace('.', '-', $title);
+
+ if ( 'save' == $context ) {
+ // Convert nbsp, ndash and mdash to hyphens
+ $title = str_replace( array( '%c2%a0', '%e2%80%93', '%e2%80%94' ), '-', $title );
+
+ // Strip these characters entirely
+ $title = str_replace( array(
+ // iexcl and iquest
+ '%c2%a1', '%c2%bf',
+ // angle quotes
+ '%c2%ab', '%c2%bb', '%e2%80%b9', '%e2%80%ba',
+ // curly quotes
+ '%e2%80%98', '%e2%80%99', '%e2%80%9c', '%e2%80%9d',
+ '%e2%80%9a', '%e2%80%9b', '%e2%80%9e', '%e2%80%9f',
+ // copy, reg, deg, hellip and trade
+ '%c2%a9', '%c2%ae', '%c2%b0', '%e2%80%a6', '%e2%84%a2',
+ // acute accents
+ '%c2%b4', '%cb%8a', '%cc%81', '%cd%81',
+ // grave accent, macron, caron
+ '%cc%80', '%cc%84', '%cc%8c',
+ ), '', $title );
+
+ // Convert times to x
+ $title = str_replace( '%c3%97', 'x', $title );
+ }
+
+ $title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
+ $title = preg_replace('/\s+/', '-', $title);
+ $title = preg_replace('|-+|', '-', $title);
+ $title = trim($title, '-');
+
+ return $title;
+}
+
+/**
+ * Ensures a string is a valid SQL 'order by' clause.
+ *
+ * Accepts one or more columns, with or without a sort order (ASC / DESC).
+ * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.
+ *
+ * Also accepts 'RAND()'.
+ *
+ * @since 2.5.1
+ *
+ * @param string $orderby Order by clause to be validated.
+ * @return string|false Returns $orderby if valid, false otherwise.
+ */
+function sanitize_sql_orderby( $orderby ) {
+ if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) {
+ return $orderby;
+ }
+ return false;
+}
+
+/**
+ * Sanitizes an HTML classname to ensure it only contains valid characters.
+ *
+ * Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty
+ * string then it will return the alternative value supplied.
+ *
+ * @todo Expand to support the full range of CDATA that a class attribute can contain.
+ *
+ * @since 2.8.0
+ *
+ * @param string $class The classname to be sanitized
+ * @param string $fallback Optional. The value to return if the sanitization ends up as an empty string.
+ * Defaults to an empty string.
+ * @return string The sanitized value
+ */
+function sanitize_html_class( $class, $fallback = '' ) {
+ //Strip out any % encoded octets
+ $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );
+
+ //Limit to A-Z,a-z,0-9,_,-
+ $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );
+
+ if ( '' == $sanitized && $fallback ) {
+ return sanitize_html_class( $fallback );
+ }
+ /**
+ * Filter a sanitized HTML class string.
+ *
+ * @since 2.8.0
+ *
+ * @param string $sanitized The sanitized HTML class.
+ * @param string $class HTML class before sanitization.
+ * @param string $fallback The fallback string.
+ */
+ return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
+}
+
+/**
+ * Converts lone & characters into `&` (a.k.a. `&`)
+ *
+ * @since 0.71
+ *
+ * @param string $content String of characters to be converted.
+ * @param string $deprecated Not used.
+ * @return string Converted string.
+ */
+function convert_chars( $content, $deprecated = '' ) {
+ if ( ! empty( $deprecated ) ) {
+ _deprecated_argument( __FUNCTION__, '0.71' );
+ }
+
+ if ( strpos( $content, '&' ) !== false ) {
+ $content = preg_replace( '/&([^#])(?![a-z1-4]{1,8};)/i', '&$1', $content );
+ }
+
+ return $content;
+}
+
+/**
+ * Converts invalid Unicode references range to valid range.
+ *
+ * @since 4.3.0
+ *
+ * @param string $content String with entities that need converting.
+ * @return string Converted string.
+ */
+function convert_invalid_entities( $content ) {
+ $wp_htmltranswinuni = array(
+ '€' => '€', // the Euro sign
+ '' => '',
+ '‚' => '‚', // these are Windows CP1252 specific characters
+ 'ƒ' => 'ƒ', // they would look weird on non-Windows browsers
+ '„' => '„',
+ '…' => '…',
+ '†' => '†',
+ '‡' => '‡',
+ 'ˆ' => 'ˆ',
+ '‰' => '‰',
+ 'Š' => 'Š',
+ '‹' => '‹',
+ 'Œ' => 'Œ',
+ '' => '',
+ 'Ž' => 'Ž',
+ '' => '',
+ '' => '',
+ '‘' => '‘',
+ '’' => '’',
+ '“' => '“',
+ '”' => '”',
+ '•' => '•',
+ '–' => '–',
+ '—' => '—',
+ '˜' => '˜',
+ '™' => '™',
+ 'š' => 'š',
+ '›' => '›',
+ 'œ' => 'œ',
+ '' => '',
+ 'ž' => 'ž',
+ 'Ÿ' => 'Ÿ'
+ );
+
+ if ( strpos( $content, '' ) !== false ) {
+ $content = strtr( $content, $wp_htmltranswinuni );
+ }
+
+ return $content;
+}
+
+/**
+ * Balances tags if forced to, or if the 'use_balanceTags' option is set to true.
+ *
+ * @since 0.71
+ *
+ * @param string $text Text to be balanced
+ * @param bool $force If true, forces balancing, ignoring the value of the option. Default false.
+ * @return string Balanced text
+ */
+function balanceTags( $text, $force = false ) {
+ if ( $force || get_option('use_balanceTags') == 1 ) {
+ return force_balance_tags( $text );
+ } else {
+ return $text;
+ }
+}
+
+/**
+ * Balances tags of string using a modified stack.
+ *
+ * @since 2.0.4
+ *
+ * @author Leonard Lin <leonard@acm.org>
+ * @license GPL
+ * @copyright November 4, 2001
+ * @version 1.1
+ * @todo Make better - change loop condition to $text in 1.2
+ * @internal Modified by Scott Reilly (coffee2code) 02 Aug 2004
+ * 1.1 Fixed handling of append/stack pop order of end text
+ * Added Cleaning Hooks
+ * 1.0 First Version
+ *
+ * @param string $text Text to be balanced.
+ * @return string Balanced text.
+ */
+function force_balance_tags( $text ) {
+ $tagstack = array();
+ $stacksize = 0;
+ $tagqueue = '';
+ $newtext = '';
+ // Known single-entity/self-closing tags
+ $single_tags = array( 'area', 'base', 'basefont', 'br', 'col', 'command', 'embed', 'frame', 'hr', 'img', 'input', 'isindex', 'link', 'meta', 'param', 'source' );
+ // Tags that can be immediately nested within themselves
+ $nestable_tags = array( 'blockquote', 'div', 'object', 'q', 'span' );
+
+ // WP bug fix for comments - in case you REALLY meant to type '< !--'
+ $text = str_replace('< !--', '< !--', $text);
+ // WP bug fix for LOVE <3 (and other situations with '<' before a number)
+ $text = preg_replace('#<([0-9]{1})#', '<$1', $text);
+
+ while ( preg_match("/<(\/?[\w:]*)\s*([^>]*)>/", $text, $regex) ) {
+ $newtext .= $tagqueue;
+
+ $i = strpos($text, $regex[0]);
+ $l = strlen($regex[0]);
+
+ // clear the shifter
+ $tagqueue = '';
+ // Pop or Push
+ if ( isset($regex[1][0]) && '/' == $regex[1][0] ) { // End Tag
+ $tag = strtolower(substr($regex[1],1));
+ // if too many closing tags
+ if ( $stacksize <= 0 ) {
+ $tag = '';
+ // or close to be safe $tag = '/' . $tag;
+ }
+ // if stacktop value = tag close value then pop
+ elseif ( $tagstack[$stacksize - 1] == $tag ) { // found closing tag
+ $tag = '</' . $tag . '>'; // Close Tag
+ // Pop
+ array_pop( $tagstack );
+ $stacksize--;
+ } else { // closing tag not at top, search for it
+ for ( $j = $stacksize-1; $j >= 0; $j-- ) {
+ if ( $tagstack[$j] == $tag ) {
+ // add tag to tagqueue
+ for ( $k = $stacksize-1; $k >= $j; $k--) {
+ $tagqueue .= '</' . array_pop( $tagstack ) . '>';
+ $stacksize--;
+ }
+ break;
+ }
+ }
+ $tag = '';
+ }
+ } else { // Begin Tag
+ $tag = strtolower($regex[1]);
+
+ // Tag Cleaning
+
+ // If it's an empty tag "< >", do nothing
+ if ( '' == $tag ) {
+ // do nothing
+ }
+ // ElseIf it presents itself as a self-closing tag...
+ elseif ( substr( $regex[2], -1 ) == '/' ) {
+ // ...but it isn't a known single-entity self-closing tag, then don't let it be treated as such and
+ // immediately close it with a closing tag (the tag will encapsulate no text as a result)
+ if ( ! in_array( $tag, $single_tags ) )
+ $regex[2] = trim( substr( $regex[2], 0, -1 ) ) . "></$tag";
+ }
+ // ElseIf it's a known single-entity tag but it doesn't close itself, do so
+ elseif ( in_array($tag, $single_tags) ) {
+ $regex[2] .= '/';
+ }
+ // Else it's not a single-entity tag
+ else {
+ // If the top of the stack is the same as the tag we want to push, close previous tag
+ if ( $stacksize > 0 && !in_array($tag, $nestable_tags) && $tagstack[$stacksize - 1] == $tag ) {
+ $tagqueue = '</' . array_pop( $tagstack ) . '>';
+ $stacksize--;
+ }
+ $stacksize = array_push( $tagstack, $tag );
+ }
+
+ // Attributes
+ $attributes = $regex[2];
+ if ( ! empty( $attributes ) && $attributes[0] != '>' )
+ $attributes = ' ' . $attributes;
+
+ $tag = '<' . $tag . $attributes . '>';
+ //If already queuing a close tag, then put this tag on, too
+ if ( !empty($tagqueue) ) {
+ $tagqueue .= $tag;
+ $tag = '';
+ }
+ }
+ $newtext .= substr($text, 0, $i) . $tag;
+ $text = substr($text, $i + $l);
+ }
+
+ // Clear Tag Queue
+ $newtext .= $tagqueue;
+
+ // Add Remaining text
+ $newtext .= $text;
+
+ // Empty Stack
+ while( $x = array_pop($tagstack) )
+ $newtext .= '</' . $x . '>'; // Add remaining tags to close
+
+ // WP fix for the bug with HTML comments
+ $newtext = str_replace("< !--","<!--",$newtext);
+ $newtext = str_replace("< !--","< !--",$newtext);
+
+ return $newtext;
+}
+
+/**
+ * Acts on text which is about to be edited.
+ *
+ * The $content is run through esc_textarea(), which uses htmlspecialchars()
+ * to convert special characters to HTML entities. If $richedit is set to true,
+ * it is simply a holder for the 'format_to_edit' filter.
+ *
+ * @since 0.71
+ * @since 4.4.0 The `$richedit` parameter was renamed to `$rich_text` for clarity.
+ *
+ * @param string $content The text about to be edited.
+ * @param bool $rich_text Optional. Whether `$content` should be considered rich text,
+ * in which case it would not be passed through esc_textarea().
+ * Default false.
+ * @return string The text after the filter (and possibly htmlspecialchars()) has been run.
+ */
+function format_to_edit( $content, $rich_text = false ) {
+ /**
+ * Filter the text to be formatted for editing.
+ *
+ * @since 1.2.0
+ *
+ * @param string $content The text, prior to formatting for editing.
+ */
+ $content = apply_filters( 'format_to_edit', $content );
+ if ( ! $rich_text )
+ $content = esc_textarea( $content );
+ return $content;
+}
+
+/**
+ * Add leading zeros when necessary.
+ *
+ * If you set the threshold to '4' and the number is '10', then you will get
+ * back '0010'. If you set the threshold to '4' and the number is '5000', then you
+ * will get back '5000'.
+ *
+ * Uses sprintf to append the amount of zeros based on the $threshold parameter
+ * and the size of the number. If the number is large enough, then no zeros will
+ * be appended.
+ *
+ * @since 0.71
+ *
+ * @param int $number Number to append zeros to if not greater than threshold.
+ * @param int $threshold Digit places number needs to be to not have zeros added.
+ * @return string Adds leading zeros to number if needed.
+ */
+function zeroise( $number, $threshold ) {
+ return sprintf( '%0' . $threshold . 's', $number );
+}
+
+/**
+ * Adds backslashes before letters and before a number at the start of a string.
+ *
+ * @since 0.71
+ *
+ * @param string $string Value to which backslashes will be added.
+ * @return string String with backslashes inserted.
+ */
+function backslashit( $string ) {
+ if ( isset( $string[0] ) && $string[0] >= '0' && $string[0] <= '9' )
+ $string = '\\\\' . $string;
+ return addcslashes( $string, 'A..Za..z' );
+}
+
+/**
+ * Appends a trailing slash.
+ *
+ * Will remove trailing forward and backslashes if it exists already before adding
+ * a trailing forward slash. This prevents double slashing a string or path.
+ *
+ * The primary use of this is for paths and thus should be used for paths. It is
+ * not restricted to paths and offers no specific path support.
+ *
+ * @since 1.2.0
+ *
+ * @param string $string What to add the trailing slash to.
+ * @return string String with trailing slash added.
+ */
+function trailingslashit( $string ) {
+ return untrailingslashit( $string ) . '/';
+}
+
+/**
+ * Removes trailing forward slashes and backslashes if they exist.
+ *
+ * The primary use of this is for paths and thus should be used for paths. It is
+ * not restricted to paths and offers no specific path support.
+ *
+ * @since 2.2.0
+ *
+ * @param string $string What to remove the trailing slashes from.
+ * @return string String without the trailing slashes.
+ */
+function untrailingslashit( $string ) {
+ return rtrim( $string, '/\\' );
+}
+
+/**
+ * Adds slashes to escape strings.
+ *
+ * Slashes will first be removed if magic_quotes_gpc is set, see {@link
+ * http://www.php.net/magic_quotes} for more details.
+ *
+ * @since 0.71
+ *
+ * @param string $gpc The string returned from HTTP request data.
+ * @return string Returns a string escaped with slashes.
+ */
+function addslashes_gpc($gpc) {
+ if ( get_magic_quotes_gpc() )
+ $gpc = stripslashes($gpc);
+
+ return wp_slash($gpc);
+}
+
+/**
+ * Navigates through an array, object, or scalar, and removes slashes from the values.
+ *
+ * @since 2.0.0
+ *
+ * @param mixed $value The value to be stripped.
+ * @return mixed Stripped value.
+ */
+function stripslashes_deep( $value ) {
+ return map_deep( $value, 'stripslashes_from_strings_only' );
+}
+
+/**
+ * Callback function for `stripslashes_deep()` which strips slashes from strings.
+ *
+ * @since 4.4.0
+ *
+ * @param mixed $value The array or string to be stripped.
+ * @return mixed $value The stripped value.
+ */
+function stripslashes_from_strings_only( $value ) {
+ return is_string( $value ) ? stripslashes( $value ) : $value;
+}
+
+/**
+ * Navigates through an array, object, or scalar, and encodes the values to be used in a URL.
+ *
+ * @since 2.2.0
+ *
+ * @param mixed $value The array or string to be encoded.
+ * @return mixed $value The encoded value.
+ */
+function urlencode_deep( $value ) {
+ return map_deep( $value, 'urlencode' );
+}
+
+/**
+ * Navigates through an array, object, or scalar, and raw-encodes the values to be used in a URL.
+ *
+ * @since 3.4.0
+ *
+ * @param mixed $value The array or string to be encoded.
+ * @return mixed $value The encoded value.
+ */
+function rawurlencode_deep( $value ) {
+ return map_deep( $value, 'rawurlencode' );
+}
+
+/**
+ * Navigates through an array, object, or scalar, and decodes URL-encoded values
+ *
+ * @since 4.4.0
+ *
+ * @param mixed $value The array or string to be decoded.
+ * @return mixed $value The decoded value.
+ */
+function urldecode_deep( $value ) {
+ return map_deep( $value, 'urldecode' );
+}
+
+/**
+ * Converts email addresses characters to HTML entities to block spam bots.
+ *
+ * @since 0.71
+ *
+ * @param string $email_address Email address.
+ * @param int $hex_encoding Optional. Set to 1 to enable hex encoding.
+ * @return string Converted email address.
+ */
+function antispambot( $email_address, $hex_encoding = 0 ) {
+ $email_no_spam_address = '';
+ for ( $i = 0, $len = strlen( $email_address ); $i < $len; $i++ ) {
+ $j = rand( 0, 1 + $hex_encoding );
+ if ( $j == 0 ) {
+ $email_no_spam_address .= '&#' . ord( $email_address[$i] ) . ';';
+ } elseif ( $j == 1 ) {
+ $email_no_spam_address .= $email_address[$i];
+ } elseif ( $j == 2 ) {
+ $email_no_spam_address .= '%' . zeroise( dechex( ord( $email_address[$i] ) ), 2 );
+ }
+ }
+
+ return str_replace( '@', '@', $email_no_spam_address );
+}
+
+/**
+ * Callback to convert URI match to HTML A element.
+ *
+ * This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
+ * make_clickable()}.
+ *
+ * @since 2.3.2
+ * @access private
+ *
+ * @param array $matches Single Regex Match.
+ * @return string HTML A element with URI address.
+ */
+function _make_url_clickable_cb( $matches ) {
+ $url = $matches[2];
+
+ if ( ')' == $matches[3] && strpos( $url, '(' ) ) {
+ // If the trailing character is a closing parethesis, and the URL has an opening parenthesis in it, add the closing parenthesis to the URL.
+ // Then we can let the parenthesis balancer do its thing below.
+ $url .= $matches[3];
+ $suffix = '';
+ } else {
+ $suffix = $matches[3];
+ }
+
+ // Include parentheses in the URL only if paired
+ while ( substr_count( $url, '(' ) < substr_count( $url, ')' ) ) {
+ $suffix = strrchr( $url, ')' ) . $suffix;
+ $url = substr( $url, 0, strrpos( $url, ')' ) );
+ }
+
+ $url = esc_url($url);
+ if ( empty($url) )
+ return $matches[0];
+
+ return $matches[1] . "<a href=\"$url\" rel=\"nofollow\">$url</a>" . $suffix;
+}
+
+/**
+ * Callback to convert URL match to HTML A element.
+ *
+ * This function was backported from 2.5.0 to 2.3.2. Regex callback for {@link
+ * make_clickable()}.
+ *
+ * @since 2.3.2
+ * @access private
+ *
+ * @param array $matches Single Regex Match.
+ * @return string HTML A element with URL address.
+ */
+function _make_web_ftp_clickable_cb( $matches ) {
+ $ret = '';
+ $dest = $matches[2];
+ $dest = 'http://' . $dest;
+
+ // removed trailing [.,;:)] from URL
+ if ( in_array( substr($dest, -1), array('.', ',', ';', ':', ')') ) === true ) {
+ $ret = substr($dest, -1);
+ $dest = substr($dest, 0, strlen($dest)-1);
+ }
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff