+/**
+ * Properly strip all HTML tags including script and style
+ *
+ * This differs from strip_tags() because it removes the contents of
+ * the `<script>` and `<style>` tags. E.g. `strip_tags( '<script>something</script>' )`
+ * will return 'something'. wp_strip_all_tags will return ''
+ *
+ * @since 2.9.0
+ *
+ * @param string $string String containing HTML tags
+ * @param bool $remove_breaks optional Whether to remove left over line breaks and white space chars
+ * @return string The processed string.
+ */
+function wp_strip_all_tags($string, $remove_breaks = false) {
+ $string = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $string );
+ $string = strip_tags($string);
+
+ if ( $remove_breaks )
+ $string = preg_replace('/[\r\n\t ]+/', ' ', $string);
+
+ return trim( $string );
+}
+
+/**
+ * Sanitize a string from user input or from the db
+ *
+ * check for invalid UTF-8,
+ * Convert single < characters to entity,
+ * strip all tags,
+ * remove line breaks, tabs and extra white space,
+ * strip octets.
+ *
+ * @since 2.9.0
+ *
+ * @param string $str
+ * @return string
+ */
+function sanitize_text_field($str) {
+ $filtered = wp_check_invalid_utf8( $str );
+
+ if ( strpos($filtered, '<') !== false ) {
+ $filtered = wp_pre_kses_less_than( $filtered );
+ // This will strip extra whitespace for us.
+ $filtered = wp_strip_all_tags( $filtered, true );
+ } else {
+ $filtered = trim( preg_replace('/[\r\n\t ]+/', ' ', $filtered) );
+ }
+
+ $found = false;
+ while ( preg_match('/%[a-f0-9]{2}/i', $filtered, $match) ) {
+ $filtered = str_replace($match[0], '', $filtered);
+ $found = true;
+ }
+
+ if ( $found ) {
+ // Strip out the whitespace that may now exist after removing the octets.
+ $filtered = trim( preg_replace('/ +/', ' ', $filtered) );
+ }
+
+ /**
+ * Filter a sanitized text field string.
+ *
+ * @since 2.9.0
+ *
+ * @param string $filtered The sanitized string.
+ * @param string $str The string prior to being sanitized.
+ */
+ return apply_filters( 'sanitize_text_field', $filtered, $str );
+}
+
+/**
+ * i18n friendly version of basename()
+ *
+ * @since 3.1.0
+ *
+ * @param string $path A path.
+ * @param string $suffix If the filename ends in suffix this will also be cut off.
+ * @return string
+ */
+function wp_basename( $path, $suffix = '' ) {
+ return urldecode( basename( str_replace( array( '%2F', '%5C' ), '/', urlencode( $path ) ), $suffix ) );
+}
+
+/**
+ * Forever eliminate "Wordpress" from the planet (or at least the little bit we can influence).
+ *
+ * Violating our coding standards for a good function name.
+ *
+ * @since 3.0.0
+ */
+function capital_P_dangit( $text ) {
+ // Simple replacement for titles
+ $current_filter = current_filter();
+ if ( 'the_title' === $current_filter || 'wp_title' === $current_filter )
+ return str_replace( 'Wordpress', 'WordPress', $text );
+ // Still here? Use the more judicious replacement
+ static $dblq = false;
+ if ( false === $dblq )
+ $dblq = _x( '“', 'opening curly double quote' );
+ return str_replace(
+ array( ' Wordpress', '‘Wordpress', $dblq . 'Wordpress', '>Wordpress', '(Wordpress' ),
+ array( ' WordPress', '‘WordPress', $dblq . 'WordPress', '>WordPress', '(WordPress' ),
+ $text );
+
+}
+
+/**
+ * Sanitize a mime type
+ *
+ * @since 3.1.3
+ *
+ * @param string $mime_type Mime type
+ * @return string Sanitized mime type
+ */
+function sanitize_mime_type( $mime_type ) {
+ $sani_mime_type = preg_replace( '/[^-+*.a-zA-Z0-9\/]/', '', $mime_type );
+ /**
+ * Filter a mime type following sanitization.
+ *
+ * @since 3.1.3
+ *
+ * @param string $sani_mime_type The sanitized mime type.
+ * @param string $mime_type The mime type prior to sanitization.
+ */
+ return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
+}
+
+/**
+ * Sanitize space or carriage return separated URLs that are used to send trackbacks.
+ *
+ * @since 3.4.0
+ *
+ * @param string $to_ping Space or carriage return separated URLs
+ * @return string URLs starting with the http or https protocol, separated by a carriage return.
+ */
+function sanitize_trackback_urls( $to_ping ) {
+ $urls_to_ping = preg_split( '/[\r\n\t ]/', trim( $to_ping ), -1, PREG_SPLIT_NO_EMPTY );
+ foreach ( $urls_to_ping as $k => $url ) {
+ if ( !preg_match( '#^https?://.#i', $url ) )
+ unset( $urls_to_ping[$k] );
+ }
+ $urls_to_ping = array_map( 'esc_url_raw', $urls_to_ping );
+ $urls_to_ping = implode( "\n", $urls_to_ping );
+ /**
+ * Filter a list of trackback URLs following sanitization.
+ *
+ * The string returned here consists of a space or carriage return-delimited list
+ * of trackback URLs.
+ *
+ * @since 3.4.0
+ *
+ * @param string $urls_to_ping Sanitized space or carriage return separated URLs.
+ * @param string $to_ping Space or carriage return separated URLs before sanitization.
+ */
+ return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping );
+}
+
+/**
+ * Add slashes to a string or array of strings.
+ *
+ * This should be used when preparing data for core API that expects slashed data.
+ * This should not be used to escape data going directly into an SQL query.
+ *
+ * @since 3.6.0
+ *
+ * @param string|array $value String or array of strings to slash.
+ * @return string|array Slashed $value
+ */
+function wp_slash( $value ) {
+ if ( is_array( $value ) ) {
+ foreach ( $value as $k => $v ) {
+ if ( is_array( $v ) ) {
+ $value[$k] = wp_slash( $v );
+ } else {
+ $value[$k] = addslashes( $v );
+ }
+ }
+ } else {
+ $value = addslashes( $value );
+ }
+
+ return $value;
+}
+
+/**
+ * Remove slashes from a string or array of strings.
+ *
+ * This should be used to remove slashes from data passed to core API that
+ * expects data to be unslashed.
+ *
+ * @since 3.6.0
+ *
+ * @param string|array $value String or array of strings to unslash.
+ * @return string|array Unslashed $value
+ */
+function wp_unslash( $value ) {
+ return stripslashes_deep( $value );
+}
+
+/**
+ * Extract and return the first URL from passed content.
+ *
+ * @since 3.6.0
+ *
+ * @param string $content A string which might contain a URL.
+ * @return string The found URL.
+ */
+function get_url_in_content( $content ) {
+ if ( empty( $content ) ) {
+ return false;
+ }
+
+ if ( preg_match( '/<a\s[^>]*?href=([\'"])(.+?)\1/is', $content, $matches ) ) {
+ return esc_url_raw( $matches[2] );
+ }
+
+ return false;
+}
+
+/**
+ * Returns the regexp for common whitespace characters.
+ *
+ * By default, spaces include new lines, tabs, nbsp entities, and the UTF-8 nbsp.
+ * This is designed to replace the PCRE \s sequence. In ticket #22692, that
+ * sequence was found to be unreliable due to random inclusion of the A0 byte.
+ *
+ * @since 4.0.0
+ *
+ * @return string The spaces regexp.
+ */
+function wp_spaces_regexp() {
+ static $spaces;
+
+ if ( empty( $spaces ) ) {
+ /**
+ * Filter the regexp for common whitespace characters.
+ *
+ * This string is substituted for the \s sequence as needed in regular
+ * expressions. For websites not written in English, different characters
+ * may represent whitespace. For websites not encoded in UTF-8, the 0xC2 0xA0
+ * sequence may not be in use.
+ *
+ * @since 4.0.0
+ *
+ * @param string $spaces Regexp pattern for matching common whitespace characters.
+ */
+ $spaces = apply_filters( 'wp_spaces_regexp', '[\r\n\t ]|\xC2\xA0| ' );
+ }
+
+ return $spaces;
+}