X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/03f2fa83c13c1b532284205fa7efcab9b8b2c41f..784f914b1e4b1c62d6657e86397c2e83bcee4295:/wp-includes/formatting.php diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index ff4167d2..14f3852b 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -216,7 +216,7 @@ function wptexturize( $text, $reset = false ) { // Look for shortcodes and HTML elements. - preg_match_all( '@\[/?([^<>&/\[\]\x00-\x20]++)@', $text, $matches ); + preg_match_all( '@\[/?([^<>&/\[\]\x00-\x20=]++)@', $text, $matches ); $tagnames = array_intersect( array_keys( $shortcode_tags ), $matches[1] ); $found_shortcodes = ! empty( $tagnames ); $shortcode_regex = $found_shortcodes ? _get_wptexturize_shortcode_regex( $tagnames ) : ''; @@ -233,6 +233,10 @@ function wptexturize( $text, $reset = false ) { continue; } else { // This is an HTML element delimiter. + + // Replace each & with & unless it already looks like an entity. + $curl = preg_replace( '/&(?!#(?:\d+|x[a-f0-9]+);|[a-z1-4]{1,8};)/i', '&', $curl ); + _wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags ); } @@ -370,7 +374,7 @@ function wptexturize_primes( $haystack, $needle, $prime, $open_quote, $close_quo */ function _wptexturize_pushpop_element( $text, &$stack, $disabled_elements ) { // Is it an opening tag or closing tag? - if ( '/' !== $text[1] ) { + if ( isset( $text[1] ) && '/' !== $text[1] ) { $opening_tag = true; $name_offset = 1; } elseif ( 0 == count( $stack ) ) { @@ -1580,12 +1584,12 @@ function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'displa } $title = strtolower($title); - $title = preg_replace('/&.+?;/', '', $title); // kill entities - $title = str_replace('.', '-', $title); if ( 'save' == $context ) { // Convert nbsp, ndash and mdash to hyphens $title = str_replace( array( '%c2%a0', '%e2%80%93', '%e2%80%94' ), '-', $title ); + // Convert nbsp, ndash and mdash HTML entities to hyphens + $title = str_replace( array( ' ', ' ', '–', '–', '—', '—' ), '-', $title ); // Strip these characters entirely $title = str_replace( array( @@ -1608,6 +1612,9 @@ function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'displa $title = str_replace( '%c3%97', 'x', $title ); } + $title = preg_replace('/&.+?;/', '', $title); // kill entities + $title = str_replace('.', '-', $title); + $title = preg_replace('/[^%a-z0-9 _-]/', '', $title); $title = preg_replace('/\s+/', '-', $title); $title = preg_replace('|-+|', '-', $title); @@ -2195,9 +2202,9 @@ function make_clickable( $text ) { $nested_code_pre = 0; // Keep track of how many levels link is nested inside
or
foreach ( $textarr as $piece ) {
- if ( preg_match( '|^]|i', $piece ) || preg_match( '|^]|i', $piece ) )
+ if ( preg_match( '|^]|i', $piece ) || preg_match( '|^]|i', $piece ) || preg_match( '|^' === strtolower( $piece ) || '' === strtolower( $piece ) ) )
$nested_code_pre--;
if ( $nested_code_pre || empty( $piece ) || ( $piece[0] === '<' && ! preg_match( '|^<\s*[\w]{1,20}+://|', $piece ) ) ) {
@@ -2332,7 +2339,14 @@ function wp_rel_nofollow( $text ) {
function wp_rel_nofollow_callback( $matches ) {
$text = $matches[1];
$atts = shortcode_parse_atts( $matches[1] );
- $rel = 'nofollow';
+ $rel = 'nofollow';
+
+ if ( preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'http' ) ) . ')%i', $text ) ||
+ preg_match( '%href=["\'](' . preg_quote( set_url_scheme( home_url(), 'https' ) ) . ')%i', $text )
+ ) {
+ return "";
+ }
+
if ( ! empty( $atts['rel'] ) ) {
$parts = array_map( 'trim', explode( ' ', $atts['rel'] ) );
if ( false === array_search( 'nofollow', $parts ) ) {
@@ -2691,23 +2705,6 @@ function iso8601_to_datetime( $date_string, $timezone = 'user' ) {
}
}
-/**
- * Adds a element attributes to open links in new windows.
- *
- * Comment text in popup windows should be filtered through this. Right now it's
- * a moderately dumb function, ideally it would detect whether a target or rel
- * attribute was already there and adjust its actions accordingly.
- *
- * @since 0.71
- *
- * @param string $text Content to replace links to open in a new window.
- * @return string Content that has filtered links.
- */
-function popuplinks( $text ) {
- $text = preg_replace('//i', "", $text);
- return $text;
-}
-
/**
* Strips out all characters that are not allowable in an email.
*
@@ -3285,7 +3282,11 @@ function ent2ncr( $text ) {
*
* @since 4.3.0
*
- * @param string $text The text to be formatted.
+ * @see _WP_Editors::editor()
+ *
+ * @param string $text The text to be formatted.
+ * @param string $default_editor The default editor for the current user.
+ * It is usually either 'html' or 'tinymce'.
* @return string The formatted text after filter is applied.
*/
function format_for_editor( $text, $default_editor = null ) {
@@ -3298,7 +3299,9 @@ function format_for_editor( $text, $default_editor = null ) {
*
* @since 4.3.0
*
- * @param string $text The formatted text.
+ * @param string $text The formatted text.
+ * @param string $default_editor The default editor for the current user.
+ * It is usually either 'html' or 'tinymce'.
*/
return apply_filters( 'format_for_editor', $text, $default_editor );
}
@@ -3706,7 +3709,6 @@ function sanitize_option( $option, $value ) {
if ( is_wp_error( $value ) ) {
$error = $value->get_error_message();
} else {
- $value = wp_kses_post( $value );
$value = esc_html( $value );
}
break;
@@ -3889,17 +3891,23 @@ function sanitize_option( $option, $value ) {
*
* @param mixed $value The array, object, or scalar.
* @param callable $callback The function to map onto $value.
- * @return The value with the callback applied to all non-arrays and non-objects inside it.
+ * @return mixed The value with the callback applied to all non-arrays and non-objects inside it.
*/
function map_deep( $value, $callback ) {
- if ( is_array( $value ) || is_object( $value ) ) {
- foreach ( $value as &$item ) {
- $item = map_deep( $item, $callback );
+ if ( is_array( $value ) ) {
+ foreach ( $value as $index => $item ) {
+ $value[ $index ] = map_deep( $item, $callback );
+ }
+ } elseif ( is_object( $value ) ) {
+ $object_vars = get_object_vars( $value );
+ foreach ( $object_vars as $property_name => $property_value ) {
+ $value->$property_name = map_deep( $property_value, $callback );
}
- return $value;
} else {
- return call_user_func( $callback, $value );
+ $value = call_user_func( $callback, $value );
}
+
+ return $value;
}
/**
@@ -4303,6 +4311,9 @@ function wp_basename( $path, $suffix = '' ) {
* @since 3.0.0
*
* @staticvar string|false $dblq
+ *
+ * @param string $text The text to be modified.
+ * @return string The modified text.
*/
function capital_P_dangit( $text ) {
// Simple replacement for titles
@@ -4524,7 +4535,7 @@ function print_emoji_detection_script() {
*
* @param string The emoji base URL.
*/
- 'baseUrl' => apply_filters( 'emoji_url', set_url_scheme( '//s.w.org/images/core/emoji/72x72/' ) ),
+ 'baseUrl' => apply_filters( 'emoji_url', 'https://s.w.org/images/core/emoji/72x72/' ),
/**
* Filter the extension of the emoji files.
@@ -4571,7 +4582,7 @@ function print_emoji_detection_script() {
?>