X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/38ca813a0e312e2768e5b9519f0415cd0aa84781..refs/tags/wordpress-3.9.2-scripts:/wp-includes/formatting.php diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 82a1b9bd..5efe0cda 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -5,7 +5,7 @@ * Handles many functions for formatting output. * * @package WordPress - **/ + */ /** * Replaces common plain text characters into formatted entities @@ -28,14 +28,33 @@ */ function wptexturize($text) { global $wp_cockneyreplace; - static $opening_quote, $closing_quote, $default_no_texturize_tags, $default_no_texturize_shortcodes, $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements; + static $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements, + $default_no_texturize_tags, $default_no_texturize_shortcodes; // No need to set up these static variables more than once - if ( empty( $opening_quote ) ) { - /* translators: opening curly quote */ - $opening_quote = _x('“', 'opening curly quote'); - /* translators: closing curly quote */ - $closing_quote = _x('”', 'closing curly quote'); + if ( ! isset( $static_characters ) ) { + /* translators: opening curly double quote */ + $opening_quote = _x( '“', 'opening curly double quote' ); + /* translators: closing curly double quote */ + $closing_quote = _x( '”', 'closing curly double quote' ); + + /* translators: apostrophe, for example in 'cause or can't */ + $apos = _x( '’', 'apostrophe' ); + + /* translators: prime, for example in 9' (nine feet) */ + $prime = _x( '′', 'prime' ); + /* translators: double prime, for example in 9" (nine inches) */ + $double_prime = _x( '″', 'double prime' ); + + /* translators: opening curly single quote */ + $opening_single_quote = _x( '‘', 'opening curly single quote' ); + /* translators: closing curly single quote */ + $closing_single_quote = _x( '’', 'closing curly single quote' ); + + /* translators: en dash */ + $en_dash = _x( '–', 'en dash' ); + /* translators: em dash */ + $em_dash = _x( '—', 'em dash' ); $default_no_texturize_tags = array('pre', 'code', 'kbd', 'style', 'script', 'tt'); $default_no_texturize_shortcodes = array('code'); @@ -44,22 +63,91 @@ function wptexturize($text) { if ( isset($wp_cockneyreplace) ) { $cockney = array_keys($wp_cockneyreplace); $cockneyreplace = array_values($wp_cockneyreplace); + } elseif ( "'" != $apos ) { // Only bother if we're doing a replacement. + $cockney = array( "'tain't", "'twere", "'twas", "'tis", "'twill", "'til", "'bout", "'nuff", "'round", "'cause" ); + $cockneyreplace = array( $apos . "tain" . $apos . "t", $apos . "twere", $apos . "twas", $apos . "tis", $apos . "twill", $apos . "til", $apos . "bout", $apos . "nuff", $apos . "round", $apos . "cause" ); } else { - $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause"); - $cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause"); + $cockney = $cockneyreplace = array(); + } + + $static_characters = array_merge( array( '---', ' -- ', '--', ' - ', 'xn–', '...', '``', '\'\'', ' (tm)' ), $cockney ); + $static_replacements = array_merge( array( $em_dash, ' ' . $em_dash . ' ', $en_dash, ' ' . $en_dash . ' ', 'xn--', '…', $opening_quote, $closing_quote, ' ™' ), $cockneyreplace ); + + /* + * Regex for common whitespace characters. + * + * By default, spaces include new lines, tabs, nbsp entities, and the UTF-8 nbsp. + * This is designed to replace the PCRE \s sequence. In #WP22692, that sequence + * was found to be unreliable due to random inclusion of the A0 byte. + */ + $spaces = '[\r\n\t ]|\xC2\xA0| '; + + + // Pattern-based replacements of characters. + $dynamic = array(); + + // '99 '99s '99's (apostrophe) + if ( "'" !== $apos ) { + $dynamic[ '/\'(?=\d)/' ] = $apos; + } + + // Single quote at start, or preceded by (, {, <, [, ", or spaces. + if ( "'" !== $opening_single_quote ) { + $dynamic[ '/(?<=\A|[([{<"]|' . $spaces . ')\'/' ] = $opening_single_quote; + } + + // 9" (double prime) + if ( '"' !== $double_prime ) { + $dynamic[ '/(?<=\d)"/' ] = $double_prime; + } + + // 9' (prime) + if ( "'" !== $prime ) { + $dynamic[ '/(?<=\d)\'/' ] = $prime; + } + + // Apostrophe in a word. No spaces or double primes. + if ( "'" !== $apos ) { + $dynamic[ '/(?|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE); foreach ( $textarr as &$curl ) { - if ( empty( $curl ) ) + if ( empty( $curl ) ) { continue; + } // Only call _wptexturize_pushpop_element if first char is correct tag opening $first = $curl[0]; @@ -77,11 +166,21 @@ function wptexturize($text) { } elseif ( '[' === $first ) { _wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']'); } elseif ( empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack) ) { + // This is not a tag, nor is the texturization disabled static strings $curl = str_replace($static_characters, $static_replacements, $curl); + // regular expressions $curl = preg_replace($dynamic_characters, $dynamic_replacements, $curl); + + // 9x9 (times) + if ( 1 === preg_match( '/(?<=\d)x\d/', $text ) ) { + // Searching for a digit is 10 times more expensive than for the x, so we avoid doing this one! + $curl = preg_replace( '/\b(\d+)x(\d+)\b/', '$1×$2', $curl ); + } } + + // Replace each & with & unless it already looks like an entity. $curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&$1', $curl); } return implode( '', $textarr ); @@ -91,15 +190,14 @@ function wptexturize($text) { * Search for disabled element tags. Push element to stack on tag open and pop * on tag close. Assumes first character of $text is tag opening. * - * @access private * @since 2.9.0 + * @access private * * @param string $text Text to check. First character is assumed to be $opening * @param array $stack Array used as stack of opened tag elements * @param string $disabled_elements Tags to match against formatted as regexp sub-expression * @param string $opening Tag opening character, assumed to be 1 character long - * @param string $opening Tag closing character - * @return object + * @param string $closing Tag closing character */ function _wptexturize_pushpop_element($text, &$stack, $disabled_elements, $opening = '<', $closing = '>') { // Check if it is a closing tag -- otherwise assume opening tag @@ -123,36 +221,13 @@ function _wptexturize_pushpop_element($text, &$stack, $disabled_elements, $openi $last = array_pop($stack); // Make sure it matches the opening tag - if ($last != $matches[1]) - array_push($stack, $last); + if ( $last != $matches[1] ) { + array_push( $stack, $last ); + } } } } -/** - * Accepts matches array from preg_replace_callback in wpautop() or a string. - * - * Ensures that the contents of a <
>...<> HTML block are not - * converted into paragraphs or line-breaks. - * - * @since 1.2.0 - * - * @param array|string $matches The array or string - * @return string The pre block without paragraph/line-break conversion. - */ -function clean_pre($matches) { - if ( is_array($matches) ) - $text = $matches[1] . $matches[2] . ""; - else - $text = $matches; - - $text = str_replace('
', "\n", $text); - $text = str_replace('
', '', $text); - - return $text; -} - /** * Replaces double line-breaks with paragraph elements. * @@ -164,30 +239,72 @@ function clean_pre($matches) { * @since 0.71 * * @param string $pee The text which has to be formatted. - * @param int|bool $br Optional. If set, this will convert all remaining line-breaks after paragraphing. Default true. + * @param bool $br Optional. If set, this will convert all remaining line-breaks after paragraphing. Default true. * @return string Text which has been converted into correct paragraph tags. */ -function wpautop($pee, $br = 1) { +function wpautop($pee, $br = true) { + $pre_tags = array(); if ( trim($pee) === '' ) return ''; + $pee = $pee . "\n"; // just to make things a little easier, pad the end + + if ( strpos($pee, '', $pee ); + $last_pee = array_pop($pee_parts); + $pee = ''; + $i = 0; + + foreach ( $pee_parts as $pee_part ) { + $start = strpos($pee_part, '"; + $pre_tags[$name] = substr( $pee_part, $start ) . ''; + + $pee .= substr( $pee_part, 0, $start ) . $name; + $i++; + } + + $pee .= $last_pee; + } + $pee = preg_replace('|
' . trim($tinkle, "\n") . "
\n"; + } + $pee = preg_replace('|\s*
|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace $pee = preg_replace('!([^<]+)(div|address|form)>!', "
$1
$2>", $pee); $pee = preg_replace('!\s*(?' . $allblocks . '[^>]*>)\s*
!', "$1", $pee); // don't pee all over a tag @@ -196,17 +313,20 @@ function wpautop($pee, $br = 1) { $pee = str_replace('', '', $pee); $pee = preg_replace('!\s*(?' . $allblocks . '[^>]*>)!', "$1", $pee); $pee = preg_replace('!(?' . $allblocks . '[^>]*>)\s*
!', "$1", $pee); - if ($br) { + + if ( $br ) { $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', '_autop_newline_preservation_helper', $pee); $pee = preg_replace('|(?)\s*\n|', "]*>)(.*?)!is', 'clean_pre', $pee ); $pee = preg_replace( "|\n$|", '', $pee ); + if ( !empty($pre_tags) ) + $pee = str_replace(array_keys($pre_tags), array_values($pre_tags), $pee); + return $pee; } @@ -215,8 +335,9 @@ function wpautop($pee, $br = 1) { * * @since 3.1.0 * @access private + * * @param array $matches preg_replace_callback matches array - * @returns string + * @return string */ function _autop_newline_preservation_helper( $matches ) { return str_replace("\n", "
\\s*?(\\[(' . $tagregexp . ')\\b.*?\\/?\\](?:.+?\\[\\/\\2\\])?)\\s*<\\/p>/s', '$1', $pee); - } - - return $pee; + if ( empty( $shortcode_tags ) || !is_array( $shortcode_tags ) ) { + return $pee; + } + + $tagregexp = join( '|', array_map( 'preg_quote', array_keys( $shortcode_tags ) ) ); + + $pattern = + '/' + . '
' // Opening paragraph + . '\\s*+' // Optional leading whitespace + . '(' // 1: The shortcode + . '\\[' // Opening bracket + . "($tagregexp)" // 2: Shortcode name + . '(?![\\w-])' // Not followed by word character or hyphen + // Unroll the loop: Inside the opening shortcode tag + . '[^\\]\\/]*' // Not a closing bracket or forward slash + . '(?:' + . '\\/(?!\\])' // A forward slash not followed by a closing bracket + . '[^\\]\\/]*' // Not a closing bracket or forward slash + . ')*?' + . '(?:' + . '\\/\\]' // Self closing tag and closing bracket + . '|' + . '\\]' // Closing bracket + . '(?:' // Unroll the loop: Optionally, anything between the opening and closing shortcode tags + . '[^\\[]*+' // Not an opening bracket + . '(?:' + . '\\[(?!\\/\\2\\])' // An opening bracket not followed by the closing shortcode tag + . '[^\\[]*+' // Not an opening bracket + . ')*+' + . '\\[\\/\\2\\]' // Closing shortcode tag + . ')?' + . ')' + . ')' + . '\\s*+' // optional trailing whitespace + . '<\\/p>' // closing paragraph + . '/s'; + + return preg_replace( $pattern, '$1', $pee ); } /** @@ -284,6 +437,7 @@ function seems_utf8($str) { * ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded. * * @since 1.2.2 + * @access private * * @param string $string The text which is to be encoded. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. @@ -294,34 +448,31 @@ function seems_utf8($str) { function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { $string = (string) $string; - if ( 0 === strlen( $string ) ) { + if ( 0 === strlen( $string ) ) return ''; - } // Don't bother if there are no specialchars - saves some processing - if ( !preg_match( '/[&<>"\']/', $string ) ) { + if ( ! preg_match( '/[&<>"\']/', $string ) ) return $string; - } // Account for the previous behaviour of the function when the $quote_style is not an accepted value - if ( empty( $quote_style ) ) { + if ( empty( $quote_style ) ) $quote_style = ENT_NOQUOTES; - } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { + elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) $quote_style = ENT_QUOTES; - } // Store the site charset as a static to avoid multiple calls to wp_load_alloptions() - if ( !$charset ) { + if ( ! $charset ) { static $_charset; - if ( !isset( $_charset ) ) { + if ( ! isset( $_charset ) ) { $alloptions = wp_load_alloptions(); $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : ''; } $charset = $_charset; } - if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) { + + if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) $charset = 'UTF-8'; - } $_quote_style = $quote_style; @@ -333,28 +484,27 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals } // Handle double encoding ourselves - if ( !$double_encode ) { + if ( $double_encode ) { + $string = @htmlspecialchars( $string, $quote_style, $charset ); + } else { + // Decode & into & $string = wp_specialchars_decode( $string, $_quote_style ); - /* Critical */ - // The previous line decodes &phrase; into &phrase; We must guarantee that &phrase; is valid before proceeding. - $string = wp_kses_normalize_entities($string); + // Guarantee every &entity; is valid or re-encode the & + $string = wp_kses_normalize_entities( $string ); - // Now proceed with custom double-encoding silliness - $string = preg_replace( '/&(#?x?[0-9a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string ); - } + // Now re-encode everything except &entity; + $string = preg_split( '/(?x?[0-9a-z]+;)/i', $string, -1, PREG_SPLIT_DELIM_CAPTURE ); - $string = @htmlspecialchars( $string, $quote_style, $charset ); + for ( $i = 0; $i < count( $string ); $i += 2 ) + $string[$i] = @htmlspecialchars( $string[$i], $quote_style, $charset ); - // Handle double encoding ourselves - if ( !$double_encode ) { - $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string ); + $string = implode( '', $string ); } // Backwards compatibility - if ( 'single' === $_quote_style ) { + if ( 'single' === $_quote_style ) $string = str_replace( "'", ''', $string ); - } return $string; } @@ -367,7 +517,7 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals * $quote_style can be set to ENT_COMPAT to decode " entities, * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. * - * @since 2.8 + * @since 2.8.0 * * @param string $string The text which is to be decoded. * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES. @@ -424,7 +574,7 @@ function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) { /** * Checks for invalid UTF8 in a string. * - * @since 2.8 + * @since 2.8.0 * * @param string $string The text which is to be checked. * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. @@ -536,6 +686,7 @@ function remove_accents($string) { if (seems_utf8($string)) { $chars = array( // Decompositions for Latin-1 Supplement + chr(194).chr(170) => 'a', chr(194).chr(186) => 'o', chr(195).chr(128) => 'A', chr(195).chr(129) => 'A', chr(195).chr(130) => 'A', chr(195).chr(131) => 'A', chr(195).chr(132) => 'A', chr(195).chr(133) => 'A', @@ -566,7 +717,7 @@ function remove_accents($string) { chr(195).chr(185) => 'u', chr(195).chr(186) => 'u', chr(195).chr(187) => 'u', chr(195).chr(188) => 'u', chr(195).chr(189) => 'y', chr(195).chr(190) => 'th', - chr(195).chr(191) => 'y', + chr(195).chr(191) => 'y', chr(195).chr(152) => 'O', // Decompositions for Latin Extended-A chr(196).chr(128) => 'A', chr(196).chr(129) => 'a', chr(196).chr(130) => 'A', chr(196).chr(131) => 'a', @@ -638,7 +789,96 @@ function remove_accents($string) { // Euro Sign chr(226).chr(130).chr(172) => 'E', // GBP (Pound) Sign - chr(194).chr(163) => ''); + chr(194).chr(163) => '', + // Vowels with diacritic (Vietnamese) + // unmarked + chr(198).chr(160) => 'O', chr(198).chr(161) => 'o', + chr(198).chr(175) => 'U', chr(198).chr(176) => 'u', + // grave accent + chr(225).chr(186).chr(166) => 'A', chr(225).chr(186).chr(167) => 'a', + chr(225).chr(186).chr(176) => 'A', chr(225).chr(186).chr(177) => 'a', + chr(225).chr(187).chr(128) => 'E', chr(225).chr(187).chr(129) => 'e', + chr(225).chr(187).chr(146) => 'O', chr(225).chr(187).chr(147) => 'o', + chr(225).chr(187).chr(156) => 'O', chr(225).chr(187).chr(157) => 'o', + chr(225).chr(187).chr(170) => 'U', chr(225).chr(187).chr(171) => 'u', + chr(225).chr(187).chr(178) => 'Y', chr(225).chr(187).chr(179) => 'y', + // hook + chr(225).chr(186).chr(162) => 'A', chr(225).chr(186).chr(163) => 'a', + chr(225).chr(186).chr(168) => 'A', chr(225).chr(186).chr(169) => 'a', + chr(225).chr(186).chr(178) => 'A', chr(225).chr(186).chr(179) => 'a', + chr(225).chr(186).chr(186) => 'E', chr(225).chr(186).chr(187) => 'e', + chr(225).chr(187).chr(130) => 'E', chr(225).chr(187).chr(131) => 'e', + chr(225).chr(187).chr(136) => 'I', chr(225).chr(187).chr(137) => 'i', + chr(225).chr(187).chr(142) => 'O', chr(225).chr(187).chr(143) => 'o', + chr(225).chr(187).chr(148) => 'O', chr(225).chr(187).chr(149) => 'o', + chr(225).chr(187).chr(158) => 'O', chr(225).chr(187).chr(159) => 'o', + chr(225).chr(187).chr(166) => 'U', chr(225).chr(187).chr(167) => 'u', + chr(225).chr(187).chr(172) => 'U', chr(225).chr(187).chr(173) => 'u', + chr(225).chr(187).chr(182) => 'Y', chr(225).chr(187).chr(183) => 'y', + // tilde + chr(225).chr(186).chr(170) => 'A', chr(225).chr(186).chr(171) => 'a', + chr(225).chr(186).chr(180) => 'A', chr(225).chr(186).chr(181) => 'a', + chr(225).chr(186).chr(188) => 'E', chr(225).chr(186).chr(189) => 'e', + chr(225).chr(187).chr(132) => 'E', chr(225).chr(187).chr(133) => 'e', + chr(225).chr(187).chr(150) => 'O', chr(225).chr(187).chr(151) => 'o', + chr(225).chr(187).chr(160) => 'O', chr(225).chr(187).chr(161) => 'o', + chr(225).chr(187).chr(174) => 'U', chr(225).chr(187).chr(175) => 'u', + chr(225).chr(187).chr(184) => 'Y', chr(225).chr(187).chr(185) => 'y', + // acute accent + chr(225).chr(186).chr(164) => 'A', chr(225).chr(186).chr(165) => 'a', + chr(225).chr(186).chr(174) => 'A', chr(225).chr(186).chr(175) => 'a', + chr(225).chr(186).chr(190) => 'E', chr(225).chr(186).chr(191) => 'e', + chr(225).chr(187).chr(144) => 'O', chr(225).chr(187).chr(145) => 'o', + chr(225).chr(187).chr(154) => 'O', chr(225).chr(187).chr(155) => 'o', + chr(225).chr(187).chr(168) => 'U', chr(225).chr(187).chr(169) => 'u', + // dot below + chr(225).chr(186).chr(160) => 'A', chr(225).chr(186).chr(161) => 'a', + chr(225).chr(186).chr(172) => 'A', chr(225).chr(186).chr(173) => 'a', + chr(225).chr(186).chr(182) => 'A', chr(225).chr(186).chr(183) => 'a', + chr(225).chr(186).chr(184) => 'E', chr(225).chr(186).chr(185) => 'e', + chr(225).chr(187).chr(134) => 'E', chr(225).chr(187).chr(135) => 'e', + chr(225).chr(187).chr(138) => 'I', chr(225).chr(187).chr(139) => 'i', + chr(225).chr(187).chr(140) => 'O', chr(225).chr(187).chr(141) => 'o', + chr(225).chr(187).chr(152) => 'O', chr(225).chr(187).chr(153) => 'o', + chr(225).chr(187).chr(162) => 'O', chr(225).chr(187).chr(163) => 'o', + chr(225).chr(187).chr(164) => 'U', chr(225).chr(187).chr(165) => 'u', + chr(225).chr(187).chr(176) => 'U', chr(225).chr(187).chr(177) => 'u', + chr(225).chr(187).chr(180) => 'Y', chr(225).chr(187).chr(181) => 'y', + // Vowels with diacritic (Chinese, Hanyu Pinyin) + chr(201).chr(145) => 'a', + // macron + chr(199).chr(149) => 'U', chr(199).chr(150) => 'u', + // acute accent + chr(199).chr(151) => 'U', chr(199).chr(152) => 'u', + // caron + chr(199).chr(141) => 'A', chr(199).chr(142) => 'a', + chr(199).chr(143) => 'I', chr(199).chr(144) => 'i', + chr(199).chr(145) => 'O', chr(199).chr(146) => 'o', + chr(199).chr(147) => 'U', chr(199).chr(148) => 'u', + chr(199).chr(153) => 'U', chr(199).chr(154) => 'u', + // grave accent + chr(199).chr(155) => 'U', chr(199).chr(156) => 'u', + ); + + // Used for locale-specific rules + $locale = get_locale(); + + if ( 'de_DE' == $locale ) { + $chars[ chr(195).chr(132) ] = 'Ae'; + $chars[ chr(195).chr(164) ] = 'ae'; + $chars[ chr(195).chr(150) ] = 'Oe'; + $chars[ chr(195).chr(182) ] = 'oe'; + $chars[ chr(195).chr(156) ] = 'Ue'; + $chars[ chr(195).chr(188) ] = 'ue'; + $chars[ chr(195).chr(159) ] = 'ss'; + } elseif ( 'da_DK' === $locale ) { + $chars[ chr(195).chr(134) ] = 'Ae'; + $chars[ chr(195).chr(166) ] = 'ae'; + $chars[ chr(195).chr(152) ] = 'Oe'; + $chars[ chr(195).chr(184) ] = 'oe'; + $chars[ chr(195).chr(133) ] = 'Aa'; + $chars[ chr(195).chr(165) ] = 'aa'; + } $string = strtr($string, $chars); } else { @@ -666,12 +906,12 @@ function remove_accents($string) { } /** - * Sanitizes a filename replacing whitespace with dashes + * Sanitizes a filename, replacing whitespace with dashes. * * Removes special characters that are illegal in filenames on certain * operating systems and special characters requiring special escaping * to manipulate at the command line. Replaces spaces and consecutive - * dashes with a single dash. Trim period, dash and underscore from beginning + * dashes with a single dash. Trims period, dash and underscore from beginning * and end of filename. * * @since 2.1.0 @@ -682,7 +922,16 @@ function remove_accents($string) { function sanitize_file_name( $filename ) { $filename_raw = $filename; $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0)); - $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw); + /** + * Filter the list of characters to remove from a filename. + * + * @since 2.8.0 + * + * @param array $special_chars Characters to remove. + * @param string $filename_raw Filename as it was passed into sanitize_file_name(). + */ + $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw ); + $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename ); $filename = str_replace($special_chars, '', $filename); $filename = preg_replace('/[\s-]+/', '-', $filename); $filename = trim($filename, '.-_'); @@ -691,16 +940,27 @@ function sanitize_file_name( $filename ) { $parts = explode('.', $filename); // Return if only one extension - if ( count($parts) <= 2 ) - return apply_filters('sanitize_file_name', $filename, $filename_raw); + if ( count( $parts ) <= 2 ) { + /** + * Filter a sanitized filename string. + * + * @since 2.8.0 + * + * @param string $filename Sanitized filename. + * @param string $filename_raw The filename prior to sanitization. + */ + return apply_filters( 'sanitize_file_name', $filename, $filename_raw ); + } // Process multiple extensions $filename = array_shift($parts); $extension = array_pop($parts); $mimes = get_allowed_mime_types(); - // Loop over any intermediate extensions. Munge them with a trailing underscore if they are a 2 - 5 character - // long alpha string not in the extension whitelist. + /* + * Loop over any intermediate extensions. Postfix them with a trailing underscore + * if they are a 2 - 5 character long alpha string not in the extension whitelist. + */ foreach ( (array) $parts as $part) { $filename .= '.' . $part; @@ -718,12 +978,12 @@ function sanitize_file_name( $filename ) { } } $filename .= '.' . $extension; - + /** This filter is documented in wp-includes/formatting.php */ return apply_filters('sanitize_file_name', $filename, $filename_raw); } /** - * Sanitize username stripping out unsafe characters. + * Sanitizes a username, stripping out unsafe characters. * * Removes tags, octets, entities, and if strict is enabled, will only keep * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, @@ -731,8 +991,6 @@ function sanitize_file_name( $filename ) { * parameters for the 'sanitize_user' filter. * * @since 2.0.0 - * @uses apply_filters() Calls 'sanitize_user' hook on username, raw username, - * and $strict parameter. * * @param string $username The username to be sanitized. * @param bool $strict If set limits $username to specific characters. Default false. @@ -754,11 +1012,20 @@ function sanitize_user( $username, $strict = false ) { // Consolidate contiguous whitespace $username = preg_replace( '|\s+|', ' ', $username ); + /** + * Filter a sanitized username string. + * + * @since 2.0.1 + * + * @param string $username Sanitized username. + * @param string $raw_username The username prior to sanitization. + * @param bool $strict Whether to limit the sanitization to specific characters. Default false. + */ return apply_filters( 'sanitize_user', $username, $raw_username, $strict ); } /** - * Sanitize a string key. + * Sanitizes a string key. * * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed. * @@ -771,11 +1038,20 @@ function sanitize_key( $key ) { $raw_key = $key; $key = strtolower( $key ); $key = preg_replace( '/[^a-z0-9_\-]/', '', $key ); + + /** + * Filter a sanitized key string. + * + * @since 3.0.0 + * + * @param string $key Sanitized key. + * @param string $raw_key The key prior to sanitization. + */ return apply_filters( 'sanitize_key', $key, $raw_key ); } /** - * Sanitizes title or use fallback title. + * Sanitizes a title, or returns a fallback title. * * Specifically, HTML and PHP tags are stripped. Further actions can be added * via the plugin API. If $title is empty and $fallback_title is set, the latter @@ -788,13 +1064,22 @@ function sanitize_key( $key ) { * @param string $context Optional. The operation for which the string is sanitized * @return string The sanitized string. */ -function sanitize_title($title, $fallback_title = '', $context = 'save') { +function sanitize_title( $title, $fallback_title = '', $context = 'save' ) { $raw_title = $title; if ( 'save' == $context ) $title = remove_accents($title); - $title = apply_filters('sanitize_title', $title, $raw_title, $context); + /** + * Filter a sanitized title string. + * + * @since 1.2.0 + * + * @param string $title Sanitized title. + * @param string $raw_title The title prior to sanitization. + * @param string $context The context for which the title is being sanitized. + */ + $title = apply_filters( 'sanitize_title', $title, $raw_title, $context ); if ( '' === $title || false === $title ) $title = $fallback_title; @@ -802,12 +1087,23 @@ function sanitize_title($title, $fallback_title = '', $context = 'save') { return $title; } -function sanitize_title_for_query($title) { - return sanitize_title($title, '', 'query'); +/** + * Sanitizes a title with the 'query' context. + * + * Used for querying the database for a value from URL. + * + * @since 3.1.0 + * @uses sanitize_title() + * + * @param string $title The string to be sanitized. + * @return string The sanitized string. + */ +function sanitize_title_for_query( $title ) { + return sanitize_title( $title, '', 'query' ); } /** - * Sanitizes title, replacing whitespace with dashes. + * Sanitizes a title, replacing whitespace and a few other characters with dashes. * * Limits the output to alphanumeric characters, underscore (_) and dash (-). * Whitespace becomes a dash. @@ -815,9 +1111,11 @@ function sanitize_title_for_query($title) { * @since 1.2.0 * * @param string $title The title to be sanitized. + * @param string $raw_title Optional. Not used. + * @param string $context Optional. The operation for which the string is sanitized. * @return string The sanitized title. */ -function sanitize_title_with_dashes($title) { +function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) { $title = strip_tags($title); // Preserve escaped octets. $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title); @@ -836,6 +1134,32 @@ function sanitize_title_with_dashes($title) { $title = strtolower($title); $title = preg_replace('/&.+?;/', '', $title); // kill entities $title = str_replace('.', '-', $title); + + if ( 'save' == $context ) { + // Convert nbsp, ndash and mdash to hyphens + $title = str_replace( array( '%c2%a0', '%e2%80%93', '%e2%80%94' ), '-', $title ); + + // Strip these characters entirely + $title = str_replace( array( + // iexcl and iquest + '%c2%a1', '%c2%bf', + // angle quotes + '%c2%ab', '%c2%bb', '%e2%80%b9', '%e2%80%ba', + // curly quotes + '%e2%80%98', '%e2%80%99', '%e2%80%9c', '%e2%80%9d', + '%e2%80%9a', '%e2%80%9b', '%e2%80%9e', '%e2%80%9f', + // copy, reg, deg, hellip and trade + '%c2%a9', '%c2%ae', '%c2%b0', '%e2%80%a6', '%e2%84%a2', + // acute accents + '%c2%b4', '%cb%8a', '%cc%81', '%cd%81', + // grave accent, macron, caron + '%cc%80', '%cc%84', '%cc%8c', + ), '', $title ); + + // Convert times to x + $title = str_replace( '%c3%97', 'x', $title ); + } + $title = preg_replace('/[^%a-z0-9 _-]/', '', $title); $title = preg_replace('/\s+/', '-', $title); $title = preg_replace('|-+|', '-', $title); @@ -853,7 +1177,7 @@ function sanitize_title_with_dashes($title) { * @since 2.5.1 * * @param string $orderby Order by string to be checked. - * @return string|false Returns the order by clause if it is a match, false otherwise. + * @return string|bool Returns the order by clause if it is a match, false otherwise. */ function sanitize_sql_orderby( $orderby ){ preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches); @@ -863,7 +1187,7 @@ function sanitize_sql_orderby( $orderby ){ } /** - * Santizes a html classname to ensure it only contains valid characters + * Sanitizes an HTML classname to ensure it only contains valid characters. * * Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty * string then it will return the alternative value supplied. @@ -887,6 +1211,15 @@ function sanitize_html_class( $class, $fallback = '' ) { if ( '' == $sanitized ) $sanitized = $fallback; + /** + * Filter a sanitized HTML class string. + * + * @since 2.8.0 + * + * @param string $sanitized The sanitized HTML class. + * @param string $class HTML class before sanitization. + * @param string $fallback The fallback string. + */ return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback ); } @@ -923,7 +1256,7 @@ function convert_chars($content, $deprecated = '') { '' => '‹', '' => 'Œ', '' => '', - '' => 'ž', + '' => 'Ž', '' => '', '' => '', '' => '‘', @@ -939,7 +1272,7 @@ function convert_chars($content, $deprecated = '') { '' => '›', '' => 'œ', '' => '', - '' => '', + '' => 'ž', '' => 'Ÿ' ); @@ -961,22 +1294,20 @@ function convert_chars($content, $deprecated = '') { } /** - * Will only balance the tags if forced to and the option is set to balance tags. - * - * The option 'use_balanceTags' is used for whether the tags will be balanced. - * Both the $force parameter and 'use_balanceTags' option will have to be true - * before the tags will be balanced. + * Balances tags if forced to, or if the 'use_balanceTags' option is set to true. * * @since 0.71 * * @param string $text Text to be balanced - * @param bool $force Forces balancing, ignoring the value of the option. Default false. + * @param bool $force If true, forces balancing, ignoring the value of the option. Default false. * @return string Balanced text */ function balanceTags( $text, $force = false ) { - if ( !$force && get_option('use_balanceTags') == 0 ) + if ( $force || get_option('use_balanceTags') == 1 ) { + return force_balance_tags( $text ); + } else { return $text; - return force_balance_tags( $text ); + } } /** @@ -1002,8 +1333,10 @@ function force_balance_tags( $text ) { $stacksize = 0; $tagqueue = ''; $newtext = ''; - $single_tags = array('br', 'hr', 'img', 'input'); // Known single-entity/self-closing tags - $nestable_tags = array('blockquote', 'div', 'span'); // Tags that can be immediately nested within themselves + // Known single-entity/self-closing tags + $single_tags = array( 'area', 'base', 'basefont', 'br', 'col', 'command', 'embed', 'frame', 'hr', 'img', 'input', 'isindex', 'link', 'meta', 'param', 'source' ); + // Tags that can be immediately nested within themselves + $nestable_tags = array( 'blockquote', 'div', 'object', 'q', 'span' ); // WP bug fix for comments - in case you REALLY meant to type '< !--' $text = str_replace('< !--', '< !--', $text); @@ -1050,26 +1383,35 @@ function force_balance_tags( $text ) { // Tag Cleaning - // If self-closing or '', don't do anything. - if ( substr($regex[2],-1) == '/' || $tag == '' ) { + // If it's an empty tag "< >", do nothing + if ( '' == $tag ) { // do nothing } + // ElseIf it presents itself as a self-closing tag... + elseif ( substr( $regex[2], -1 ) == '/' ) { + // ...but it isn't a known single-entity self-closing tag, then don't let it be treated as such and + // immediately close it with a closing tag (the tag will encapsulate no text as a result) + if ( ! in_array( $tag, $single_tags ) ) + $regex[2] = trim( substr( $regex[2], 0, -1 ) ) . ">$tag"; + } // ElseIf it's a known single-entity tag but it doesn't close itself, do so elseif ( in_array($tag, $single_tags) ) { $regex[2] .= '/'; - } else { // Push the tag onto the stack + } + // Else it's not a single-entity tag + else { // If the top of the stack is the same as the tag we want to push, close previous tag if ( $stacksize > 0 && !in_array($tag, $nestable_tags) && $tagstack[$stacksize - 1] == $tag ) { - $tagqueue = '' . array_pop ($tagstack) . '>'; + $tagqueue = '' . array_pop( $tagstack ) . '>'; $stacksize--; } - $stacksize = array_push ($tagstack, $tag); + $stacksize = array_push( $tagstack, $tag ); } // Attributes $attributes = $regex[2]; - if( !empty($attributes) ) - $attributes = ' '.$attributes; + if( ! empty( $attributes ) && $attributes[0] != '>' ) + $attributes = ' ' . $attributes; $tag = '<' . $tag . $attributes . '>'; //If already queuing a close tag, then put this tag on, too @@ -1102,41 +1444,35 @@ function force_balance_tags( $text ) { /** * Acts on text which is about to be edited. * - * Unless $richedit is set, it is simply a holder for the 'format_to_edit' - * filter. If $richedit is set true htmlspecialchars(), through esc_textarea(), - * will be run on the content, converting special characters to HTML entities. + * The $content is run through esc_textarea(), which uses htmlspecialchars() + * to convert special characters to HTML entities. If $richedit is set to true, + * it is simply a holder for the 'format_to_edit' filter. * * @since 0.71 * * @param string $content The text about to be edited. - * @param bool $richedit Whether the $content should pass through htmlspecialchars(). Default false. + * @param bool $richedit Whether the $content should not pass through htmlspecialchars(). Default false (meaning it will be passed). * @return string The text after the filter (and possibly htmlspecialchars()) has been run. */ function format_to_edit( $content, $richedit = false ) { + /** + * Filter the text to be formatted for editing. + * + * @since 1.2.0 + * + * @param string $content The text, prior to formatting for editing. + */ $content = apply_filters( 'format_to_edit', $content ); if ( ! $richedit ) $content = esc_textarea( $content ); return $content; } -/** - * Holder for the 'format_to_post' filter. - * - * @since 0.71 - * - * @param string $content The text to pass through the filter. - * @return string Text returned from the 'format_to_post' filter. - */ -function format_to_post($content) { - $content = apply_filters('format_to_post', $content); - return $content; -} - /** * Add leading zeros when necessary. * * If you set the threshold to '4' and the number is '10', then you will get - * back '0010'. If you set the number to '4' and the number is '5000', then you + * back '0010'. If you set the threshold to '4' and the number is '5000', then you * will get back '5000'. * * Uses sprintf to append the amount of zeros based on the $threshold parameter @@ -1162,43 +1498,42 @@ function zeroise($number, $threshold) { * @return string String with backslashes inserted. */ function backslashit($string) { - $string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string); - $string = preg_replace('/([a-z])/i', '\\\\\1', $string); - return $string; + if ( isset( $string[0] ) && $string[0] >= '0' && $string[0] <= '9' ) + $string = '\\\\' . $string; + return addcslashes( $string, 'A..Za..z' ); } /** * Appends a trailing slash. * - * Will remove trailing slash if it exists already before adding a trailing - * slash. This prevents double slashing a string or path. + * Will remove trailing forward and backslashes if it exists already before adding + * a trailing forward slash. This prevents double slashing a string or path. * * The primary use of this is for paths and thus should be used for paths. It is * not restricted to paths and offers no specific path support. * * @since 1.2.0 - * @uses untrailingslashit() Unslashes string if it was slashed already. * * @param string $string What to add the trailing slash to. * @return string String with trailing slash added. */ -function trailingslashit($string) { - return untrailingslashit($string) . '/'; +function trailingslashit( $string ) { + return untrailingslashit( $string ) . '/'; } /** - * Removes trailing slash if it exists. + * Removes trailing forward slashes and backslashes if they exist. * * The primary use of this is for paths and thus should be used for paths. It is * not restricted to paths and offers no specific path support. * * @since 2.2.0 * - * @param string $string What to remove the trailing slash from. - * @return string String without the trailing slash. + * @param string $string What to remove the trailing slashes from. + * @return string String without the trailing slashes. */ -function untrailingslashit($string) { - return rtrim($string, '/'); +function untrailingslashit( $string ) { + return rtrim( $string, '/\\' ); } /** @@ -1216,7 +1551,7 @@ function addslashes_gpc($gpc) { if ( get_magic_quotes_gpc() ) $gpc = stripslashes($gpc); - return esc_sql($gpc); + return wp_slash($gpc); } /** @@ -1227,8 +1562,8 @@ function addslashes_gpc($gpc) { * * @since 2.0.0 * - * @param array|string $value The array or string to be stripped. - * @return array|string Stripped array (or string in the callback). + * @param mixed $value The value to be stripped. + * @return mixed Stripped value. */ function stripslashes_deep($value) { if ( is_array($value) ) { @@ -1238,7 +1573,7 @@ function stripslashes_deep($value) { foreach ($vars as $key=>$data) { $value->{$key} = stripslashes_deep( $data ); } - } else { + } elseif ( is_string( $value ) ) { $value = stripslashes($value); } @@ -1248,8 +1583,6 @@ function stripslashes_deep($value) { /** * Navigates through an array and encodes the values to be used in a URL. * - * Uses a callback to pass the value of the array back to the function as a - * string. * * @since 2.2.0 * @@ -1261,30 +1594,43 @@ function urlencode_deep($value) { return $value; } +/** + * Navigates through an array and raw encodes the values to be used in a URL. + * + * @since 3.4.0 + * + * @param array|string $value The array or string to be encoded. + * @return array|string $value The encoded array (or string from the callback). + */ +function rawurlencode_deep( $value ) { + return is_array( $value ) ? array_map( 'rawurlencode_deep', $value ) : rawurlencode( $value ); +} + /** * Converts email addresses characters to HTML entities to block spam bots. * * @since 0.71 * - * @param string $emailaddy Email address. - * @param int $mailto Optional. Range from 0 to 1. Used for encoding. + * @param string $email_address Email address. + * @param int $hex_encoding Optional. Set to 1 to enable hex encoding. * @return string Converted email address. */ -function antispambot($emailaddy, $mailto=0) { - $emailNOSPAMaddy = ''; - srand ((float) microtime() * 1000000); - for ($i = 0; $i < strlen($emailaddy); $i = $i + 1) { - $j = floor(rand(0, 1+$mailto)); - if ($j==0) { - $emailNOSPAMaddy .= ''.ord(substr($emailaddy,$i,1)).';'; - } elseif ($j==1) { - $emailNOSPAMaddy .= substr($emailaddy,$i,1); - } elseif ($j==2) { - $emailNOSPAMaddy .= '%'.zeroise(dechex(ord(substr($emailaddy, $i, 1))), 2); +function antispambot( $email_address, $hex_encoding = 0 ) { + $email_no_spam_address = ''; + for ( $i = 0; $i < strlen( $email_address ); $i++ ) { + $j = rand( 0, 1 + $hex_encoding ); + if ( $j == 0 ) { + $email_no_spam_address .= '' . ord( $email_address[$i] ) . ';'; + } elseif ( $j == 1 ) { + $email_no_spam_address .= $email_address[$i]; + } elseif ( $j == 2 ) { + $email_no_spam_address .= '%' . zeroise( dechex( ord( $email_address[$i] ) ), 2 ); } } - $emailNOSPAMaddy = str_replace('@','@',$emailNOSPAMaddy); - return $emailNOSPAMaddy; + + $email_no_spam_address = str_replace( '@', '@', $email_no_spam_address ); + + return $email_no_spam_address; } /** @@ -1301,9 +1647,17 @@ function antispambot($emailaddy, $mailto=0) { */ function _make_url_clickable_cb($matches) { $url = $matches[2]; - $suffix = ''; - /** Include parentheses in the URL only if paired **/ + if ( ')' == $matches[3] && strpos( $url, '(' ) ) { + // If the trailing character is a closing parethesis, and the URL has an opening parenthesis in it, add the closing parenthesis to the URL. + // Then we can let the parenthesis balancer do its thing below. + $url .= $matches[3]; + $suffix = ''; + } else { + $suffix = $matches[3]; + } + + // Include parentheses in the URL only if paired while ( substr_count( $url, '(' ) < substr_count( $url, ')' ) ) { $suffix = strrchr( $url, ')' ) . $suffix; $url = substr( $url, 0, strrpos( $url, ')' ) ); @@ -1369,23 +1723,124 @@ function _make_email_clickable_cb($matches) { * * @since 0.71 * - * @param string $ret Content to convert URIs. + * @param string $text Content to convert URIs. * @return string Content with converted URIs. */ -function make_clickable($ret) { - $ret = ' ' . $ret; - // in testing, using arrays here was found to be faster - $save = @ini_set('pcre.recursion_limit', 10000); - $retval = preg_replace_callback('#(?])(\()?([\w]+?://(?:[\w\\x80-\\xff\#%~/?@\[\]-]{1,2000}|[\'*(+.,;:!=&$](?![\b\)]|(\))?([\s]|$))|(?(1)\)(?![\s<.,;:]|$)|\)))+)#is', '_make_url_clickable_cb', $ret); - if (null !== $retval ) - $ret = $retval; - @ini_set('pcre.recursion_limit', $save); - $ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]+)#is', '_make_web_ftp_clickable_cb', $ret); - $ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret); - // this one is not in an array because we need it to run last, for cleanup of accidental links within links - $ret = preg_replace("#(]+?>|>))]+?>([^>]+?)#i", "$1$3", $ret); - $ret = trim($ret); - return $ret; +function make_clickable( $text ) { + $r = ''; + $textarr = preg_split( '/(<[^<>]+>)/', $text, -1, PREG_SPLIT_DELIM_CAPTURE ); // split out HTML tags + $nested_code_pre = 0; // Keep track of how many levels link is nested inside
or
+ foreach ( $textarr as $piece ) {
+
+ if ( preg_match( '|^]|i', $piece ) || preg_match( '|^]|i', $piece ) )
+ $nested_code_pre++;
+ elseif ( ( '
' === strtolower( $piece ) || '
' === strtolower( $piece ) ) && $nested_code_pre )
+ $nested_code_pre--;
+
+ if ( $nested_code_pre || empty( $piece ) || ( $piece[0] === '<' && ! preg_match( '|^<\s*[\w]{1,20}+://|', $piece ) ) ) {
+ $r .= $piece;
+ continue;
+ }
+
+ // Long strings might contain expensive edge cases ...
+ if ( 10000 < strlen( $piece ) ) {
+ // ... break it up
+ foreach ( _split_str_by_whitespace( $piece, 2100 ) as $chunk ) { // 2100: Extra room for scheme and leading and trailing paretheses
+ if ( 2101 < strlen( $chunk ) ) {
+ $r .= $chunk; // Too big, no whitespace: bail.
+ } else {
+ $r .= make_clickable( $chunk );
+ }
+ }
+ } else {
+ $ret = " $piece "; // Pad with whitespace to simplify the regexes
+
+ $url_clickable = '~
+ ([\\s(<.,;:!?]) # 1: Leading whitespace, or punctuation
+ ( # 2: URL
+ [\\w]{1,20}+:// # Scheme and hier-part prefix
+ (?=\S{1,2000}\s) # Limit to URLs less than about 2000 characters long
+ [\\w\\x80-\\xff#%\\~/@\\[\\]*(+=&$-]*+ # Non-punctuation URL character
+ (?: # Unroll the Loop: Only allow puctuation URL character if followed by a non-punctuation URL character
+ [\'.,;:!?)] # Punctuation URL character
+ [\\w\\x80-\\xff#%\\~/@\\[\\]*(+=&$-]++ # Non-punctuation URL character
+ )*
+ )
+ (\)?) # 3: Trailing closing parenthesis (for parethesis balancing post processing)
+ ~xS'; // The regex is a non-anchored pattern and does not have a single fixed starting character.
+ // Tell PCRE to spend more time optimizing since, when used on a page load, it will probably be used several times.
+
+ $ret = preg_replace_callback( $url_clickable, '_make_url_clickable_cb', $ret );
+
+ $ret = preg_replace_callback( '#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]+)#is', '_make_web_ftp_clickable_cb', $ret );
+ $ret = preg_replace_callback( '#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret );
+
+ $ret = substr( $ret, 1, -1 ); // Remove our whitespace padding.
+ $r .= $ret;
+ }
+ }
+
+ // Cleanup of accidental links within links
+ $r = preg_replace( '#(]+?>|>))]+?>([^>]+?)#i', "$1$3", $r );
+ return $r;
+}
+
+/**
+ * Breaks a string into chunks by splitting at whitespace characters.
+ * The length of each returned chunk is as close to the specified length goal as possible,
+ * with the caveat that each chunk includes its trailing delimiter.
+ * Chunks longer than the goal are guaranteed to not have any inner whitespace.
+ *
+ * Joining the returned chunks with empty delimiters reconstructs the input string losslessly.
+ *
+ * Input string must have no null characters (or eventual transformations on output chunks must not care about null characters)
+ *
+ *
+ * _split_str_by_whitespace( "1234 67890 1234 67890a cd 1234 890 123456789 1234567890a 45678 1 3 5 7 90 ", 10 ) ==
+ * array (
+ * 0 => '1234 67890 ', // 11 characters: Perfect split
+ * 1 => '1234 ', // 5 characters: '1234 67890a' was too long
+ * 2 => '67890a cd ', // 10 characters: '67890a cd 1234' was too long
+ * 3 => '1234 890 ', // 11 characters: Perfect split
+ * 4 => '123456789 ', // 10 characters: '123456789 1234567890a' was too long
+ * 5 => '1234567890a ', // 12 characters: Too long, but no inner whitespace on which to split
+ * 6 => ' 45678 ', // 11 characters: Perfect split
+ * 7 => '1 3 5 7 9', // 9 characters: End of $string
+ * );
+ *
+ *
+ * @since 3.4.0
+ * @access private
+ *
+ * @param string $string The string to split.
+ * @param int $goal The desired chunk length.
+ * @return array Numeric array of chunks.
+ */
+function _split_str_by_whitespace( $string, $goal ) {
+ $chunks = array();
+
+ $string_nullspace = strtr( $string, "\r\n\t\v\f ", "\000\000\000\000\000\000" );
+
+ while ( $goal < strlen( $string_nullspace ) ) {
+ $pos = strrpos( substr( $string_nullspace, 0, $goal + 1 ), "\000" );
+
+ if ( false === $pos ) {
+ $pos = strpos( $string_nullspace, "\000", $goal + 1 );
+ if ( false === $pos ) {
+ break;
+ }
+ }
+
+ $chunks[] = substr( $string, 0, $pos + 1 );
+ $string = substr( $string, $pos + 1 );
+ $string_nullspace = substr( $string_nullspace, $pos + 1 );
+ }
+
+ if ( $string ) {
+ $chunks[] = $string;
+ }
+
+ return $chunks;
}
/**
@@ -1400,12 +1855,12 @@ function wp_rel_nofollow( $text ) {
// This is a pre save filter, so text is already escaped.
$text = stripslashes($text);
$text = preg_replace_callback('||i', 'wp_rel_nofollow_callback', $text);
- $text = esc_sql($text);
+ $text = wp_slash($text);
return $text;
}
/**
- * Callback to used to add rel=nofollow string to HTML A element.
+ * Callback to add rel=nofollow string to HTML A element.
*
* Will remove already existing rel="nofollow" and rel='nofollow' from the
* string to prevent from invalidating (X)HTML.
@@ -1424,29 +1879,37 @@ function wp_rel_nofollow_callback( $matches ) {
/**
* Convert one smiley code to the icon graphic file equivalent.
*
+ * Callback handler for {@link convert_smilies()}.
* Looks up one smiley code in the $wpsmiliestrans global array and returns an
*