X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/58f607a1de715c9bca69340a4d6fb9e1b9c2bed2..e9d988989fe37ab8c5f903e47fbe36e6e00dc51f:/wp-includes/formatting.php
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 58c826f9..6c53f863 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -56,7 +56,7 @@ function wptexturize($text) {
$static_characters = array_merge(array('---', ' -- ', '--', ' - ', 'xn–', '...', '``', '\'\'', ' (tm)'), $cockney);
$static_replacements = array_merge(array('—', ' — ', '–', ' – ', 'xn--', '…', $opening_quote, $closing_quote, ' ™'), $cockneyreplace);
- $dynamic_characters = array('/\'(\d\d(?:’|\')?s)/', '/\'(\d+)/', '/(\s|\A|[([{<]|")\'/', '/(\d+)"/', '/(\d+)\'/', '/(\S)\'([^\'\s])/', '/(\s|\A|[([{<])"(?!\s)/', '/"(\s|\S|\Z)/', '/\'([\s.]|\Z)/', '/\b(\d+)x(\d+)\b/');
+ $dynamic_characters = array('/\'(\d\d(?:’|\')?s)/', '/\'(\d)/', '/(\s|\A|[([{<]|")\'/', '/(\d)"/', '/(\d)\'/', '/(\S)\'([^\'\s])/', '/(\s|\A|[([{<])"(?!\s)/', '/"(\s|\S|\Z)/', '/\'([\s.]|\Z)/', '/\b(\d+)x(\d+)\b/');
$dynamic_replacements = array('’$1','’$1', '$1‘', '$1″', '$1′', '$1’$2', '$1' . $opening_quote . '$2', $closing_quote . '$1', '’$1', '$1×$2');
$static_setup = true;
@@ -73,7 +73,7 @@ function wptexturize($text) {
for ( $i = 0; $i < $stop; $i++ ) {
$curl = $textarr[$i];
- if ( !empty($curl) && '<' != $curl{0} && '[' != $curl{0}
+ if ( !empty($curl) && '<' != $curl[0] && '[' != $curl[0]
&& empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack)) {
// This is not a tag, nor is the texturization disabled
// static strings
@@ -85,9 +85,9 @@ function wptexturize($text) {
* Only call _wptexturize_pushpop_element if first char is correct
* tag opening
*/
- if ('<' == $curl{0})
+ if ('<' == $curl[0])
_wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
- elseif ('[' == $curl{0})
+ elseif ('[' == $curl[0])
_wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
}
@@ -208,7 +208,7 @@ function wpautop($pee, $br = 1) {
$pee = preg_replace('!\s*(]*>)!', "$1", $pee);
$pee = preg_replace('!(]*>)\s*
!', "$1", $pee);
if ($br) {
- $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "", $matches[0]);'), $pee);
+ $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', '_autop_newline_preservation_helper', $pee);
$pee = preg_replace('|(?)\s*\n|', "
\n", $pee); // optionally make line breaks
$pee = str_replace('', "\n", $pee);
}
@@ -221,6 +221,18 @@ function wpautop($pee, $br = 1) {
return $pee;
}
+/**
+ * Newline preservation help function for wpautop
+ *
+ * @since 3.1.0
+ * @access private
+ * @param array $matches preg_replace_callback matches array
+ * @returns string
+ */
+function _autop_newline_preservation_helper( $matches ) {
+ return str_replace("\n", "", $matches[0]);
+}
+
/**
* Don't auto-p wrap shortcodes that stand alone
*
@@ -538,30 +550,33 @@ function remove_accents($string) {
chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
- chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
- chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
- chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
- chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
- chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
+ chr(195).chr(134) => 'AE',chr(195).chr(135) => 'C',
+ chr(195).chr(136) => 'E', chr(195).chr(137) => 'E',
+ chr(195).chr(138) => 'E', chr(195).chr(139) => 'E',
+ chr(195).chr(140) => 'I', chr(195).chr(141) => 'I',
+ chr(195).chr(142) => 'I', chr(195).chr(143) => 'I',
+ chr(195).chr(144) => 'D', chr(195).chr(145) => 'N',
chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
- chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
- chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
- chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
- chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
+ chr(195).chr(158) => 'TH',chr(195).chr(159) => 's',
+ chr(195).chr(160) => 'a', chr(195).chr(161) => 'a',
+ chr(195).chr(162) => 'a', chr(195).chr(163) => 'a',
+ chr(195).chr(164) => 'a', chr(195).chr(165) => 'a',
+ chr(195).chr(166) => 'ae',chr(195).chr(167) => 'c',
chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
- chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
- chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
- chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
- chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
- chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
- chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
+ chr(195).chr(176) => 'd', chr(195).chr(177) => 'n',
+ chr(195).chr(178) => 'o', chr(195).chr(179) => 'o',
+ chr(195).chr(180) => 'o', chr(195).chr(181) => 'o',
+ chr(195).chr(182) => 'o', chr(195).chr(182) => 'o',
+ chr(195).chr(185) => 'u', chr(195).chr(186) => 'u',
+ chr(195).chr(187) => 'u', chr(195).chr(188) => 'u',
+ chr(195).chr(189) => 'y', chr(195).chr(190) => 'th',
chr(195).chr(191) => 'y',
// Decompositions for Latin Extended-A
chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
@@ -628,6 +643,9 @@ function remove_accents($string) {
chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
+ // Decompositions for Latin Extended-B
+ chr(200).chr(152) => 'S', chr(200).chr(153) => 's',
+ chr(200).chr(154) => 'T', chr(200).chr(155) => 't',
// Euro Sign
chr(226).chr(130).chr(172) => 'E',
// GBP (Pound) Sign
@@ -700,7 +718,7 @@ function sanitize_file_name( $filename ) {
if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
$allowed = false;
foreach ( $mimes as $ext_preg => $mime_match ) {
- $ext_preg = '!(^' . $ext_preg . ')$!i';
+ $ext_preg = '!^(' . $ext_preg . ')$!i';
if ( preg_match( $ext_preg, $part ) ) {
$allowed = true;
break;
@@ -718,12 +736,10 @@ function sanitize_file_name( $filename ) {
/**
* Sanitize username stripping out unsafe characters.
*
- * If $strict is true, only alphanumeric characters (as well as _, space, ., -,
- * @) are returned.
- * Removes tags, octets, entities, and if strict is enabled, will remove all
- * non-ASCII characters. After sanitizing, it passes the username, raw username
- * (the username in the parameter), and the strict parameter as parameters for
- * the filter.
+ * Removes tags, octets, entities, and if strict is enabled, will only keep
+ * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
+ * raw username (the username in the parameter), and the value of $strict as
+ * parameters for the 'sanitize_user' filter.
*
* @since 2.0.0
* @uses apply_filters() Calls 'sanitize_user' hook on username, raw username,
@@ -745,6 +761,7 @@ function sanitize_user( $username, $strict = false ) {
if ( $strict )
$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
+ $username = trim( $username );
// Consolidate contiguous whitespace
$username = preg_replace( '|\s+|', ' ', $username );
@@ -754,7 +771,7 @@ function sanitize_user( $username, $strict = false ) {
/**
* Sanitize a string key.
*
- * Keys are used as internal identifiers. They should be lowercase ASCII. Dashes and underscores are allowed.
+ * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.
*
* @since 3.0.0
*
@@ -763,17 +780,9 @@ function sanitize_user( $username, $strict = false ) {
*/
function sanitize_key( $key ) {
$raw_key = $key;
- $key = wp_strip_all_tags($key);
- // Kill octets
- $key = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $key);
- $key = preg_replace('/&.+?;/', '', $key); // Kill entities
-
- $key = preg_replace('|[^a-z0-9 _.\-@]|i', '', $key);
-
- // Consolidate contiguous whitespace
- $key = preg_replace('|\s+|', ' ', $key);
-
- return apply_filters('sanitize_key', $key, $raw_key);
+ $key = strtolower( $key );
+ $key = preg_replace( '/[^a-z0-9_\-]/', '', $key );
+ return apply_filters( 'sanitize_key', $key, $raw_key );
}
/**
@@ -787,12 +796,16 @@ function sanitize_key( $key ) {
*
* @param string $title The string to be sanitized.
* @param string $fallback_title Optional. A title to use if $title is empty.
+ * @param string $context Optional. The operation for which the string is sanitized
* @return string The sanitized string.
*/
-function sanitize_title($title, $fallback_title = '') {
+function sanitize_title($title, $fallback_title = '', $context = 'save') {
$raw_title = $title;
- $title = strip_tags($title);
- $title = apply_filters('sanitize_title', $title, $raw_title);
+
+ if ( 'save' == $context )
+ $title = remove_accents($title);
+
+ $title = apply_filters('sanitize_title', $title, $raw_title, $context);
if ( '' === $title || false === $title )
$title = $fallback_title;
@@ -800,6 +813,10 @@ function sanitize_title($title, $fallback_title = '') {
return $title;
}
+function sanitize_title_for_query($title) {
+ return sanitize_title($title, '', 'query');
+}
+
/**
* Sanitizes title, replacing whitespace with dashes.
*
@@ -820,7 +837,6 @@ function sanitize_title_with_dashes($title) {
// Restore octets.
$title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
- $title = remove_accents($title);
if (seems_utf8($title)) {
if (function_exists('mb_strtolower')) {
$title = mb_strtolower($title, 'UTF-8');
@@ -980,7 +996,7 @@ function balanceTags( $text, $force = false ) {
* @since 2.0.4
*
* @author Leonard Lin
- * @license GPL v2.0
+ * @license GPL
* @copyright November 4, 2001
* @version 1.1
* @todo Make better - change loop condition to $text in 1.2
@@ -1098,8 +1114,8 @@ function force_balance_tags( $text ) {
* Acts on text which is about to be edited.
*
* Unless $richedit is set, it is simply a holder for the 'format_to_edit'
- * filter. If $richedit is set true htmlspecialchars() will be run on the
- * content, converting special characters to HTMl entities.
+ * filter. If $richedit is set true htmlspecialchars(), through esc_textarea(),
+ * will be run on the content, converting special characters to HTML entities.
*
* @since 0.71
*
@@ -1107,10 +1123,10 @@ function force_balance_tags( $text ) {
* @param bool $richedit Whether the $content should pass through htmlspecialchars(). Default false.
* @return string The text after the filter (and possibly htmlspecialchars()) has been run.
*/
-function format_to_edit($content, $richedit = false) {
- $content = apply_filters('format_to_edit', $content);
- if (! $richedit )
- $content = htmlspecialchars($content);
+function format_to_edit( $content, $richedit = false ) {
+ $content = apply_filters( 'format_to_edit', $content );
+ if ( ! $richedit )
+ $content = esc_textarea( $content );
return $content;
}
@@ -1296,12 +1312,19 @@ function antispambot($emailaddy, $mailto=0) {
*/
function _make_url_clickable_cb($matches) {
$url = $matches[2];
+ $suffix = '';
+
+ /** Include parentheses in the URL only if paired **/
+ while ( substr_count( $url, '(' ) < substr_count( $url, ')' ) ) {
+ $suffix = strrchr( $url, ')' ) . $suffix;
+ $url = substr( $url, 0, strrpos( $url, ')' ) );
+ }
$url = esc_url($url);
if ( empty($url) )
return $matches[0];
- return $matches[1] . "$url";
+ return $matches[1] . "$url" . $suffix;
}
/**
@@ -1363,7 +1386,11 @@ function _make_email_clickable_cb($matches) {
function make_clickable($ret) {
$ret = ' ' . $ret;
// in testing, using arrays here was found to be faster
- $ret = preg_replace_callback('#(?<=[\s>])(\()?([\w]+?://(?:[\w\\x80-\\xff\#$%&~/=?@\[\](+-]|[.,;:](?![\s<]|(\))?([\s]|$))|(?(1)\)(?![\s<.,;:]|$)|\)))+)#is', '_make_url_clickable_cb', $ret);
+ $save = @ini_set('pcre.recursion_limit', 10000);
+ $retval = preg_replace_callback('#(?])(\()?([\w]+?://(?:[\w\\x80-\\xff\#%~/?@\[\]-]{1,2000}|[\'*(+.,;:!=&$](?![\b\)]|(\))?([\s]|$))|(?(1)\)(?![\s<.,;:]|$)|\)))+)#is', '_make_url_clickable_cb', $ret);
+ if (null !== $retval )
+ $ret = $retval;
+ @ini_set('pcre.recursion_limit', $save);
$ret = preg_replace_callback('#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]+)#is', '_make_web_ftp_clickable_cb', $ret);
$ret = preg_replace_callback('#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret);
// this one is not in an array because we need it to run last, for cleanup of accidental links within links
@@ -1424,13 +1451,11 @@ function translate_smiley($smiley) {
return '';
}
- $siteurl = get_option( 'siteurl' );
-
$smiley = trim(reset($smiley));
$img = $wpsmiliestrans[$smiley];
$smiley_masked = esc_attr($smiley);
- $srcurl = apply_filters('smilies_src', "$siteurl/wp-includes/images/smilies/$img", $img, $siteurl);
+ $srcurl = apply_filters('smilies_src', includes_url("images/smilies/$img"), $img, site_url());
return " 
";
}
@@ -1456,7 +1481,7 @@ function convert_smilies($text) {
$stop = count($textarr);// loop stuff
for ($i = 0; $i < $stop; $i++) {
$content = $textarr[$i];
- if ((strlen($content) > 0) && ('<' != $content{0})) { // If it's not a tag
+ if ((strlen($content) > 0) && ('<' != $content[0])) { // If it's not a tag
$content = preg_replace_callback($wp_smiliessearch, 'translate_smiley', $content);
}
$output .= $content;
@@ -1476,7 +1501,7 @@ function convert_smilies($text) {
* @since 0.71
*
* @param string $email Email address to verify.
- * @param boolean $deprecated. Deprecated.
+ * @param boolean $deprecated Deprecated.
* @return string|bool Either false or the valid email address.
*/
function is_email( $email, $deprecated = false ) {
@@ -1553,11 +1578,22 @@ function wp_iso_descrambler($string) {
return $string;
} else {
$subject = str_replace('_', ' ', $matches[2]);
- $subject = preg_replace_callback('#\=([0-9a-f]{2})#i', create_function('$match', 'return chr(hexdec(strtolower($match[1])));'), $subject);
+ $subject = preg_replace_callback('#\=([0-9a-f]{2})#i', '_wp_iso_convert', $subject);
return $subject;
}
}
+/**
+ * Helper function to convert hex encoded chars to ascii
+ *
+ * @since 3.1.0
+ * @access private
+ * @param array $match the preg_replace_callback matches array
+ */
+function _wp_iso_convert( $match ) {
+ return chr( hexdec( strtolower( $match[1] ) ) );
+}
+
/**
* Returns a date in the GMT equivalent.
*
@@ -1743,7 +1779,7 @@ function sanitize_email( $email ) {
$sub = trim( $sub, " \t\n\r\0\x0B-" );
// Test for invalid characters
- $sub = preg_replace( '/^[^a-z0-9-]+$/i', '', $sub );
+ $sub = preg_replace( '/[^a-z0-9-]+/i', '', $sub );
// If there's anything left, add it to the valid subs
if ( '' !== $sub ) {
@@ -2236,7 +2272,8 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
// Replace ampersands and single quotes only when displaying.
if ( 'display' == $_context ) {
- $url = preg_replace('/&([^#])(?![a-z]{2,8};)/', '&$1', $url);
+ $url = wp_kses_normalize_entities( $url );
+ $url = str_replace( '&', '&', $url );
$url = str_replace( "'", ''', $url );
}
@@ -2327,6 +2364,19 @@ function esc_attr( $text ) {
return apply_filters( 'attribute_escape', $safe_text, $text );
}
+/**
+ * Escaping for textarea values.
+ *
+ * @since 3.1
+ *
+ * @param string $text
+ * @return string
+ */
+function esc_textarea( $text ) {
+ $safe_text = htmlspecialchars( $text, ENT_QUOTES );
+ return apply_filters( 'esc_textarea', $safe_text, $text );
+}
+
/**
* Escape a HTML tag name.
*
@@ -2579,7 +2629,7 @@ function wp_sprintf( $pattern ) {
$fragment = substr($pattern, $start, $end - $start);
// Fragment has a specifier
- if ( $pattern{$start} == '%' ) {
+ if ( $pattern[$start] == '%' ) {
// Find numbered arguments or take the next one in order
if ( preg_match('/^%(\d+)\$/', $fragment, $matches) ) {
$arg = isset($args[$matches[1]]) ? $args[$matches[1]] : '';
@@ -2688,10 +2738,10 @@ function wp_html_excerpt( $str, $count ) {
* @return string The processed content.
*/
function links_add_base_url( $content, $base, $attrs = array('src', 'href') ) {
+ global $_links_add_base;
+ $_links_add_base = $base;
$attrs = implode('|', (array)$attrs);
- return preg_replace_callback("!($attrs)=(['\"])(.+?)\\2!i",
- create_function('$m', 'return _links_add_base($m, "' . $base . '");'),
- $content);
+ return preg_replace_callback( "!($attrs)=(['\"])(.+?)\\2!i", '_links_add_base', $content );
}
/**
@@ -2701,14 +2751,14 @@ function links_add_base_url( $content, $base, $attrs = array('src', 'href') ) {
* @access private
*
* @param string $m The matched link.
- * @param string $base The base URL to prefix to links.
* @return string The processed link.
*/
-function _links_add_base($m, $base) {
+function _links_add_base($m) {
+ global $_links_add_base;
//1 = attribute name 2 = quotation mark 3 = URL
return $m[1] . '=' . $m[2] .
(strpos($m[3], 'http://') === false ?
- path_join($base, $m[3]) :
+ path_join($_links_add_base, $m[3]) :
$m[3])
. $m[2];
}
@@ -2729,10 +2779,10 @@ function _links_add_base($m, $base) {
* @return string The processed content.
*/
function links_add_target( $content, $target = '_blank', $tags = array('a') ) {
+ global $_links_add_target;
+ $_links_add_target = $target;
$tags = implode('|', (array)$tags);
- return preg_replace_callback("!<($tags)(.+?)>!i",
- create_function('$m', 'return _links_add_target($m, "' . $target . '");'),
- $content);
+ return preg_replace_callback( "!<($tags)(.+?)>!i", '_links_add_target', $content );
}
/**
@@ -2742,13 +2792,13 @@ function links_add_target( $content, $target = '_blank', $tags = array('a') ) {
* @access private
*
* @param string $m The matched link.
- * @param string $target The Target to add to the links.
* @return string The processed link.
*/
-function _links_add_target( $m, $target ) {
+function _links_add_target( $m ) {
+ global $_links_add_target;
$tag = $m[1];
$link = preg_replace('|(target=[\'"](.*?)[\'"])|i', '', $m[2]);
- return '<' . $tag . $link . ' target="' . $target . '">';
+ return '<' . $tag . $link . ' target="' . esc_attr( $_links_add_target ) . '">';
}
// normalize EOL characters and strip duplicate whitespace
@@ -2818,6 +2868,19 @@ function sanitize_text_field($str) {
return apply_filters('sanitize_text_field', $filtered, $str);
}
+/**
+ * i18n friendly version of basename()
+ *
+ * @since 3.1.0
+ *
+ * @param string $path A path.
+ * @param string $suffix If the filename ends in suffix this will also be cut off.
+ * @return string
+ */
+function wp_basename( $path, $suffix = '' ) {
+ return urldecode( basename( str_replace( '%2F', '/', urlencode( $path ) ), $suffix ) );
+}
+
/**
* Forever eliminate "Wordpress" from the planet (or at least the little bit we can influence).
*
@@ -2825,7 +2888,6 @@ function sanitize_text_field($str) {
*
* @since 3.0.0
*/
-
function capital_P_dangit( $text ) {
// Simple replacement for titles
if ( 'the_title' === current_filter() )
@@ -2841,4 +2903,17 @@ function capital_P_dangit( $text ) {
}
+/**
+ * Sanitize a mime type
+ *
+ * @since 3.1.3
+ *
+ * @param string $mime_type Mime type
+ * @return string Sanitized mime type
+ */
+function sanitize_mime_type( $mime_type ) {
+ $sani_mime_type = preg_replace( '/[^-*.a-zA-Z0-9\/]/', '', $mime_type );
+ return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type );
+}
+
?>