X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/6c8f14c09105d0afa4c1574215c59b5021040e76..fa11948979fd6a4ea5705dc613b239699a459db3:/wp-includes/formatting.php
diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php
index 05d72275..904c99b1 100644
--- a/wp-includes/formatting.php
+++ b/wp-includes/formatting.php
@@ -5,7 +5,7 @@
* Handles many functions for formatting output.
*
* @package WordPress
- **/
+ */
/**
* Replaces common plain text characters into formatted entities
@@ -134,8 +134,8 @@ function wptexturize($text) {
* Search for disabled element tags. Push element to stack on tag open and pop
* on tag close. Assumes first character of $text is tag opening.
*
- * @access private
* @since 2.9.0
+ * @access private
*
* @param string $text Text to check. First character is assumed to be $opening
* @param array $stack Array used as stack of opened tag elements
@@ -220,7 +220,7 @@ function wpautop($pee, $br = true) {
$pee = preg_replace('|
\s*
|', "\n\n", $pee);
// Space things out a little
- $allblocks = '(?:table|thead|tfoot|caption|col|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|option|form|map|area|blockquote|address|math|style|p|h[1-6]|hr|fieldset|noscript|samp|legend|section|article|aside|hgroup|header|footer|nav|figure|figcaption|details|menu|summary)';
+ $allblocks = '(?:table|thead|tfoot|caption|col|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|option|form|map|area|blockquote|address|math|style|p|h[1-6]|hr|fieldset|noscript|legend|section|article|aside|hgroup|header|footer|nav|figure|figcaption|details|menu|summary)';
$pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
$pee = preg_replace('!()!', "$1\n\n", $pee);
$pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
@@ -262,6 +262,7 @@ function wpautop($pee, $br = true) {
*
* @since 3.1.0
* @access private
+ *
* @param array $matches preg_replace_callback matches array
* @return string
*/
@@ -363,6 +364,7 @@ function seems_utf8($str) {
* ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
*
* @since 1.2.2
+ * @access private
*
* @param string $string The text which is to be encoded.
* @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
@@ -442,7 +444,7 @@ function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = fals
* $quote_style can be set to ENT_COMPAT to decode " entities,
* or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded.
*
- * @since 2.8
+ * @since 2.8.0
*
* @param string $string The text which is to be decoded.
* @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
@@ -499,7 +501,7 @@ function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
/**
* Checks for invalid UTF8 in a string.
*
- * @since 2.8
+ * @since 2.8.0
*
* @param string $string The text which is to be checked.
* @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
@@ -785,6 +787,19 @@ function remove_accents($string) {
chr(199).chr(155) => 'U', chr(199).chr(156) => 'u',
);
+ // Used for locale-specific rules
+ $locale = get_locale();
+
+ if ( 'de_DE' == $locale ) {
+ $chars[ chr(195).chr(132) ] = 'Ae';
+ $chars[ chr(195).chr(164) ] = 'ae';
+ $chars[ chr(195).chr(150) ] = 'Oe';
+ $chars[ chr(195).chr(182) ] = 'oe';
+ $chars[ chr(195).chr(156) ] = 'Ue';
+ $chars[ chr(195).chr(188) ] = 'ue';
+ $chars[ chr(195).chr(159) ] = 'ss';
+ }
+
$string = strtr($string, $chars);
} else {
// Assume ISO-8859-1 if not UTF-8
@@ -811,12 +826,12 @@ function remove_accents($string) {
}
/**
- * Sanitizes a filename replacing whitespace with dashes
+ * Sanitizes a filename, replacing whitespace with dashes.
*
* Removes special characters that are illegal in filenames on certain
* operating systems and special characters requiring special escaping
* to manipulate at the command line. Replaces spaces and consecutive
- * dashes with a single dash. Trim period, dash and underscore from beginning
+ * dashes with a single dash. Trims period, dash and underscore from beginning
* and end of filename.
*
* @since 2.1.0
@@ -868,7 +883,7 @@ function sanitize_file_name( $filename ) {
}
/**
- * Sanitize username stripping out unsafe characters.
+ * Sanitizes a username, stripping out unsafe characters.
*
* Removes tags, octets, entities, and if strict is enabled, will only keep
* alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,
@@ -903,7 +918,7 @@ function sanitize_user( $username, $strict = false ) {
}
/**
- * Sanitize a string key.
+ * Sanitizes a string key.
*
* Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.
*
@@ -920,7 +935,7 @@ function sanitize_key( $key ) {
}
/**
- * Sanitizes title or use fallback title.
+ * Sanitizes a title, or returns a fallback title.
*
* Specifically, HTML and PHP tags are stripped. Further actions can be added
* via the plugin API. If $title is empty and $fallback_title is set, the latter
@@ -933,7 +948,7 @@ function sanitize_key( $key ) {
* @param string $context Optional. The operation for which the string is sanitized
* @return string The sanitized string.
*/
-function sanitize_title($title, $fallback_title = '', $context = 'save') {
+function sanitize_title( $title, $fallback_title = '', $context = 'save' ) {
$raw_title = $title;
if ( 'save' == $context )
@@ -947,12 +962,23 @@ function sanitize_title($title, $fallback_title = '', $context = 'save') {
return $title;
}
-function sanitize_title_for_query($title) {
- return sanitize_title($title, '', 'query');
+/**
+ * Sanitizes a title with the 'query' context.
+ *
+ * Used for querying the database for a value from URL.
+ *
+ * @since 3.1.0
+ * @uses sanitize_title()
+ *
+ * @param string $title The string to be sanitized.
+ * @return string The sanitized string.
+ */
+function sanitize_title_for_query( $title ) {
+ return sanitize_title( $title, '', 'query' );
}
/**
- * Sanitizes title, replacing whitespace and a few other characters with dashes.
+ * Sanitizes a title, replacing whitespace and a few other characters with dashes.
*
* Limits the output to alphanumeric characters, underscore (_) and dash (-).
* Whitespace becomes a dash.
@@ -964,7 +990,7 @@ function sanitize_title_for_query($title) {
* @param string $context Optional. The operation for which the string is sanitized.
* @return string The sanitized title.
*/
-function sanitize_title_with_dashes($title, $raw_title = '', $context = 'display') {
+function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) {
$title = strip_tags($title);
// Preserve escaped octets.
$title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
@@ -999,8 +1025,10 @@ function sanitize_title_with_dashes($title, $raw_title = '', $context = 'display
'%e2%80%9a', '%e2%80%9b', '%e2%80%9e', '%e2%80%9f',
// copy, reg, deg, hellip and trade
'%c2%a9', '%c2%ae', '%c2%b0', '%e2%80%a6', '%e2%84%a2',
- // grave accent, acute accent, macron, caron
- '%cc%80', '%cc%81', '%cc%84', '%cc%8c',
+ // acute accents
+ '%c2%b4', '%cb%8a', '%cc%81', '%cd%81',
+ // grave accent, macron, caron
+ '%cc%80', '%cc%84', '%cc%8c',
), '', $title );
// Convert times to x
@@ -1034,7 +1062,7 @@ function sanitize_sql_orderby( $orderby ){
}
/**
- * Santizes a html classname to ensure it only contains valid characters
+ * Sanitizes an HTML classname to ensure it only contains valid characters.
*
* Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty
* string then it will return the alternative value supplied.
@@ -1132,9 +1160,7 @@ function convert_chars($content, $deprecated = '') {
}
/**
- * Will only balance the tags if forced to and the option is set to balance tags.
- *
- * The option 'use_balanceTags' is used to determine whether the tags will be balanced.
+ * Balances tags if forced to, or if the 'use_balanceTags' option is set to true.
*
* @since 0.71
*
@@ -1143,9 +1169,10 @@ function convert_chars($content, $deprecated = '') {
* @return string Balanced text
*/
function balanceTags( $text, $force = false ) {
- if ( !$force && get_option('use_balanceTags') == 0 )
+ if ( $force || get_option('use_balanceTags') == 1 )
+ return force_balance_tags( $text );
+ else
return $text;
- return force_balance_tags( $text );
}
/**
@@ -1342,9 +1369,9 @@ function zeroise($number, $threshold) {
* @return string String with backslashes inserted.
*/
function backslashit($string) {
- $string = preg_replace('/^([0-9])/', '\\\\\\\\\1', $string);
- $string = preg_replace('/([a-z])/i', '\\\\\1', $string);
- return $string;
+ if ( isset( $string[0] ) && $string[0] >= '0' && $string[0] <= '9' )
+ $string = '\\\\' . $string;
+ return addcslashes( $string, 'A..Za..z' );
}
/**
@@ -1396,7 +1423,7 @@ function addslashes_gpc($gpc) {
if ( get_magic_quotes_gpc() )
$gpc = stripslashes($gpc);
- return esc_sql($gpc);
+ return wp_slash($gpc);
}
/**
@@ -1456,25 +1483,26 @@ function rawurlencode_deep( $value ) {
*
* @since 0.71
*
- * @param string $emailaddy Email address.
- * @param int $mailto Optional. Range from 0 to 1. Used for encoding.
+ * @param string $email_address Email address.
+ * @param int $hex_encoding Optional. Set to 1 to enable hex encoding.
* @return string Converted email address.
*/
-function antispambot($emailaddy, $mailto=0) {
- $emailNOSPAMaddy = '';
- srand ((float) microtime() * 1000000);
- for ($i = 0; $i < strlen($emailaddy); $i = $i + 1) {
- $j = floor(rand(0, 1+$mailto));
- if ($j==0) {
- $emailNOSPAMaddy .= '&#'.ord(substr($emailaddy,$i,1)).';';
- } elseif ($j==1) {
- $emailNOSPAMaddy .= substr($emailaddy,$i,1);
- } elseif ($j==2) {
- $emailNOSPAMaddy .= '%'.zeroise(dechex(ord(substr($emailaddy, $i, 1))), 2);
+function antispambot( $email_address, $hex_encoding = 0 ) {
+ $email_no_spam_address = '';
+ for ( $i = 0; $i < strlen( $email_address ); $i++ ) {
+ $j = rand( 0, 1 + $hex_encoding );
+ if ( $j == 0 ) {
+ $email_no_spam_address .= '&#' . ord( $email_address[$i] ) . ';';
+ } elseif ( $j == 1 ) {
+ $email_no_spam_address .= $email_address[$i];
+ } elseif ( $j == 2 ) {
+ $email_no_spam_address .= '%' . zeroise( dechex( ord( $email_address[$i] ) ), 2 );
}
}
- $emailNOSPAMaddy = str_replace('@','@',$emailNOSPAMaddy);
- return $emailNOSPAMaddy;
+
+ $email_no_spam_address = str_replace( '@', '@', $email_no_spam_address );
+
+ return $email_no_spam_address;
}
/**
@@ -1692,12 +1720,12 @@ function wp_rel_nofollow( $text ) {
// This is a pre save filter, so text is already escaped.
$text = stripslashes($text);
$text = preg_replace_callback('||i', 'wp_rel_nofollow_callback', $text);
- $text = esc_sql($text);
+ $text = wp_slash($text);
return $text;
}
/**
- * Callback to used to add rel=nofollow string to HTML A element.
+ * Callback to add rel=nofollow string to HTML A element.
*
* Will remove already existing rel="nofollow" and rel='nofollow' from the
* string to prevent from invalidating (X)HTML.
@@ -1716,29 +1744,29 @@ function wp_rel_nofollow_callback( $matches ) {
/**
* Convert one smiley code to the icon graphic file equivalent.
*
+ * Callback handler for {@link convert_smilies()}.
* Looks up one smiley code in the $wpsmiliestrans global array and returns an
* ![]()
string for that smiley.
*
* @global array $wpsmiliestrans
* @since 2.8.0
*
- * @param string $smiley Smiley code to convert to image.
+ * @param array $matches Single match. Smiley code to convert to image.
* @return string Image string for smiley.
*/
-function translate_smiley($smiley) {
+function translate_smiley( $matches ) {
global $wpsmiliestrans;
- if (count($smiley) == 0) {
+ if ( count( $matches ) == 0 )
return '';
- }
- $smiley = trim(reset($smiley));
- $img = $wpsmiliestrans[$smiley];
- $smiley_masked = esc_attr($smiley);
+ $smiley = trim( reset( $matches ) );
+ $img = $wpsmiliestrans[ $smiley ];
+ $smiley_masked = esc_attr( $smiley );
- $srcurl = apply_filters('smilies_src', includes_url("images/smilies/$img"), $img, site_url());
+ $src_url = apply_filters( 'smilies_src', includes_url( "images/smilies/$img" ), $img, site_url() );
- return " 
";
+ return " 
";
}
/**
@@ -1868,6 +1896,7 @@ function wp_iso_descrambler($string) {
*
* @since 3.1.0
* @access private
+ *
* @param array $match The preg_replace_callback matches array
* @return array Converted chars
*/
@@ -1878,39 +1907,31 @@ function _wp_iso_convert( $match ) {
/**
* Returns a date in the GMT equivalent.
*
- * Requires and returns a date in the Y-m-d H:i:s format. Simply subtracts the
- * value of the 'gmt_offset' option. Return format can be overridden using the
- * $format parameter. The DateTime and DateTimeZone classes are used to respect
- * time zone differences in DST.
+ * Requires and returns a date in the Y-m-d H:i:s format. If there is a
+ * timezone_string available, the date is assumed to be in that timezone,
+ * otherwise it simply subtracts the value of the 'gmt_offset' option. Return
+ * format can be overridden using the $format parameter.
*
* @since 1.2.0
*
- * @uses get_option() to retrieve the the value of 'gmt_offset'.
+ * @uses get_option() to retrieve the value of 'gmt_offset'.
* @param string $string The date to be converted.
* @param string $format The format string for the returned date (default is Y-m-d H:i:s)
* @return string GMT version of the date provided.
*/
-function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
- preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
- if ( ! $matches )
- return date( $format, 0 );
-
- $tz = get_option('timezone_string');
+function get_gmt_from_date( $string, $format = 'Y-m-d H:i:s' ) {
+ $tz = get_option( 'timezone_string' );
if ( $tz ) {
- date_default_timezone_set( $tz );
- $datetime = date_create( $string );
+ $datetime = date_create( $string, new DateTimeZone( $tz ) );
if ( ! $datetime )
- return date( $format, 0 );
-
- $datetime->setTimezone( new DateTimeZone('UTC') );
- $offset = $datetime->getOffset();
- $datetime->modify( '+' . $offset / HOUR_IN_SECONDS . ' hours');
- $string_gmt = gmdate($format, $datetime->format('U'));
-
- date_default_timezone_set('UTC');
+ return gmdate( $format, 0 );
+ $datetime->setTimezone( new DateTimeZone( 'UTC' ) );
+ $string_gmt = $datetime->format( $format );
} else {
- $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
- $string_gmt = gmdate($format, $string_time - get_option('gmt_offset') * HOUR_IN_SECONDS);
+ if ( ! preg_match( '#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches ) )
+ return gmdate( $format, 0 );
+ $string_time = gmmktime( $matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1] );
+ $string_gmt = gmdate( $format, $string_time - get_option( 'gmt_offset' ) * HOUR_IN_SECONDS );
}
return $string_gmt;
}
@@ -1918,19 +1939,31 @@ function get_gmt_from_date($string, $format = 'Y-m-d H:i:s') {
/**
* Converts a GMT date into the correct format for the blog.
*
- * Requires and returns in the Y-m-d H:i:s format. Simply adds the value of
- * gmt_offset.Return format can be overridden using the $format parameter
+ * Requires and returns a date in the Y-m-d H:i:s format. If there is a
+ * timezone_string available, the returned date is in that timezone, otherwise
+ * it simply adds the value of gmt_offset. Return format can be overridden
+ * using the $format parameter
*
* @since 1.2.0
*
* @param string $string The date to be converted.
* @param string $format The format string for the returned date (default is Y-m-d H:i:s)
- * @return string Formatted date relative to the GMT offset.
+ * @return string Formatted date relative to the timezone / GMT offset.
*/
-function get_date_from_gmt($string, $format = 'Y-m-d H:i:s') {
- preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches);
- $string_time = gmmktime($matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1]);
- $string_localtime = gmdate($format, $string_time + get_option('gmt_offset') * HOUR_IN_SECONDS);
+function get_date_from_gmt( $string, $format = 'Y-m-d H:i:s' ) {
+ $tz = get_option( 'timezone_string' );
+ if ( $tz ) {
+ $datetime = date_create( $string, new DateTimeZone( 'UTC' ) );
+ if ( ! $datetime )
+ return date( $format, 0 );
+ $datetime->setTimezone( new DateTimeZone( $tz ) );
+ $string_localtime = $datetime->format( $format );
+ } else {
+ if ( ! preg_match('#([0-9]{1,4})-([0-9]{1,2})-([0-9]{1,2}) ([0-9]{1,2}):([0-9]{1,2}):([0-9]{1,2})#', $string, $matches) )
+ return date( $format, 0 );
+ $string_time = gmmktime( $matches[4], $matches[5], $matches[6], $matches[2], $matches[3], $matches[1] );
+ $string_localtime = gmdate( $format, $string_time + get_option( 'gmt_offset' ) * HOUR_IN_SECONDS );
+ }
return $string_localtime;
}
@@ -2101,27 +2134,42 @@ function sanitize_email( $email ) {
function human_time_diff( $from, $to = '' ) {
if ( empty( $to ) )
$to = time();
+
$diff = (int) abs( $to - $from );
- if ( $diff <= HOUR_IN_SECONDS ) {
+
+ if ( $diff < HOUR_IN_SECONDS ) {
$mins = round( $diff / MINUTE_IN_SECONDS );
- if ( $mins <= 1 ) {
+ if ( $mins <= 1 )
$mins = 1;
- }
/* translators: min=minute */
$since = sprintf( _n( '%s min', '%s mins', $mins ), $mins );
- } elseif ( ( $diff <= DAY_IN_SECONDS ) && ( $diff > HOUR_IN_SECONDS ) ) {
+ } elseif ( $diff < DAY_IN_SECONDS && $diff >= HOUR_IN_SECONDS ) {
$hours = round( $diff / HOUR_IN_SECONDS );
- if ( $hours <= 1 ) {
+ if ( $hours <= 1 )
$hours = 1;
- }
$since = sprintf( _n( '%s hour', '%s hours', $hours ), $hours );
- } elseif ( $diff >= DAY_IN_SECONDS ) {
+ } elseif ( $diff < WEEK_IN_SECONDS && $diff >= DAY_IN_SECONDS ) {
$days = round( $diff / DAY_IN_SECONDS );
- if ( $days <= 1 ) {
+ if ( $days <= 1 )
$days = 1;
- }
$since = sprintf( _n( '%s day', '%s days', $days ), $days );
+ } elseif ( $diff < 30 * DAY_IN_SECONDS && $diff >= WEEK_IN_SECONDS ) {
+ $weeks = round( $diff / WEEK_IN_SECONDS );
+ if ( $weeks <= 1 )
+ $weeks = 1;
+ $since = sprintf( _n( '%s week', '%s weeks', $weeks ), $weeks );
+ } elseif ( $diff < YEAR_IN_SECONDS && $diff >= 30 * DAY_IN_SECONDS ) {
+ $months = round( $diff / ( 30 * DAY_IN_SECONDS ) );
+ if ( $months <= 1 )
+ $months = 1;
+ $since = sprintf( _n( '%s month', '%s months', $months ), $months );
+ } elseif ( $diff >= YEAR_IN_SECONDS ) {
+ $years = round( $diff / YEAR_IN_SECONDS );
+ if ( $years <= 1 )
+ $years = 1;
+ $since = sprintf( _n( '%s year', '%s years', $years ), $years );
}
+
return $since;
}
@@ -2129,11 +2177,11 @@ function human_time_diff( $from, $to = '' ) {
* Generates an excerpt from the content, if needed.
*
* The excerpt word amount will be 55 words and if the amount is greater than
- * that, then the string ' [...]' will be appended to the excerpt. If the string
+ * that, then the string ' […]' will be appended to the excerpt. If the string
* is less than 55 words, then the content will be returned as is.
*
* The 55 word limit can be modified by plugins/themes using the excerpt_length filter
- * The ' [...]' string can be modified by plugins/themes using the excerpt_more filter
+ * The ' […]' string can be modified by plugins/themes using the excerpt_more filter
*
* @since 1.5.0
*
@@ -2150,7 +2198,7 @@ function wp_trim_excerpt($text = '') {
$text = apply_filters('the_content', $text);
$text = str_replace(']]>', ']]>', $text);
$excerpt_length = apply_filters('excerpt_length', 55);
- $excerpt_more = apply_filters('excerpt_more', ' ' . '[...]');
+ $excerpt_more = apply_filters('excerpt_more', ' ' . '[…]');
$text = wp_trim_words( $text, $excerpt_length, $excerpt_more );
}
return apply_filters('wp_trim_excerpt', $text, $raw_excerpt);
@@ -2167,7 +2215,7 @@ function wp_trim_excerpt($text = '') {
*
* @param string $text Text to trim.
* @param int $num_words Number of words. Default 55.
- * @param string $more What to append if $text needs to be trimmed. Default '…'.
+ * @param string $more Optional. What to append if $text needs to be trimmed. Default '…'.
* @return string Trimmed text.
*/
function wp_trim_words( $text, $num_words = 55, $more = null ) {
@@ -2214,7 +2262,6 @@ function ent2ncr($text) {
$to_ncr = array(
'"' => '"',
'&' => '&',
- '⁄' => '/',
'<' => '<',
'>' => '>',
'|' => '|',
@@ -2491,7 +2538,7 @@ function wp_richedit_pre($text) {
$output = convert_chars($text);
$output = wpautop($output);
- $output = htmlspecialchars($output, ENT_NOQUOTES);
+ $output = htmlspecialchars($output, ENT_NOQUOTES, get_option( 'blog_charset' ) );
return apply_filters('richedit_pre', $output);
}
@@ -2509,7 +2556,7 @@ function wp_richedit_pre($text) {
*/
function wp_htmledit_pre($output) {
if ( !empty($output) )
- $output = htmlspecialchars($output, ENT_NOQUOTES); // convert only < > &
+ $output = htmlspecialchars($output, ENT_NOQUOTES, get_option( 'blog_charset' ) ); // convert only < > &
return apply_filters('htmledit_pre', $output);
}
@@ -2524,38 +2571,35 @@ function wp_htmledit_pre($output) {
* @since 2.8.1
* @access private
*
- * @param string|array $search
- * @param string $subject
- * @return string The processed string
+ * @param string|array $search The value being searched for, otherwise known as the needle. An array may be used to designate multiple needles.
+ * @param string $subject The string being searched and replaced on, otherwise known as the haystack.
+ * @return string The string with the replaced svalues.
*/
function _deep_replace( $search, $subject ) {
- $found = true;
$subject = (string) $subject;
- while ( $found ) {
- $found = false;
- foreach ( (array) $search as $val ) {
- while ( strpos( $subject, $val ) !== false ) {
- $found = true;
- $subject = str_replace( $val, '', $subject );
- }
- }
+
+ $count = 1;
+ while ( $count ) {
+ $subject = str_replace( $search, '', $subject, $count );
}
return $subject;
}
/**
- * Escapes data for use in a MySQL query
+ * Escapes data for use in a MySQL query.
*
- * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
+ * Usually you should prepare queries using wpdb::prepare().
+ * Sometimes, spot-escaping is required or useful. One example
+ * is preparing an array for use in an IN clause.
*
* @since 2.8.0
- * @param string $sql Unescaped SQL data
- * @return string The cleaned $sql
+ * @param string|array $data Unescaped data
+ * @return string|array Escaped data
*/
-function esc_sql( $sql ) {
+function esc_sql( $data ) {
global $wpdb;
- return $wpdb->escape( $sql );
+ return $wpdb->_escape( $data );
}
/**
@@ -2599,12 +2643,17 @@ function esc_url( $url, $protocols = null, $_context = 'display' ) {
$url = str_replace( "'", ''', $url );
}
- if ( ! is_array( $protocols ) )
- $protocols = wp_allowed_protocols();
- if ( wp_kses_bad_protocol( $url, $protocols ) != $url )
- return '';
+ if ( '/' === $url[0] ) {
+ $good_protocol_url = $url;
+ } else {
+ if ( ! is_array( $protocols ) )
+ $protocols = wp_allowed_protocols();
+ $good_protocol_url = wp_kses_bad_protocol( $url, $protocols );
+ if ( strtolower( $good_protocol_url ) != strtolower( $url ) )
+ return '';
+ }
- return apply_filters('clean_url', $url, $original_url, $_context);
+ return apply_filters('clean_url', $good_protocol_url, $original_url, $_context);
}
/**
@@ -2689,18 +2738,18 @@ function esc_attr( $text ) {
/**
* Escaping for textarea values.
*
- * @since 3.1
+ * @since 3.1.0
*
* @param string $text
* @return string
*/
function esc_textarea( $text ) {
- $safe_text = htmlspecialchars( $text, ENT_QUOTES );
+ $safe_text = htmlspecialchars( $text, ENT_QUOTES, get_option( 'blog_charset' ) );
return apply_filters( 'esc_textarea', $safe_text, $text );
}
/**
- * Escape a HTML tag name.
+ * Escape an HTML tag name.
*
* @since 2.5.0
*
@@ -2869,7 +2918,7 @@ function sanitize_option($option, $value) {
case 'illegal_names':
if ( ! is_array( $value ) )
- $value = explode( "\n", $value );
+ $value = explode( ' ', $value );
$value = array_values( array_filter( array_map( 'trim', $value ) ) );
@@ -2908,6 +2957,11 @@ function sanitize_option($option, $value) {
$value = esc_url_raw( $value );
$value = str_replace( 'http://', '', $value );
break;
+
+ case 'default_role' :
+ if ( ! get_role( $value ) && get_role( 'subscriber' ) )
+ $value = 'subscriber';
+ break;
}
$value = apply_filters("sanitize_option_{$option}", $value, $option);
@@ -2975,7 +3029,7 @@ function wp_pre_kses_less_than_callback( $matches ) {
* @return string The formatted string.
*/
function wp_sprintf( $pattern ) {
- $args = func_get_args( );
+ $args = func_get_args();
$len = strlen($pattern);
$start = 0;
$result = '';
@@ -3084,16 +3138,21 @@ function wp_sprintf_l($pattern, $args) {
*
* @since 2.5.0
*
- * @param integer $str String to get the excerpt from.
+ * @param string $str String to get the excerpt from.
* @param integer $count Maximum number of characters to take.
+ * @param string $more Optional. What to append if $str needs to be trimmed. Defaults to empty string.
* @return string The excerpt.
*/
-function wp_html_excerpt( $str, $count ) {
+function wp_html_excerpt( $str, $count, $more = null ) {
+ if ( null === $more )
+ $more = '';
$str = wp_strip_all_tags( $str, true );
- $str = mb_substr( $str, 0, $count );
+ $excerpt = mb_substr( $str, 0, $count );
// remove part of an entity at the end
- $str = preg_replace( '/&[^;\s]{0,6}$/', '', $str );
- return $str;
+ $excerpt = preg_replace( '/&[^;\s]{0,6}$/', '', $excerpt );
+ if ( $str != $excerpt )
+ $excerpt = trim( $excerpt ) . $more;
+ return $excerpt;
}
/**
@@ -3169,14 +3228,21 @@ function links_add_target( $content, $target = '_blank', $tags = array('a') ) {
function _links_add_target( $m ) {
global $_links_add_target;
$tag = $m[1];
- $link = preg_replace('|(target=[\'"](.*?)[\'"])|i', '', $m[2]);
+ $link = preg_replace('|(target=([\'"])(.*?)\2)|i', '', $m[2]);
return '<' . $tag . $link . ' target="' . esc_attr( $_links_add_target ) . '">';
}
-// normalize EOL characters and strip duplicate whitespace
+/**
+ * Normalize EOL characters and strip duplicate whitespace.
+ *
+ * @since 2.7.0
+ *
+ * @param string $str The string to normalize.
+ * @return string The normalized string.
+ */
function normalize_whitespace( $str ) {
- $str = trim($str);
- $str = str_replace("\r", "\n", $str);
+ $str = trim( $str );
+ $str = str_replace( "\r", "\n", $str );
$str = preg_replace( array( '/\n+/', '/[ \t]+/' ), array( "\n", ' ' ), $str );
return $str;
}
@@ -3225,7 +3291,6 @@ function sanitize_text_field($str) {
$filtered = trim( preg_replace('/[\r\n\t ]+/', ' ', $filtered) );
}
- $match = array();
$found = false;
while ( preg_match('/%[a-f0-9]{2}/i', $filtered, $match) ) {
$filtered = str_replace($match[0], '', $filtered);
@@ -3306,3 +3371,63 @@ function sanitize_trackback_urls( $to_ping ) {
$urls_to_ping = implode( "\n", $urls_to_ping );
return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping );
}
+
+/**
+ * Add slashes to a string or array of strings.
+ *
+ * This should be used when preparing data for core API that expects slashed data.
+ * This should not be used to escape data going directly into an SQL query.
+ *
+ * @since 3.6.0
+ *
+ * @param string|array $value String or array of strings to slash.
+ * @return string|array Slashed $value
+ */
+function wp_slash( $value ) {
+ if ( is_array( $value ) ) {
+ foreach ( $value as $k => $v ) {
+ if ( is_array( $v ) ) {
+ $value[$k] = wp_slash( $v );
+ } else {
+ $value[$k] = addslashes( $v );
+ }
+ }
+ } else {
+ $value = addslashes( $value );
+ }
+
+ return $value;
+}
+
+/**
+ * Remove slashes from a string or array of strings.
+ *
+ * This should be used to remove slashes from data passed to core API that
+ * expects data to be unslashed.
+ *
+ * @since 3.6.0
+ *
+ * @param string|array $value String or array of strings to unslash.
+ * @return string|array Unslashed $value
+ */
+function wp_unslash( $value ) {
+ return stripslashes_deep( $value );
+}
+
+/**
+ * Extract and return the first URL from passed content.
+ *
+ * @since 3.6.0
+ *
+ * @param string $content A string which might contain a URL.
+ * @return string The found URL.
+ */
+function get_url_in_content( $content ) {
+ if ( empty( $content ) )
+ return '';
+
+ if ( preg_match( '/]*?href=([\'"])(.+?)\1/is', $content, $matches ) )
+ return esc_url_raw( $matches[2] );
+
+ return false;
+}