X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/7688c6ba71852cd89123b62b2d57683535e4702a..177fd6fefd2e3d5a0ea6591c71d660cabdb3c1a4:/wp-includes/formatting.php diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 76f41d85..052445d1 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -5,7 +5,7 @@ function wptexturize($text) { $next = true; $output = ''; $curl = ''; - $textarr = preg_split('/(<.*>)/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE); + $textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE); $stop = count($textarr); // if a plugin has provided an autocorrect array, use it @@ -26,7 +26,7 @@ function wptexturize($text) { for ( $i = 0; $i < $stop; $i++ ) { $curl = $textarr[$i]; - if (isset($curl{0}) && '<' != $curl{0} && $next) { // If it's not a tag + if (isset($curl{0}) && '<' != $curl{0} && '[' != $curl{0} && $next) { // If it's not a tag // static strings $curl = str_replace($static_characters, $static_replacements, $curl); // regular expressions @@ -67,6 +67,10 @@ function wpautop($pee, $br = 1) { $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee); $pee = preg_replace('!()!', "$1\n\n", $pee); $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines + if ( strpos($pee, ']*)>\s*|', "", $pee); // no pee inside object/embed + $pee = preg_replace('|\s*\s*|', '', $pee); + } $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "

$1

\n", $pee); // make paragraphs, including one at the end $pee = preg_replace('|

\s*?

|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace @@ -79,7 +83,7 @@ function wpautop($pee, $br = 1) { $pee = preg_replace('!

\s*(]*>)!', "$1", $pee); $pee = preg_replace('!(]*>)\s*

!', "$1", $pee); if ($br) { - $pee = preg_replace('/<(script|style).*?<\/\\1>/se', 'str_replace("\n", "", "\\0")', $pee); + $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "", $matches[0]);'), $pee); $pee = preg_replace('|(?)\s*\n|', "
\n", $pee); // optionally make line breaks $pee = str_replace('', "\n", $pee); } @@ -88,13 +92,15 @@ function wpautop($pee, $br = 1) { if (strpos($pee, ')(.*?)!is', 'clean_pre', $pee ); $pee = preg_replace( "|\n

$|", '

', $pee ); + $pee = preg_replace('/

\s*?(' . get_shortcode_regex() . ')\s*<\/p>/s', '$1', $pee); // don't auto-p wrap shortcodes that stand alone return $pee; } function seems_utf8($Str) { # by bmorel at ssi dot fr - for ($i=0; $i $length ) ) + if ( $length && ( $unicode_length >= $length ) ) break; $unicode .= chr($value); + $unicode_length++; } else { if ( count( $values ) == 0 ) $num_octets = ( $value < 224 ) ? 2 : 3; $values[] = $value; - if ( $length && ( (strlen($unicode) + ($num_octets * 3)) > $length ) ) + if ( $length && ( $unicode_length + ($num_octets * 3) ) > $length ) break; if ( count( $values ) == $num_octets ) { if ($num_octets == 3) { $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]) . '%' . dechex($values[2]); + $unicode_length += 9; } else { $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]); + $unicode_length += 6; } $values = array(); @@ -323,9 +334,8 @@ function sanitize_title($title, $fallback_title = '') { $title = strip_tags($title); $title = apply_filters('sanitize_title', $title); - if (empty($title)) { + if ( '' === $title || false === $title ) $title = $fallback_title; - } return $title; } @@ -357,7 +367,16 @@ function sanitize_title_with_dashes($title) { return $title; } -function convert_chars($content, $flag = 'obsolete') { +// ensures a string is a valid SQL order by clause like: post_name ASC, ID DESC +// accepts one or more columns, with or without ASC/DESC, and also accepts RAND() +function sanitize_sql_orderby( $orderby ){ + preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches); + if ( !$obmatches ) + return false; + return $orderby; +} + +function convert_chars($content, $deprecated = '') { // Translation of invalid Unicode references range to valid range $wp_htmltranswinuni = array( '€' => '€', // the Euro sign @@ -554,7 +573,6 @@ function format_to_edit($content, $richedit = false) { } function format_to_post($content) { - global $wpdb; $content = apply_filters('format_to_post', $content); return $content; } @@ -623,21 +641,32 @@ function antispambot($emailaddy, $mailto=0) { } function _make_url_clickable_cb($matches) { + $ret = ''; $url = $matches[2]; $url = clean_url($url); if ( empty($url) ) return $matches[0]; - return $matches[1] . "$url"; + // removed trailing [.,;:] from URL + if ( in_array(substr($url, -1), array('.', ',', ';', ':')) === true ) { + $ret = substr($url, -1); + $url = substr($url, 0, strlen($url)-1); + } + return $matches[1] . "$url" . $ret; } function _make_web_ftp_clickable_cb($matches) { + $ret = ''; $dest = $matches[2]; $dest = 'http://' . $dest; $dest = clean_url($dest); if ( empty($dest) ) return $matches[0]; - - return $matches[1] . "$dest"; + // removed trailing [,;:] from URL + if ( in_array(substr($dest, -1), array('.', ',', ';', ':')) === true ) { + $ret = substr($dest, -1); + $dest = substr($dest, 0, strlen($dest)-1); + } + return $matches[1] . "$dest" . $ret; } function _make_email_clickable_cb($matches) { @@ -675,7 +704,7 @@ function wp_rel_nofollow_callback( $matches ) { function convert_smilies($text) { global $wp_smiliessearch, $wp_smiliesreplace; $output = ''; - if (get_option('use_smilies')) { + if ( get_option('use_smilies') && !empty($wp_smiliessearch) && !empty($wp_smiliesreplace) ) { // HTML loop taken from texturize function, could possible be consolidated $textarr = preg_split("/(<.*>)/U", $text, -1, PREG_SPLIT_DELIM_CAPTURE); // capture the tags as well as in between $stop = count($textarr);// loop stuff @@ -794,7 +823,7 @@ function human_time_diff( $from, $to = '' ) { } else if (($diff <= 86400) && ($diff > 3600)) { $hours = round($diff / 3600); if ($hours <= 1) { - $hour = 1; + $hours = 1; } $since = sprintf(__ngettext('%s hour', '%s hours', $hours), $hours); } elseif ($diff >= 86400) { @@ -808,7 +837,6 @@ function human_time_diff( $from, $to = '' ) { } function wp_trim_excerpt($text) { // Fakes an excerpt if needed - global $post; if ( '' == $text ) { $text = get_the_content(''); $text = apply_filters('the_content', $text); @@ -1104,11 +1132,18 @@ function wp_richedit_pre($text) { return apply_filters('richedit_pre', $output); } +function wp_htmledit_pre($output) { + if ( !empty($output) ) + $output = htmlspecialchars($output, ENT_NOQUOTES); // convert only < > & + + return apply_filters('htmledit_pre', $output); +} + function clean_url( $url, $protocols = null, $context = 'display' ) { $original_url = $url; if ('' == $url) return $url; - $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@]|i', '', $url); + $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@()]|i', '', $url); $strip = array('%0d', '%0a'); $url = str_replace($strip, '', $url); $url = str_replace(';//', '://', $url); @@ -1158,6 +1193,22 @@ function attribute_escape($text) { return apply_filters('attribute_escape', $safe_text, $text); } +// Escape a HTML tag name +function tag_escape($tag_name) { + $safe_tag = strtolower( preg_replace('[^a-zA-Z_:]', '', $tag_name) ); + return apply_filters('tag_escape', $safe_tag, $tag_name); +} + +/** + * Escapes text for SQL LIKE special characters % and _ + * + * @param string text the text to be escaped + * @return string text, safe for inclusion in LIKE query + */ +function like_escape($text) { + return str_replace(array("%", "_"), array("\\%", "\\_"), $text); +} + function wp_make_link_relative( $link ) { return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link ); } @@ -1254,4 +1305,115 @@ function wp_pre_kses_less_than_callback( $matches ) { return $matches[0]; } +/** + * wp_sprintf() - sprintf() with filters + */ +function wp_sprintf( $pattern ) { + $args = func_get_args( ); + $len = strlen($pattern); + $start = 0; + $result = ''; + $arg_index = 0; + while ( $len > $start ) { + // Last character: append and break + if ( strlen($pattern) - 1 == $start ) { + $result .= substr($pattern, -1); + break; + } + + // Literal %: append and continue + if ( substr($pattern, $start, 2) == '%%' ) { + $start += 2; + $result .= '%'; + continue; + } + + // Get fragment before next % + $end = strpos($pattern, '%', $start + 1); + if ( false === $end ) + $end = $len; + $fragment = substr($pattern, $start, $end - $start); + + // Fragment has a specifier + if ( $pattern{$start} == '%' ) { + // Find numbered arguments or take the next one in order + if ( preg_match('/^%(\d+)\$/', $fragment, $matches) ) { + $arg = isset($args[$matches[1]]) ? $args[$matches[1]] : ''; + $fragment = str_replace("%{$matches[1]}$", '%', $fragment); + } else { + ++$arg_index; + $arg = isset($args[$arg_index]) ? $args[$arg_index] : ''; + } + + // Apply filters OR sprintf + $_fragment = apply_filters( 'wp_sprintf', $fragment, $arg ); + if ( $_fragment != $fragment ) + $fragment = $_fragment; + else + $fragment = sprintf($fragment, strval($arg) ); + } + + // Append to result and move to next fragment + $result .= $fragment; + $start = $end; + } + return $result; +} + +/** + * wp_sprintf_l - List specifier %l for wp_sprintf + * + * @param unknown_type $pattern + * @param unknown_type $args + * @return unknown + */ +function wp_sprintf_l($pattern, $args) { + // Not a match + if ( substr($pattern, 0, 2) != '%l' ) + return $pattern; + + // Nothing to work with + if ( empty($args) ) + return ''; + + // Translate and filter the delimiter set (avoid ampersands and entities here) + $l = apply_filters('wp_sprintf_l', array( + 'between' => _c(', |between list items'), + 'between_last_two' => _c(', and |between last two list items'), + 'between_only_two' => _c(' and |between only two list items'), + )); + + $args = (array) $args; + $result = array_shift($args); + if ( count($args) == 1 ) + $result .= $l['between_only_two'] . array_shift($args); + // Loop when more than two args + while ( count($args) ) { + $arg = array_shift($args); + if ( $i == 1 ) + $result .= $l['between_last_two'] . $arg; + else + $result .= $l['between'] . $arg; + } + return $result . substr($pattern, 2); +} + +/** + * Safely extracts not more than the first $count characters from html string + * + * UTF-8, tags and entities safe prefix extraction. Entities inside will *NOT* be + * counted as one character. For example & will be counted as 4, < as 3, etc. + * + * @param integer $str String to get the excerpt from + * @param integer $count Maximum number of characters to take + * @eaturn string the excerpt + */ +function wp_html_excerpt( $str, $count ) { + $str = strip_tags( $str ); + $str = mb_strcut( $str, 0, $count ); + // remove part of an entity at the end + $str = preg_replace( '/&[^;\s]{0,6}$/', '', $str ); + return $str; +} + ?>