/var/www/wordpress/wp-admin/includes/admin.php
/var/www/wordpress/wp-admin/includes/bookmark.php
/var/www/wordpress/wp-admin/includes/class-ftp-pure.php
/var/www/wordpress/wp-admin/includes/class-ftp-sockets.php
/var/www/wordpress/wp-admin/includes/class-ftp.php
/var/www/wordpress/wp-admin/includes/class-pclzip.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-base.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-direct.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpext.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpsockets.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
/var/www/wordpress/wp-admin/includes/class-wp-importer.php
/var/www/wordpress/wp-admin/includes/class-wp-upgrader.php
/var/www/wordpress/wp-admin/includes/comment.php
/var/www/wordpress/wp-admin/includes/continents-cities.php
/var/www/wordpress/wp-admin/includes/dashboard.php
/var/www/wordpress/wp-admin/includes/deprecated.php
/var/www/wordpress/wp-admin/includes/export.php
/var/www/wordpress/wp-admin/includes/file.php
/var/www/wordpress/wp-admin/includes/image-edit.php
/var/www/wordpress/wp-admin/includes/image.php
/var/www/wordpress/wp-admin/includes/import.php
/var/www/wordpress/wp-admin/includes/manifest.php
/var/www/wordpress/wp-admin/includes/media.php
/var/www/wordpress/wp-admin/includes/meta-boxes.php
/var/www/wordpress/wp-admin/includes/misc.php
/var/www/wordpress/wp-admin/includes/ms-deprecated.php
/var/www/wordpress/wp-admin/includes/ms.php
/var/www/wordpress/wp-admin/includes/nav-menu.php
/var/www/wordpress/wp-admin/includes/plugin-install.php
/var/www/wordpress/wp-admin/includes/plugin.php
/var/www/wordpress/wp-admin/includes/post.php
/var/www/wordpress/wp-admin/includes/schema.php
/var/www/wordpress/wp-admin/includes/taxonomy.php
/var/www/wordpress/wp-admin/includes/template.php
/var/www/wordpress/wp-admin/includes/theme-install.php
/var/www/wordpress/wp-admin/includes/theme.php
/var/www/wordpress/wp-admin/includes/update-core.php
/var/www/wordpress/wp-admin/includes/update.php
/var/www/wordpress/wp-admin/includes/upgrade.php
/var/www/wordpress/wp-admin/includes/user.php
/var/www/wordpress/wp-admin/includes/widgets.php
/var/www/wordpress/wp-admin/js/revisions-js.php
/var/www/wordpress/wp-admin/maint/repair.php
/var/www/wordpress/wp-admin/admin-ajax.php
/var/www/wordpress/wp-admin/admin-footer.php
/var/www/wordpress/wp-admin/admin-functions.php
/var/www/wordpress/wp-admin/admin-header.php
/var/www/wordpress/wp-admin/admin-post.php
/var/www/wordpress/wp-admin/admin.php
/var/www/wordpress/wp-admin/async-upload.php
/var/www/wordpress/wp-admin/comment.php
/var/www/wordpress/wp-admin/custom-background.php
/var/www/wordpress/wp-admin/custom-header.php
/var/www/wordpress/wp-admin/edit-attachment-rows.php
/var/www/wordpress/wp-admin/edit-comments.php
/var/www/wordpress/wp-admin/edit-form-advanced.php
/var/www/wordpress/wp-admin/edit-form-comment.php
/var/www/wordpress/wp-admin/edit-link-categories.php
/var/www/wordpress/wp-admin/edit-link-category-form.php
/var/www/wordpress/wp-admin/edit-link-form.php
/var/www/wordpress/wp-admin/edit-post-rows.php
/var/www/wordpress/wp-admin/edit-tag-form.php
/var/www/wordpress/wp-admin/edit-tags.php
/var/www/wordpress/wp-admin/edit.php
/var/www/wordpress/wp-admin/export.php
/var/www/wordpress/wp-admin/gears-manifest.php
/var/www/wordpress/wp-admin/import.php
/var/www/wordpress/wp-admin/index-extra.php
/var/www/wordpress/wp-admin/index.php
/var/www/wordpress/wp-admin/install-helper.php
/var/www/wordpress/wp-admin/install.php
/var/www/wordpress/wp-admin/link-add.php
/var/www/wordpress/wp-admin/link-category.php
/var/www/wordpress/wp-admin/link-manager.php
/var/www/wordpress/wp-admin/link-parse-opml.php
/var/www/wordpress/wp-admin/link.php
/var/www/wordpress/wp-admin/load-scripts.php
/var/www/wordpress/wp-admin/load-styles.php
/var/www/wordpress/wp-admin/media-new.php
/var/www/wordpress/wp-admin/media-upload.php
/var/www/wordpress/wp-admin/media.php
/var/www/wordpress/wp-admin/menu-header.php
/var/www/wordpress/wp-admin/menu.php
/var/www/wordpress/wp-admin/moderation.php
/var/www/wordpress/wp-admin/ms-admin.php
/var/www/wordpress/wp-admin/ms-delete-site.php
/var/www/wordpress/wp-admin/ms-edit.php
/var/www/wordpress/wp-admin/ms-options.php
/var/www/wordpress/wp-admin/ms-sites.php
/var/www/wordpress/wp-admin/ms-themes.php
/var/www/wordpress/wp-admin/ms-upgrade-network.php
/var/www/wordpress/wp-admin/ms-users.php
/var/www/wordpress/wp-admin/my-sites.php
/var/www/wordpress/wp-admin/nav-menus.php
/var/www/wordpress/wp-admin/network.php
/var/www/wordpress/wp-admin/options-discussion.php
/var/www/wordpress/wp-admin/options-general.php
/var/www/wordpress/wp-admin/options-head.php
/var/www/wordpress/wp-admin/options-media.php
/var/www/wordpress/wp-admin/options-permalink.php
/var/www/wordpress/wp-admin/options-privacy.php
/var/www/wordpress/wp-admin/options-reading.php
/var/www/wordpress/wp-admin/options-writing.php
/var/www/wordpress/wp-admin/options.php
/var/www/wordpress/wp-admin/plugin-editor.php
/var/www/wordpress/wp-admin/plugin-install.php
/var/www/wordpress/wp-admin/plugins.php
/var/www/wordpress/wp-admin/post-new.php
/var/www/wordpress/wp-admin/post.php
/var/www/wordpress/wp-admin/press-this.php
/var/www/wordpress/wp-admin/profile.php
/var/www/wordpress/wp-admin/revision.php
/var/www/wordpress/wp-admin/setup-config.php
/var/www/wordpress/wp-admin/sidebar.php
/var/www/wordpress/wp-admin/theme-editor.php
/var/www/wordpress/wp-admin/theme-install.php
/var/www/wordpress/wp-admin/themes.php
/var/www/wordpress/wp-admin/tools.php
/var/www/wordpress/wp-admin/update-core.php
/var/www/wordpress/wp-admin/update.php
/var/www/wordpress/wp-admin/upgrade-functions.php
/var/www/wordpress/wp-admin/upgrade.php
/var/www/wordpress/wp-admin/upload.php
/var/www/wordpress/wp-admin/user-edit.php
/var/www/wordpress/wp-admin/user-new.php
/var/www/wordpress/wp-admin/users.php
/var/www/wordpress/wp-admin/widgets.php
/var/www/wordpress/wp-content/languages/ru_RU.php
/var/www/wordpress/wp-content/plugins/akismet/akismet.php
/var/www/wordpress/wp-content/plugins/rh/rh.php
/var/www/wordpress/wp-content/plugins/hello.php
/var/www/wordpress/wp-content/plugins/index.php
/var/www/wordpress/wp-content/themes/twentyten/404.php
/var/www/wordpress/wp-content/themes/twentyten/archive.php
/var/www/wordpress/wp-content/themes/twentyten/attachment.php
/var/www/wordpress/wp-content/themes/twentyten/author.php
/var/www/wordpress/wp-content/themes/twentyten/category.php
/var/www/wordpress/wp-content/themes/twentyten/comments.php
/var/www/wordpress/wp-content/themes/twentyten/footer.php
/var/www/wordpress/wp-content/themes/twentyten/functions.php
/var/www/wordpress/wp-content/themes/twentyten/header.php
/var/www/wordpress/wp-content/themes/twentyten/index.php
/var/www/wordpress/wp-content/themes/twentyten/loop.php
/var/www/wordpress/wp-content/themes/twentyten/onecolumn-page.php
/var/www/wordpress/wp-content/themes/twentyten/page.php
/var/www/wordpress/wp-content/themes/twentyten/search.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar-footer.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar.php
/var/www/wordpress/wp-content/themes/twentyten/single.php
/var/www/wordpress/wp-content/themes/twentyten/tag.php
/var/www/wordpress/wp-content/themes/index.php
/var/www/wordpress/wp-content/index.php
/var/www/wordpress/wp-includes/js/tinymce/langs/wp-langs.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/includes/general.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/config.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php
/var/www/wordpress/wp-includes/js/tinymce/wp-mce-help.php
/var/www/wordpress/wp-includes/js/tinymce/wp-tinymce.php
/var/www/wordpress/wp-includes/pomo/entry.php
/var/www/wordpress/wp-includes/pomo/mo.php
/var/www/wordpress/wp-includes/pomo/po.php
/var/www/wordpress/wp-includes/pomo/streams.php
/var/www/wordpress/wp-includes/pomo/translations.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/native.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/string.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/xdiff.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer/inline.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer.php
/var/www/wordpress/wp-includes/Text/Diff.php
/var/www/wordpress/wp-includes/theme-compat/comments-popup.php
/var/www/wordpress/wp-includes/theme-compat/comments.php
/var/www/wordpress/wp-includes/theme-compat/footer.php
/var/www/wordpress/wp-includes/theme-compat/header.php
/var/www/wordpress/wp-includes/theme-compat/sidebar.php
/var/www/wordpress/wp-includes/atomlib.php
/var/www/wordpress/wp-includes/author-template.php
/var/www/wordpress/wp-includes/bookmark-template.php
/var/www/wordpress/wp-includes/bookmark.php
/var/www/wordpress/wp-includes/cache.php
/var/www/wordpress/wp-includes/canonical.php
/var/www/wordpress/wp-includes/capabilities.php
/var/www/wordpress/wp-includes/category-template.php
/var/www/wordpress/wp-includes/category.php
/var/www/wordpress/wp-includes/class-feed.php
/var/www/wordpress/wp-includes/class-http.php
/var/www/wordpress/wp-includes/class-IXR.php
/var/www/wordpress/wp-includes/class-json.php
/var/www/wordpress/wp-includes/class-oembed.php
/var/www/wordpress/wp-includes/class-phpass.php
/var/www/wordpress/wp-includes/class-phpmailer.php
/var/www/wordpress/wp-includes/class-pop3.php
/var/www/wordpress/wp-includes/class-simplepie.php
/var/www/wordpress/wp-includes/class-smtp.php
/var/www/wordpress/wp-includes/class-snoopy.php
/var/www/wordpress/wp-includes/class.wp-dependencies.php
/var/www/wordpress/wp-includes/class.wp-scripts.php
/var/www/wordpress/wp-includes/class.wp-styles.php
/var/www/wordpress/wp-includes/classes.php
/var/www/wordpress/wp-includes/comment-template.php
/var/www/wordpress/wp-includes/comment.php
/var/www/wordpress/wp-includes/compat.php
/var/www/wordpress/wp-includes/cron.php
/var/www/wordpress/wp-includes/default-constants.php
/var/www/wordpress/wp-includes/default-embeds.php
/var/www/wordpress/wp-includes/default-filters.php
/var/www/wordpress/wp-includes/default-widgets.php
/var/www/wordpress/wp-includes/deprecated.php
/var/www/wordpress/wp-includes/feed-atom-comments.php
/var/www/wordpress/wp-includes/feed-atom.php
/var/www/wordpress/wp-includes/feed-rdf.php
/var/www/wordpress/wp-includes/feed-rss.php
/var/www/wordpress/wp-includes/feed-rss2-comments.php
/var/www/wordpress/wp-includes/feed-rss2.php
/var/www/wordpress/wp-includes/feed.php
/var/www/wordpress/wp-includes/formatting.php
#CodeDescriptions
1<?php
2/**
3 * Main WordPress Formatting API.
4 *
5 * Handles many functions for formatting output.
6 *
7 * @package WordPress
8 **/
9
10/**
11 * Replaces common plain text characters into formatted entities
12 *
13 * As an example,
14 * <code>
15 * 'cause today's effort makes it worth tomorrow's "holiday"...
16 * </code>
17 * Becomes:
18 * <code>
19 * ’cause today’s effort makes it worth tomorrow’s “holiday”…
20 * </code>
21 * Code within certain html blocks are skipped.
22 *
23 * @since 0.71
24 * @uses $wp_cockneyreplace Array of formatted entities for certain common phrases
25 *
26 * @param string $text The text to be formatted
27 * @return string The string replaced with html entities
28 */
29function wptexturize($text) {
30 global $wp_cockneyreplace;
31 static $static_setup = false, $opening_quote, $closing_quote, $default_no_texturize_tags, $default_no_texturize_shortcodes, $static_characters, $static_replacements, $dynamic_characters, $dynamic_replacements;
32 $output = '';
33 $curl = '';
34 $textarr = preg_split('/(<.*>|\[.*\])/Us', $text, -1, PREG_SPLIT_DELIM_CAPTURE);
35 $stop = count($textarr);
36
37 // No need to set up these variables more than once
38 if (!$static_setup) {
39 /* translators: opening curly quote */
40 $opening_quote = _x('“', 'opening curly quote');
41 /* translators: closing curly quote */
42 $closing_quote = _x('”', 'closing curly quote');
43
44 $default_no_texturize_tags = array('pre', 'code', 'kbd', 'style', 'script', 'tt');
45 $default_no_texturize_shortcodes = array('code');
46
47 // if a plugin has provided an autocorrect array, use it
48 if ( isset($wp_cockneyreplace) ) {
49 $cockney = array_keys($wp_cockneyreplace);
50 $cockneyreplace = array_values($wp_cockneyreplace);
51 } else {
52 $cockney = array("'tain't","'twere","'twas","'tis","'twill","'til","'bout","'nuff","'round","'cause");
53 $cockneyreplace = array("’tain’t","’twere","’twas","’tis","’twill","’til","’bout","’nuff","’round","’cause");
54 }
55
56 $static_characters = array_merge(array('---', ' -- ', '--', ' - ', 'xn–', '...', '``', '\'\'', ' (tm)'), $cockney);
57 $static_replacements = array_merge(array('—', ' — ', '–', ' – ', 'xn--', '…', $opening_quote, $closing_quote, ' ™'), $cockneyreplace);
58
59 $dynamic_characters = array('/\'(\d\d(?:’|\')?s)/', '/\'(\d+)/', '/(\s|\A|[([{<]|")\'/', '/(\d+)"/', '/(\d+)\'/', '/(\S)\'([^\'\s])/', '/(\s|\A|[([{<])"(?!\s)/', '/"(\s|\S|\Z)/', '/\'([\s.]|\Z)/', '/\b(\d+)x(\d+)\b/');
60 $dynamic_replacements = array('’$1','’$1', '$1‘', '$1″', '$1′', '$1’$2', '$1' . $opening_quote . '$2', $closing_quote . '$1', '’$1', '$1×$2');
61
62 $static_setup = true;
63 }
64
65 // Transform into regexp sub-expression used in _wptexturize_pushpop_element
66 // Must do this everytime in case plugins use these filters in a context sensitive manner
67 $no_texturize_tags = '(' . implode('|', apply_filters('no_texturize_tags', $default_no_texturize_tags) ) . ')';
68 $no_texturize_shortcodes = '(' . implode('|', apply_filters('no_texturize_shortcodes', $default_no_texturize_shortcodes) ) . ')';
69
70 $no_texturize_tags_stack = array();
71 $no_texturize_shortcodes_stack = array();
72
73 for ( $i = 0; $i < $stop; $i++ ) {
74 $curl = $textarr[$i];
75
76 if ( !empty($curl) && '<' != $curl{0} && '[' != $curl{0}
77 && empty($no_texturize_shortcodes_stack) && empty($no_texturize_tags_stack)) {
78 // This is not a tag, nor is the texturization disabled
79 // static strings
80 $curl = str_replace($static_characters, $static_replacements, $curl);
81 // regular expressions
82 $curl = preg_replace($dynamic_characters, $dynamic_replacements, $curl);
83 } elseif (!empty($curl)) {
84 /*
85 * Only call _wptexturize_pushpop_element if first char is correct
86 * tag opening
87 */
88 if ('<' == $curl{0})
89 _wptexturize_pushpop_element($curl, $no_texturize_tags_stack, $no_texturize_tags, '<', '>');
90 elseif ('[' == $curl{0})
91 _wptexturize_pushpop_element($curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes, '[', ']');
92 }
93
94 $curl = preg_replace('/&([^#])(?![a-zA-Z1-4]{1,8};)/', '&$1', $curl);
95 $output .= $curl;
96 }
97
98 return $output;
99}
100
101/**
102 * Search for disabled element tags. Push element to stack on tag open and pop
103 * on tag close. Assumes first character of $text is tag opening.
104 *
105 * @access private
106 * @since 2.9.0
107 *
108 * @param string $text Text to check. First character is assumed to be $opening
109 * @param array $stack Array used as stack of opened tag elements
110 * @param string $disabled_elements Tags to match against formatted as regexp sub-expression
111 * @param string $opening Tag opening character, assumed to be 1 character long
112 * @param string $opening Tag closing character
113 * @return object
114 */
115function _wptexturize_pushpop_element($text, &$stack, $disabled_elements, $opening = '<', $closing = '>') {
116 // Check if it is a closing tag -- otherwise assume opening tag
117 if (strncmp($opening . '/', $text, 2)) {
118 // Opening? Check $text+1 against disabled elements
119 if (preg_match('/^' . $disabled_elements . '\b/', substr($text, 1), $matches)) {
120 /*
121 * This disables texturize until we find a closing tag of our type
122 * (e.g. <pre>) even if there was invalid nesting before that
123 *
124 * Example: in the case <pre>sadsadasd</code>"baba"</pre>
125 * "baba" won't be texturize
126 */
127
128 array_push($stack, $matches[1]);
129 }
130 } else {
131 // Closing? Check $text+2 against disabled elements
132 $c = preg_quote($closing, '/');
133 if (preg_match('/^' . $disabled_elements . $c . '/', substr($text, 2), $matches)) {
134 $last = array_pop($stack);
135
136 // Make sure it matches the opening tag
137 if ($last != $matches[1])
138 array_push($stack, $last);
139 }
140 }
141}
142
143/**
144 * Accepts matches array from preg_replace_callback in wpautop() or a string.
145 *
146 * Ensures that the contents of a <<pre>>...<</pre>> HTML block are not
147 * converted into paragraphs or line-breaks.
148 *
149 * @since 1.2.0
150 *
151 * @param array|string $matches The array or string
152 * @return string The pre block without paragraph/line-break conversion.
153 */
154function clean_pre($matches) {
155 if ( is_array($matches) )
156 $text = $matches[1] . $matches[2] . "</pre>";
157 else
158 $text = $matches;
159
160 $text = str_replace('<br />', '', $text);
161 $text = str_replace('<p>', "\n", $text);
162 $text = str_replace('</p>', '', $text);
163
164 return $text;
165}
166
167/**
168 * Replaces double line-breaks with paragraph elements.
169 *
170 * A group of regex replaces used to identify text formatted with newlines and
171 * replace double line-breaks with HTML paragraph tags. The remaining
172 * line-breaks after conversion become <<br />> tags, unless $br is set to '0'
173 * or 'false'.
174 *
175 * @since 0.71
176 *
177 * @param string $pee The text which has to be formatted.
178 * @param int|bool $br Optional. If set, this will convert all remaining line-breaks after paragraphing. Default true.
179 * @return string Text which has been converted into correct paragraph tags.
180 */
181function wpautop($pee, $br = 1) {
182
183 if ( trim($pee) === '' )
184 return '';
185 $pee = $pee . "\n"; // just to make things a little easier, pad the end
186 $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
187 // Space things out a little
188 $allblocks = '(?:table|thead|tfoot|caption|col|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|option|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr|fieldset|legend|section|article|aside|hgroup|header|footer|nav|figure|figcaption|details|menu|summary)';
189 $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
190 $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
191 $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
192 if ( strpos($pee, '<object') !== false ) {
193 $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
194 $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
195 }
196 $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
197 // make paragraphs, including one at the end
198 $pees = preg_split('/\n\s*\n/', $pee, -1, PREG_SPLIT_NO_EMPTY);
199 $pee = '';
200 foreach ( $pees as $tinkle )
201 $pee .= '<p>' . trim($tinkle, "\n") . "</p>\n";
202 $pee = preg_replace('|<p>\s*</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
203 $pee = preg_replace('!<p>([^<]+)</(div|address|form)>!', "<p>$1</p></$2>", $pee);
204 $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
205 $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
206 $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
207 $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
208 $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
209 $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
210 if ($br) {
211 $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
212 $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
213 $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
214 }
215 $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
216 $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
217 if (strpos($pee, '<pre') !== false)
218 $pee = preg_replace_callback('!(<pre[^>]*>)(.*?)</pre>!is', 'clean_pre', $pee );
219 $pee = preg_replace( "|\n</p>$|", '</p>', $pee );
220
221 return $pee;
222}
223
224/**
225 * Don't auto-p wrap shortcodes that stand alone
226 *
227 * Ensures that shortcodes are not wrapped in <<p>>...<</p>>.
228 *
229 * @since 2.9.0
230 *
231 * @param string $pee The content.
232 * @return string The filtered content.
233 */
234function shortcode_unautop($pee) {
235 global $shortcode_tags;
236
237 if ( !empty($shortcode_tags) && is_array($shortcode_tags) ) {
238 $tagnames = array_keys($shortcode_tags);
239 $tagregexp = join( '|', array_map('preg_quote', $tagnames) );
240 $pee = preg_replace('/<p>\\s*?(\\[(' . $tagregexp . ')\\b.*?\\/?\\](?:.+?\\[\\/\\2\\])?)\\s*<\\/p>/s', '$1', $pee);
241 }
242
243 return $pee;
244}
245
246/**
247 * Checks to see if a string is utf8 encoded.
248 *
249 * NOTE: This function checks for 5-Byte sequences, UTF8
250 * has Bytes Sequences with a maximum length of 4.
251 *
252 * @author bmorel at ssi dot fr (modified)
253 * @since 1.2.1
254 *
255 * @param string $str The string to be checked
256 * @return bool True if $str fits a UTF-8 model, false otherwise.
257 */
258function seems_utf8($str) {
259 $length = strlen($str);
260 for ($i=0; $i < $length; $i++) {
261 $c = ord($str[$i]);
262 if ($c < 0x80) $n = 0; # 0bbbbbbb
263 elseif (($c & 0xE0) == 0xC0) $n=1; # 110bbbbb
264 elseif (($c & 0xF0) == 0xE0) $n=2; # 1110bbbb
265 elseif (($c & 0xF8) == 0xF0) $n=3; # 11110bbb
266 elseif (($c & 0xFC) == 0xF8) $n=4; # 111110bb
267 elseif (($c & 0xFE) == 0xFC) $n=5; # 1111110b
268 else return false; # Does not match any model
269 for ($j=0; $j<$n; $j++) { # n bytes matching 10bbbbbb follow ?
270 if ((++$i == $length) || ((ord($str[$i]) & 0xC0) != 0x80))
271 return false;
272 }
273 }
274 return true;
275}
276
277/**
278 * Converts a number of special characters into their HTML entities.
279 *
280 * Specifically deals with: &, <, >, ", and '.
281 *
282 * $quote_style can be set to ENT_COMPAT to encode " to
283 * ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded.
284 *
285 * @since 1.2.2
286 *
287 * @param string $string The text which is to be encoded.
288 * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
289 * @param string $charset Optional. The character encoding of the string. Default is false.
290 * @param boolean $double_encode Optional. Whether to encode existing html entities. Default is false.
291 * @return string The encoded text with HTML entities.
292 */
293function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) {
294 $string = (string) $string;
295
296 if ( 0 === strlen( $string ) ) {
297 return '';
298 }
299
300 // Don't bother if there are no specialchars - saves some processing
301 if ( !preg_match( '/[&<>"\']/', $string ) ) {
302 return $string;
303 }
304
305 // Account for the previous behaviour of the function when the $quote_style is not an accepted value
306 if ( empty( $quote_style ) ) {
307 $quote_style = ENT_NOQUOTES;
308 } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
309 $quote_style = ENT_QUOTES;
310 }
311
312 // Store the site charset as a static to avoid multiple calls to wp_load_alloptions()
313 if ( !$charset ) {
314 static $_charset;
315 if ( !isset( $_charset ) ) {
316 $alloptions = wp_load_alloptions();
317 $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : '';
318 }
319 $charset = $_charset;
320 }
321 if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) {
322 $charset = 'UTF-8';
323 }
324
325 $_quote_style = $quote_style;
326
327 if ( $quote_style === 'double' ) {
328 $quote_style = ENT_COMPAT;
329 $_quote_style = ENT_COMPAT;
330 } elseif ( $quote_style === 'single' ) {
331 $quote_style = ENT_NOQUOTES;
332 }
333
334 // Handle double encoding ourselves
335 if ( !$double_encode ) {
336 $string = wp_specialchars_decode( $string, $_quote_style );
337
338 /* Critical */
339 // The previous line decodes &phrase; into &phrase; We must guarantee that &phrase; is valid before proceeding.
340 $string = wp_kses_normalize_entities($string);
341
342 // Now proceed with custom double-encoding silliness
343 $string = preg_replace( '/&(#?x?[0-9a-z]+);/i', '|wp_entity|$1|/wp_entity|', $string );
344 }
345
346 $string = @htmlspecialchars( $string, $quote_style, $charset );
347
348 // Handle double encoding ourselves
349 if ( !$double_encode ) {
350 $string = str_replace( array( '|wp_entity|', '|/wp_entity|' ), array( '&', ';' ), $string );
351 }
352
353 // Backwards compatibility
354 if ( 'single' === $_quote_style ) {
355 $string = str_replace( "'", ''', $string );
356 }
357
358 return $string;
359}
360
361/**
362 * Converts a number of HTML entities into their special characters.
363 *
364 * Specifically deals with: &, <, >, ", and '.
365 *
366 * $quote_style can be set to ENT_COMPAT to decode " entities,
367 * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded.
368 *
369 * @since 2.8
370 *
371 * @param string $string The text which is to be decoded.
372 * @param mixed $quote_style Optional. Converts double quotes if set to ENT_COMPAT, both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. Also compatible with old _wp_specialchars() values; converting single quotes if set to 'single', double if set to 'double' or both if otherwise set. Default is ENT_NOQUOTES.
373 * @return string The decoded text without HTML entities.
374 */
375function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) {
376 $string = (string) $string;
377
378 if ( 0 === strlen( $string ) ) {
379 return '';
380 }
381
382 // Don't bother if there are no entities - saves a lot of processing
383 if ( strpos( $string, '&' ) === false ) {
384 return $string;
385 }
386
387 // Match the previous behaviour of _wp_specialchars() when the $quote_style is not an accepted value
388 if ( empty( $quote_style ) ) {
389 $quote_style = ENT_NOQUOTES;
390 } elseif ( !in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) {
391 $quote_style = ENT_QUOTES;
392 }
393
394 // More complete than get_html_translation_table( HTML_SPECIALCHARS )
395 $single = array( ''' => '\'', ''' => '\'' );
396 $single_preg = array( '/�*39;/' => ''', '/�*27;/i' => ''' );
397 $double = array( '"' => '"', '"' => '"', '"' => '"' );
398 $double_preg = array( '/�*34;/' => '"', '/�*22;/i' => '"' );
399 $others = array( '<' => '<', '<' => '<', '>' => '>', '>' => '>', '&' => '&', '&' => '&', '&' => '&' );
400 $others_preg = array( '/�*60;/' => '<', '/�*62;/' => '>', '/�*38;/' => '&', '/�*26;/i' => '&' );
401
402 if ( $quote_style === ENT_QUOTES ) {
403 $translation = array_merge( $single, $double, $others );
404 $translation_preg = array_merge( $single_preg, $double_preg, $others_preg );
405 } elseif ( $quote_style === ENT_COMPAT || $quote_style === 'double' ) {
406 $translation = array_merge( $double, $others );
407 $translation_preg = array_merge( $double_preg, $others_preg );
408 } elseif ( $quote_style === 'single' ) {
409 $translation = array_merge( $single, $others );
410 $translation_preg = array_merge( $single_preg, $others_preg );
411 } elseif ( $quote_style === ENT_NOQUOTES ) {
412 $translation = $others;
413 $translation_preg = $others_preg;
414 }
415
416 // Remove zero padding on numeric entities
417 $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string );
418
419 // Replace characters according to translation table
420 return strtr( $string, $translation );
421}
422
423/**
424 * Checks for invalid UTF8 in a string.
425 *
426 * @since 2.8
427 *
428 * @param string $string The text which is to be checked.
429 * @param boolean $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false.
430 * @return string The checked text.
431 */
432function wp_check_invalid_utf8( $string, $strip = false ) {
433 $string = (string) $string;
434
435 if ( 0 === strlen( $string ) ) {
436 return '';
437 }
438
439 // Store the site charset as a static to avoid multiple calls to get_option()
440 static $is_utf8;
441 if ( !isset( $is_utf8 ) ) {
442 $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) );
443 }
444 if ( !$is_utf8 ) {
445 return $string;
446 }
447
448 // Check for support for utf8 in the installed PCRE library once and store the result in a static
449 static $utf8_pcre;
450 if ( !isset( $utf8_pcre ) ) {
451 $utf8_pcre = @preg_match( '/^./u', 'a' );
452 }
453 // We can't demand utf8 in the PCRE installation, so just return the string in those cases
454 if ( !$utf8_pcre ) {
455 return $string;
456 }
457
458 // preg_match fails when it encounters invalid UTF8 in $string
459 if ( 1 === @preg_match( '/^./us', $string ) ) {
460 return $string;
461 }
462
463 // Attempt to strip the bad chars if requested (not recommended)
464 if ( $strip && function_exists( 'iconv' ) ) {
465 return iconv( 'utf-8', 'utf-8', $string );
466 }
467
468 return '';
469}
470
471/**
472 * Encode the Unicode values to be used in the URI.
473 *
474 * @since 1.5.0
475 *
476 * @param string $utf8_string
477 * @param int $length Max length of the string
478 * @return string String with Unicode encoded for URI.
479 */
480function utf8_uri_encode( $utf8_string, $length = 0 ) {
481 $unicode = '';
482 $values = array();
483 $num_octets = 1;
484 $unicode_length = 0;
485
486 $string_length = strlen( $utf8_string );
487 for ($i = 0; $i < $string_length; $i++ ) {
488
489 $value = ord( $utf8_string[ $i ] );
490
491 if ( $value < 128 ) {
492 if ( $length && ( $unicode_length >= $length ) )
493 break;
494 $unicode .= chr($value);
495 $unicode_length++;
496 } else {
497 if ( count( $values ) == 0 ) $num_octets = ( $value < 224 ) ? 2 : 3;
498
499 $values[] = $value;
500
501 if ( $length && ( $unicode_length + ($num_octets * 3) ) > $length )
502 break;
503 if ( count( $values ) == $num_octets ) {
504 if ($num_octets == 3) {
505 $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]) . '%' . dechex($values[2]);
506 $unicode_length += 9;
507 } else {
508 $unicode .= '%' . dechex($values[0]) . '%' . dechex($values[1]);
509 $unicode_length += 6;
510 }
511
512 $values = array();
513 $num_octets = 1;
514 }
515 }
516 }
517
518 return $unicode;
519}
520
521/**
522 * Converts all accent characters to ASCII characters.
523 *
524 * If there are no accent characters, then the string given is just returned.
525 *
526 * @since 1.2.1
527 *
528 * @param string $string Text that might have accent characters
529 * @return string Filtered string with replaced "nice" characters.
530 */
531function remove_accents($string) {
532 if ( !preg_match('/[\x80-\xff]/', $string) )
533 return $string;
534
535 if (seems_utf8($string)) {
536 $chars = array(
537 // Decompositions for Latin-1 Supplement
538 chr(195).chr(128) => 'A', chr(195).chr(129) => 'A',
539 chr(195).chr(130) => 'A', chr(195).chr(131) => 'A',
540 chr(195).chr(132) => 'A', chr(195).chr(133) => 'A',
541 chr(195).chr(135) => 'C', chr(195).chr(136) => 'E',
542 chr(195).chr(137) => 'E', chr(195).chr(138) => 'E',
543 chr(195).chr(139) => 'E', chr(195).chr(140) => 'I',
544 chr(195).chr(141) => 'I', chr(195).chr(142) => 'I',
545 chr(195).chr(143) => 'I', chr(195).chr(145) => 'N',
546 chr(195).chr(146) => 'O', chr(195).chr(147) => 'O',
547 chr(195).chr(148) => 'O', chr(195).chr(149) => 'O',
548 chr(195).chr(150) => 'O', chr(195).chr(153) => 'U',
549 chr(195).chr(154) => 'U', chr(195).chr(155) => 'U',
550 chr(195).chr(156) => 'U', chr(195).chr(157) => 'Y',
551 chr(195).chr(159) => 's', chr(195).chr(160) => 'a',
552 chr(195).chr(161) => 'a', chr(195).chr(162) => 'a',
553 chr(195).chr(163) => 'a', chr(195).chr(164) => 'a',
554 chr(195).chr(165) => 'a', chr(195).chr(167) => 'c',
555 chr(195).chr(168) => 'e', chr(195).chr(169) => 'e',
556 chr(195).chr(170) => 'e', chr(195).chr(171) => 'e',
557 chr(195).chr(172) => 'i', chr(195).chr(173) => 'i',
558 chr(195).chr(174) => 'i', chr(195).chr(175) => 'i',
559 chr(195).chr(177) => 'n', chr(195).chr(178) => 'o',
560 chr(195).chr(179) => 'o', chr(195).chr(180) => 'o',
561 chr(195).chr(181) => 'o', chr(195).chr(182) => 'o',
562 chr(195).chr(182) => 'o', chr(195).chr(185) => 'u',
563 chr(195).chr(186) => 'u', chr(195).chr(187) => 'u',
564 chr(195).chr(188) => 'u', chr(195).chr(189) => 'y',
565 chr(195).chr(191) => 'y',
566 // Decompositions for Latin Extended-A
567 chr(196).chr(128) => 'A', chr(196).chr(129) => 'a',
568 chr(196).chr(130) => 'A', chr(196).chr(131) => 'a',
569 chr(196).chr(132) => 'A', chr(196).chr(133) => 'a',
570 chr(196).chr(134) => 'C', chr(196).chr(135) => 'c',
571 chr(196).chr(136) => 'C', chr(196).chr(137) => 'c',
572 chr(196).chr(138) => 'C', chr(196).chr(139) => 'c',
573 chr(196).chr(140) => 'C', chr(196).chr(141) => 'c',
574 chr(196).chr(142) => 'D', chr(196).chr(143) => 'd',
575 chr(196).chr(144) => 'D', chr(196).chr(145) => 'd',
576 chr(196).chr(146) => 'E', chr(196).chr(147) => 'e',
577 chr(196).chr(148) => 'E', chr(196).chr(149) => 'e',
578 chr(196).chr(150) => 'E', chr(196).chr(151) => 'e',
579 chr(196).chr(152) => 'E', chr(196).chr(153) => 'e',
580 chr(196).chr(154) => 'E', chr(196).chr(155) => 'e',
581 chr(196).chr(156) => 'G', chr(196).chr(157) => 'g',
582 chr(196).chr(158) => 'G', chr(196).chr(159) => 'g',
583 chr(196).chr(160) => 'G', chr(196).chr(161) => 'g',
584 chr(196).chr(162) => 'G', chr(196).chr(163) => 'g',
585 chr(196).chr(164) => 'H', chr(196).chr(165) => 'h',
586 chr(196).chr(166) => 'H', chr(196).chr(167) => 'h',
587 chr(196).chr(168) => 'I', chr(196).chr(169) => 'i',
588 chr(196).chr(170) => 'I', chr(196).chr(171) => 'i',
589 chr(196).chr(172) => 'I', chr(196).chr(173) => 'i',
590 chr(196).chr(174) => 'I', chr(196).chr(175) => 'i',
591 chr(196).chr(176) => 'I', chr(196).chr(177) => 'i',
592 chr(196).chr(178) => 'IJ',chr(196).chr(179) => 'ij',
593 chr(196).chr(180) => 'J', chr(196).chr(181) => 'j',
594 chr(196).chr(182) => 'K', chr(196).chr(183) => 'k',
595 chr(196).chr(184) => 'k', chr(196).chr(185) => 'L',
596 chr(196).chr(186) => 'l', chr(196).chr(187) => 'L',
597 chr(196).chr(188) => 'l', chr(196).chr(189) => 'L',
598 chr(196).chr(190) => 'l', chr(196).chr(191) => 'L',
599 chr(197).chr(128) => 'l', chr(197).chr(129) => 'L',
600 chr(197).chr(130) => 'l', chr(197).chr(131) => 'N',
601 chr(197).chr(132) => 'n', chr(197).chr(133) => 'N',
602 chr(197).chr(134) => 'n', chr(197).chr(135) => 'N',
603 chr(197).chr(136) => 'n', chr(197).chr(137) => 'N',
604 chr(197).chr(138) => 'n', chr(197).chr(139) => 'N',
605 chr(197).chr(140) => 'O', chr(197).chr(141) => 'o',
606 chr(197).chr(142) => 'O', chr(197).chr(143) => 'o',
607 chr(197).chr(144) => 'O', chr(197).chr(145) => 'o',
608 chr(197).chr(146) => 'OE',chr(197).chr(147) => 'oe',
609 chr(197).chr(148) => 'R',chr(197).chr(149) => 'r',
610 chr(197).chr(150) => 'R',chr(197).chr(151) => 'r',
611 chr(197).chr(152) => 'R',chr(197).chr(153) => 'r',
612 chr(197).chr(154) => 'S',chr(197).chr(155) => 's',
613 chr(197).chr(156) => 'S',chr(197).chr(157) => 's',
614 chr(197).chr(158) => 'S',chr(197).chr(159) => 's',
615 chr(197).chr(160) => 'S', chr(197).chr(161) => 's',
616 chr(197).chr(162) => 'T', chr(197).chr(163) => 't',
617 chr(197).chr(164) => 'T', chr(197).chr(165) => 't',
618 chr(197).chr(166) => 'T', chr(197).chr(167) => 't',
619 chr(197).chr(168) => 'U', chr(197).chr(169) => 'u',
620 chr(197).chr(170) => 'U', chr(197).chr(171) => 'u',
621 chr(197).chr(172) => 'U', chr(197).chr(173) => 'u',
622 chr(197).chr(174) => 'U', chr(197).chr(175) => 'u',
623 chr(197).chr(176) => 'U', chr(197).chr(177) => 'u',
624 chr(197).chr(178) => 'U', chr(197).chr(179) => 'u',
625 chr(197).chr(180) => 'W', chr(197).chr(181) => 'w',
626 chr(197).chr(182) => 'Y', chr(197).chr(183) => 'y',
627 chr(197).chr(184) => 'Y', chr(197).chr(185) => 'Z',
628 chr(197).chr(186) => 'z', chr(197).chr(187) => 'Z',
629 chr(197).chr(188) => 'z', chr(197).chr(189) => 'Z',
630 chr(197).chr(190) => 'z', chr(197).chr(191) => 's',
631 // Euro Sign
632 chr(226).chr(130).chr(172) => 'E',
633 // GBP (Pound) Sign
634 chr(194).chr(163) => '');
635
636 $string = strtr($string, $chars);
637 } else {
638 // Assume ISO-8859-1 if not UTF-8
639 $chars['in'] = chr(128).chr(131).chr(138).chr(142).chr(154).chr(158)
640 .chr(159).chr(162).chr(165).chr(181).chr(192).chr(193).chr(194)
641 .chr(195).chr(196).chr(197).chr(199).chr(200).chr(201).chr(202)
642 .chr(203).chr(204).chr(205).chr(206).chr(207).chr(209).chr(210)
643 .chr(211).chr(212).chr(213).chr(214).chr(216).chr(217).chr(218)
644 .chr(219).chr(220).chr(221).chr(224).chr(225).chr(226).chr(227)
645 .chr(228).chr(229).chr(231).chr(232).chr(233).chr(234).chr(235)
646 .chr(236).chr(237).chr(238).chr(239).chr(241).chr(242).chr(243)
647 .chr(244).chr(245).chr(246).chr(248).chr(249).chr(250).chr(251)
648 .chr(252).chr(253).chr(255);
649
650 $chars['out'] = "EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy";
651
652 $string = strtr($string, $chars['in'], $chars['out']);
653 $double_chars['in'] = array(chr(140), chr(156), chr(198), chr(208), chr(222), chr(223), chr(230), chr(240), chr(254));
654 $double_chars['out'] = array('OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th');
655 $string = str_replace($double_chars['in'], $double_chars['out'], $string);
656 }
657
658 return $string;
659}
660
661/**
662 * Sanitizes a filename replacing whitespace with dashes
663 *
664 * Removes special characters that are illegal in filenames on certain
665 * operating systems and special characters requiring special escaping
666 * to manipulate at the command line. Replaces spaces and consecutive
667 * dashes with a single dash. Trim period, dash and underscore from beginning
668 * and end of filename.
669 *
670 * @since 2.1.0
671 *
672 * @param string $filename The filename to be sanitized
673 * @return string The sanitized filename
674 */
675function sanitize_file_name( $filename ) {
676 $filename_raw = $filename;
677 $special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));
678 $special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);
679 $filename = str_replace($special_chars, '', $filename);
680 $filename = preg_replace('/[\s-]+/', '-', $filename);
681 $filename = trim($filename, '.-_');
682
683 // Split the filename into a base and extension[s]
684 $parts = explode('.', $filename);
685
686 // Return if only one extension
687 if ( count($parts) <= 2 )
688 return apply_filters('sanitize_file_name', $filename, $filename_raw);
689
690 // Process multiple extensions
691 $filename = array_shift($parts);
692 $extension = array_pop($parts);
693 $mimes = get_allowed_mime_types();
694
695 // Loop over any intermediate extensions. Munge them with a trailing underscore if they are a 2 - 5 character
696 // long alpha string not in the extension whitelist.
697 foreach ( (array) $parts as $part) {
698 $filename .= '.' . $part;
699
700 if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {
701 $allowed = false;
702 foreach ( $mimes as $ext_preg => $mime_match ) {
703 $ext_preg = '!(^' . $ext_preg . ')$!i';
704 if ( preg_match( $ext_preg, $part ) ) {
705 $allowed = true;
706 break;
707 }
708 }
709 if ( !$allowed )
710 $filename .= '_';
711 }
712 }
713 $filename .= '.' . $extension;
714
715 return apply_filters('sanitize_file_name', $filename, $filename_raw);
716}
717
718/**
719 * Sanitize username stripping out unsafe characters.
720 *
721 * If $strict is true, only alphanumeric characters (as well as _, space, ., -,
722 * @) are returned.
723 * Removes tags, octets, entities, and if strict is enabled, will remove all
724 * non-ASCII characters. After sanitizing, it passes the username, raw username
725 * (the username in the parameter), and the strict parameter as parameters for
726 * the filter.
727 *
728 * @since 2.0.0
729 * @uses apply_filters() Calls 'sanitize_user' hook on username, raw username,
730 * and $strict parameter.
731 *
732 * @param string $username The username to be sanitized.
733 * @param bool $strict If set limits $username to specific characters. Default false.
734 * @return string The sanitized username, after passing through filters.
735 */
736function sanitize_user( $username, $strict = false ) {
737 $raw_username = $username;
738 $username = wp_strip_all_tags( $username );
739 $username = remove_accents( $username );
740 // Kill octets
741 $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );
742 $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities
743
744 // If strict, reduce to ASCII for max portability.
745 if ( $strict )
746 $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );
747
748 // Consolidate contiguous whitespace
749 $username = preg_replace( '|\s+|', ' ', $username );
750
751 return apply_filters( 'sanitize_user', $username, $raw_username, $strict );
752}
753
754/**
755 * Sanitize a string key.
756 *
757 * Keys are used as internal identifiers. They should be lowercase ASCII. Dashes and underscores are allowed.
758 *
759 * @since 3.0.0
760 *
761 * @param string $key String key
762 * @return string Sanitized key
763 */
764function sanitize_key( $key ) {
765 $raw_key = $key;
766 $key = wp_strip_all_tags($key);
767 // Kill octets
768 $key = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $key);
769 $key = preg_replace('/&.+?;/', '', $key); // Kill entities
770
771 $key = preg_replace('|[^a-z0-9 _.\-@]|i', '', $key);
772
773 // Consolidate contiguous whitespace
774 $key = preg_replace('|\s+|', ' ', $key);
775
776 return apply_filters('sanitize_key', $key, $raw_key);
777}
778
779/**
780 * Sanitizes title or use fallback title.
781 *
782 * Specifically, HTML and PHP tags are stripped. Further actions can be added
783 * via the plugin API. If $title is empty and $fallback_title is set, the latter
784 * will be used.
785 *
786 * @since 1.0.0
787 *
788 * @param string $title The string to be sanitized.
789 * @param string $fallback_title Optional. A title to use if $title is empty.
790 * @return string The sanitized string.
791 */
792function sanitize_title($title, $fallback_title = '') {
793 $raw_title = $title;
794 $title = strip_tags($title);
795 $title = apply_filters('sanitize_title', $title, $raw_title);
796
797 if ( '' === $title || false === $title )
798 $title = $fallback_title;
799
800 return $title;
801}
802
803/**
804 * Sanitizes title, replacing whitespace with dashes.
805 *
806 * Limits the output to alphanumeric characters, underscore (_) and dash (-).
807 * Whitespace becomes a dash.
808 *
809 * @since 1.2.0
810 *
811 * @param string $title The title to be sanitized.
812 * @return string The sanitized title.
813 */
814function sanitize_title_with_dashes($title) {
815 $title = strip_tags($title);
816 // Preserve escaped octets.
817 $title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
818 // Remove percent signs that are not part of an octet.
819 $title = str_replace('%', '', $title);
820 // Restore octets.
821 $title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
822
823 $title = remove_accents($title);
824 if (seems_utf8($title)) {
825 if (function_exists('mb_strtolower')) {
826 $title = mb_strtolower($title, 'UTF-8');
827 }
828 $title = utf8_uri_encode($title, 200);
829 }
830
831 $title = strtolower($title);
832 $title = preg_replace('/&.+?;/', '', $title); // kill entities
833 $title = str_replace('.', '-', $title);
834 $title = preg_replace('/[^%a-z0-9 _-]/', '', $title);
835 $title = preg_replace('/\s+/', '-', $title);
836 $title = preg_replace('|-+|', '-', $title);
837 $title = trim($title, '-');
838
839 return $title;
840}
841
842/**
843 * Ensures a string is a valid SQL order by clause.
844 *
845 * Accepts one or more columns, with or without ASC/DESC, and also accepts
846 * RAND().
847 *
848 * @since 2.5.1
849 *
850 * @param string $orderby Order by string to be checked.
851 * @return string|false Returns the order by clause if it is a match, false otherwise.
852 */
853function sanitize_sql_orderby( $orderby ){
854 preg_match('/^\s*([a-z0-9_]+(\s+(ASC|DESC))?(\s*,\s*|\s*$))+|^\s*RAND\(\s*\)\s*$/i', $orderby, $obmatches);
855 if ( !$obmatches )
856 return false;
857 return $orderby;
858}
859
860/**
861 * Santizes a html classname to ensure it only contains valid characters
862 *
863 * Strips the string down to A-Z,a-z,0-9,'-' if this results in an empty
864 * string then it will return the alternative value supplied.
865 *
866 * @todo Expand to support the full range of CDATA that a class attribute can contain.
867 *
868 * @since 2.8.0
869 *
870 * @param string $class The classname to be sanitized
871 * @param string $fallback Optional. The value to return if the sanitization end's up as an empty string.
872 * Defaults to an empty string.
873 * @return string The sanitized value
874 */
875function sanitize_html_class( $class, $fallback = '' ) {
876 //Strip out any % encoded octets
877 $sanitized = preg_replace('|%[a-fA-F0-9][a-fA-F0-9]|', '', $class);
878
879 //Limit to A-Z,a-z,0-9,'-'
880 $sanitized = preg_replace('/[^A-Za-z0-9-]/', '', $sanitized);
881
882 if ( '' == $sanitized )
883 $sanitized = $fallback;
884
885 return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );
886}
887
888/**
889 * Converts a number of characters from a string.
890 *
891 * Metadata tags <<title>> and <<category>> are removed, <<br>> and <<hr>> are
892 * converted into correct XHTML and Unicode characters are converted to the
893 * valid range.
894 *
895 * @since 0.71
896 *
897 * @param string $content String of characters to be converted.
898 * @param string $deprecated Not used.
899 * @return string Converted string.
900 */
901function convert_chars($content, $deprecated = '') {
902 if ( !empty( $deprecated ) )
903 _deprecated_argument( __FUNCTION__, '0.71' );
904
905 // Translation of invalid Unicode references range to valid range
906 $wp_htmltranswinuni = array(
907 '€' => '€', // the Euro sign
908 '' => '',
909 '‚' => '‚', // these are Windows CP1252 specific characters
910 'ƒ' => 'ƒ', // they would look weird on non-Windows browsers
911 '„' => '„',
912 '…' => '…',
913 '†' => '†',
914 '‡' => '‡',
915 'ˆ' => 'ˆ',
916 '‰' => '‰',
917 'Š' => 'Š',
918 '‹' => '‹',
919 'Œ' => 'Œ',
920 '' => '',
921 'Ž' => 'ž',
922 '' => '',
923 '' => '',
924 '‘' => '‘',
925 '’' => '’',
926 '“' => '“',
927 '”' => '”',
928 '•' => '•',
929 '–' => '–',
930 '—' => '—',
931 '˜' => '˜',
932 '™' => '™',
933 'š' => 'š',
934 '›' => '›',
935 'œ' => 'œ',
936 '' => '',
937 'ž' => '',
938 'Ÿ' => 'Ÿ'
939 );
940
941 // Remove metadata tags
942 $content = preg_replace('/<title>(.+?)<\/title>/','',$content);
943 $content = preg_replace('/<category>(.+?)<\/category>/','',$content);
944
945 // Converts lone & characters into & (a.k.a. &)
946 $content = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/i', '&$1', $content);
947
948 // Fix Word pasting
949 $content = strtr($content, $wp_htmltranswinuni);
950
951 // Just a little XHTML help
952 $content = str_replace('<br>', '<br />', $content);
953 $content = str_replace('<hr>', '<hr />', $content);
954
955 return $content;
956}
957
958/**
959 * Will only balance the tags if forced to and the option is set to balance tags.
960 *
961 * The option 'use_balanceTags' is used for whether the tags will be balanced.
962 * Both the $force parameter and 'use_balanceTags' option will have to be true
963 * before the tags will be balanced.
964 *
965 * @since 0.71
966 *
967 * @param string $text Text to be balanced
968 * @param bool $force Forces balancing, ignoring the value of the option. Default false.
969 * @return string Balanced text
970 */
971function balanceTags( $text, $force = false ) {
972 if ( !$force && get_option('use_balanceTags') == 0 )
973 return $text;
974 return force_balance_tags( $text );
975}
976
977/**
978 * Balances tags of string using a modified stack.
979 *
980 * @since 2.0.4
981 *
982 * @author Leonard Lin <leonard@acm.org>
983 * @license GPL v2.0
984 * @copyright November 4, 2001
985 * @version 1.1
986 * @todo Make better - change loop condition to $text in 1.2
987 * @internal Modified by Scott Reilly (coffee2code) 02 Aug 2004
988 * 1.1 Fixed handling of append/stack pop order of end text
989 * Added Cleaning Hooks
990 * 1.0 First Version
991 *
992 * @param string $text Text to be balanced.
993 * @return string Balanced text.
994 */
995function force_balance_tags( $text ) {
996 $tagstack = array();
997 $stacksize = 0;
998 $tagqueue = '';
999 $newtext = '';
1000 $single_tags = array('br', 'hr', 'img', 'input'); // Known single-entity/self-closing tags
/var/www/wordpress/wp-includes/functions.php
/var/www/wordpress/wp-includes/functions.wp-scripts.php
/var/www/wordpress/wp-includes/functions.wp-styles.php
/var/www/wordpress/wp-includes/general-template.php
/var/www/wordpress/wp-includes/http.php
/var/www/wordpress/wp-includes/kses.php
/var/www/wordpress/wp-includes/l10n.php
/var/www/wordpress/wp-includes/link-template.php
/var/www/wordpress/wp-includes/load.php
/var/www/wordpress/wp-includes/locale.php
/var/www/wordpress/wp-includes/media.php
/var/www/wordpress/wp-includes/meta.php
/var/www/wordpress/wp-includes/ms-blogs.php
/var/www/wordpress/wp-includes/ms-default-constants.php
/var/www/wordpress/wp-includes/ms-default-filters.php
/var/www/wordpress/wp-includes/ms-deprecated.php
/var/www/wordpress/wp-includes/ms-files.php
/var/www/wordpress/wp-includes/ms-functions.php
/var/www/wordpress/wp-includes/ms-load.php
/var/www/wordpress/wp-includes/ms-settings.php
/var/www/wordpress/wp-includes/nav-menu-template.php
/var/www/wordpress/wp-includes/nav-menu.php
/var/www/wordpress/wp-includes/pluggable-deprecated.php
/var/www/wordpress/wp-includes/pluggable.php
/var/www/wordpress/wp-includes/plugin.php
/var/www/wordpress/wp-includes/post-template.php
/var/www/wordpress/wp-includes/post-thumbnail-template.php
/var/www/wordpress/wp-includes/post.php
/var/www/wordpress/wp-includes/query.php
/var/www/wordpress/wp-includes/registration-functions.php
/var/www/wordpress/wp-includes/registration.php
/var/www/wordpress/wp-includes/rewrite.php
/var/www/wordpress/wp-includes/rss-functions.php
/var/www/wordpress/wp-includes/rss.php
/var/www/wordpress/wp-includes/script-loader.php
/var/www/wordpress/wp-includes/shortcodes.php
/var/www/wordpress/wp-includes/taxonomy.php
/var/www/wordpress/wp-includes/template-loader.php
/var/www/wordpress/wp-includes/theme.php
/var/www/wordpress/wp-includes/update.php
/var/www/wordpress/wp-includes/user.php
/var/www/wordpress/wp-includes/vars.php
/var/www/wordpress/wp-includes/version.php
/var/www/wordpress/wp-includes/widgets.php
/var/www/wordpress/wp-includes/wp-db.php
/var/www/wordpress/wp-includes/wp-diff.php
/var/www/wordpress/index.php
/var/www/wordpress/wp-activate.php
/var/www/wordpress/wp-app.php
/var/www/wordpress/wp-atom.php
/var/www/wordpress/wp-blog-header.php
/var/www/wordpress/wp-comments-post.php
/var/www/wordpress/wp-commentsrss2.php
/var/www/wordpress/wp-config-sample.php
/var/www/wordpress/wp-cron.php
/var/www/wordpress/wp-feed.php
/var/www/wordpress/wp-links-opml.php
/var/www/wordpress/wp-load.php
/var/www/wordpress/wp-login.php
/var/www/wordpress/wp-mail.php
/var/www/wordpress/wp-pass.php
/var/www/wordpress/wp-rdf.php
/var/www/wordpress/wp-register.php
/var/www/wordpress/wp-rss.php
/var/www/wordpress/wp-rss2.php
/var/www/wordpress/wp-settings.php
/var/www/wordpress/wp-signup.php
/var/www/wordpress/wp-trackback.php
/var/www/wordpress/xmlrpc.php