| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Main WordPress Formatting API. 4 * 5 * Handles many functions for formatting output. 6 * 7 * @package WordPress 8 */ 9 10 /** 11 * Replaces common plain text characters with formatted entities. 12 * 13 * Returns given text with transformations of quotes into smart quotes, apostrophes, 14 * dashes, ellipses, the trademark symbol, and the multiplication symbol. 15 * 16 * As an example, 17 * 18 * 'cause today's effort makes it worth tomorrow's "holiday" ... 19 * 20 * Becomes: 21 * 22 * ’cause today’s effort makes it worth tomorrow’s “holiday” … 23 * 24 * Code within certain HTML blocks are skipped. 25 * 26 * Do not use this function before the {@see 'init'} action hook; everything will break. 27 * 28 * @since 0.71 29 * 30 * @global array $wp_cockneyreplace Array of formatted entities for certain common phrases. 31 * @global array $shortcode_tags 32 * @staticvar array $static_characters 33 * @staticvar array $static_replacements 34 * @staticvar array $dynamic_characters 35 * @staticvar array $dynamic_replacements 36 * @staticvar array $default_no_texturize_tags 37 * @staticvar array $default_no_texturize_shortcodes 38 * @staticvar bool $run_texturize 39 * @staticvar string $apos 40 * @staticvar string $prime 41 * @staticvar string $double_prime 42 * @staticvar string $opening_quote 43 * @staticvar string $closing_quote 44 * @staticvar string $opening_single_quote 45 * @staticvar string $closing_single_quote 46 * @staticvar string $open_q_flag 47 * @staticvar string $open_sq_flag 48 * @staticvar string $apos_flag 49 * 50 * @param string $text The text to be formatted. 51 * @param bool $reset Set to true for unit testing. Translated patterns will reset. 52 * @return string The string replaced with HTML entities. 53 */ 54 function wptexturize( $text, $reset = false ) { 55 global $wp_cockneyreplace, $shortcode_tags; 56 static $static_characters = null, 57 $static_replacements = null, 58 $dynamic_characters = null, 59 $dynamic_replacements = null, 60 $default_no_texturize_tags = null, 61 $default_no_texturize_shortcodes = null, 62 $run_texturize = true, 63 $apos = null, 64 $prime = null, 65 $double_prime = null, 66 $opening_quote = null, 67 $closing_quote = null, 68 $opening_single_quote = null, 69 $closing_single_quote = null, 70 $open_q_flag = '<!--oq-->', 71 $open_sq_flag = '<!--osq-->', 72 $apos_flag = '<!--apos-->'; 73 74 // If there's nothing to do, just stop. 75 if ( empty( $text ) || false === $run_texturize ) { 76 return $text; 77 } 78 79 // Set up static variables. Run once only. 80 if ( $reset || ! isset( $static_characters ) ) { 81 /** 82 * Filters whether to skip running wptexturize(). 83 * 84 * Passing false to the filter will effectively short-circuit wptexturize(). 85 * returning the original text passed to the function instead. 86 * 87 * The filter runs only once, the first time wptexturize() is called. 88 * 89 * @since 4.0.0 90 * 91 * @see wptexturize() 92 * 93 * @param bool $run_texturize Whether to short-circuit wptexturize(). 94 */ 95 $run_texturize = apply_filters( 'run_wptexturize', $run_texturize ); 96 if ( false === $run_texturize ) { 97 return $text; 98 } 99 100 /* translators: Opening curly double quote. */ 101 $opening_quote = _x( '“', 'opening curly double quote' ); 102 /* translators: Closing curly double quote. */ 103 $closing_quote = _x( '”', 'closing curly double quote' ); 104 105 /* translators: Apostrophe, for example in 'cause or can't. */ 106 $apos = _x( '’', 'apostrophe' ); 107 108 /* translators: Prime, for example in 9' (nine feet). */ 109 $prime = _x( '′', 'prime' ); 110 /* translators: Double prime, for example in 9" (nine inches). */ 111 $double_prime = _x( '″', 'double prime' ); 112 113 /* translators: Opening curly single quote. */ 114 $opening_single_quote = _x( '‘', 'opening curly single quote' ); 115 /* translators: Closing curly single quote. */ 116 $closing_single_quote = _x( '’', 'closing curly single quote' ); 117 118 /* translators: En dash. */ 119 $en_dash = _x( '–', 'en dash' ); 120 /* translators: Em dash. */ 121 $em_dash = _x( '—', 'em dash' ); 122 123 $default_no_texturize_tags = array( 'pre', 'code', 'kbd', 'style', 'script', 'tt' ); 124 $default_no_texturize_shortcodes = array( 'code' ); 125 126 // if a plugin has provided an autocorrect array, use it 127 if ( isset( $wp_cockneyreplace ) ) { 128 $cockney = array_keys( $wp_cockneyreplace ); 129 $cockneyreplace = array_values( $wp_cockneyreplace ); 130 } else { 131 /* 132 * translators: This is a comma-separated list of words that defy the syntax of quotations in normal use, 133 * for example... 'We do not have enough words yet' ... is a typical quoted phrase. But when we write 134 * lines of code 'til we have enough of 'em, then we need to insert apostrophes instead of quotes. 135 */ 136 $cockney = explode( 137 ',', 138 _x( 139 "'tain't,'twere,'twas,'tis,'twill,'til,'bout,'nuff,'round,'cause,'em", 140 'Comma-separated list of words to texturize in your language' 141 ) 142 ); 143 144 $cockneyreplace = explode( 145 ',', 146 _x( 147 '’tain’t,’twere,’twas,’tis,’twill,’til,’bout,’nuff,’round,’cause,’em', 148 'Comma-separated list of replacement words in your language' 149 ) 150 ); 151 } 152 153 $static_characters = array_merge( array( '...', '``', '\'\'', ' (tm)' ), $cockney ); 154 $static_replacements = array_merge( array( '…', $opening_quote, $closing_quote, ' ™' ), $cockneyreplace ); 155 156 // Pattern-based replacements of characters. 157 // Sort the remaining patterns into several arrays for performance tuning. 158 $dynamic_characters = array( 159 'apos' => array(), 160 'quote' => array(), 161 'dash' => array(), 162 ); 163 $dynamic_replacements = array( 164 'apos' => array(), 165 'quote' => array(), 166 'dash' => array(), 167 ); 168 $dynamic = array(); 169 $spaces = wp_spaces_regexp(); 170 171 // '99' and '99" are ambiguous among other patterns; assume it's an abbreviated year at the end of a quotation. 172 if ( "'" !== $apos || "'" !== $closing_single_quote ) { 173 $dynamic[ '/\'(\d\d)\'(?=\Z|[.,:;!?)}\-\]]|>|' . $spaces . ')/' ] = $apos_flag . '$1' . $closing_single_quote; 174 } 175 if ( "'" !== $apos || '"' !== $closing_quote ) { 176 $dynamic[ '/\'(\d\d)"(?=\Z|[.,:;!?)}\-\]]|>|' . $spaces . ')/' ] = $apos_flag . '$1' . $closing_quote; 177 } 178 179 // '99 '99s '99's (apostrophe) But never '9 or '99% or '999 or '99.0. 180 if ( "'" !== $apos ) { 181 $dynamic['/\'(?=\d\d(?:\Z|(?![%\d]|[.,]\d)))/'] = $apos_flag; 182 } 183 184 // Quoted Numbers like '0.42' 185 if ( "'" !== $opening_single_quote && "'" !== $closing_single_quote ) { 186 $dynamic[ '/(?<=\A|' . $spaces . ')\'(\d[.,\d]*)\'/' ] = $open_sq_flag . '$1' . $closing_single_quote; 187 } 188 189 // Single quote at start, or preceded by (, {, <, [, ", -, or spaces. 190 if ( "'" !== $opening_single_quote ) { 191 $dynamic[ '/(?<=\A|[([{"\-]|<|' . $spaces . ')\'/' ] = $open_sq_flag; 192 } 193 194 // Apostrophe in a word. No spaces, double apostrophes, or other punctuation. 195 if ( "'" !== $apos ) { 196 $dynamic[ '/(?<!' . $spaces . ')\'(?!\Z|[.,:;!?"\'(){}[\]\-]|&[lg]t;|' . $spaces . ')/' ] = $apos_flag; 197 } 198 199 $dynamic_characters['apos'] = array_keys( $dynamic ); 200 $dynamic_replacements['apos'] = array_values( $dynamic ); 201 $dynamic = array(); 202 203 // Quoted Numbers like "42" 204 if ( '"' !== $opening_quote && '"' !== $closing_quote ) { 205 $dynamic[ '/(?<=\A|' . $spaces . ')"(\d[.,\d]*)"/' ] = $open_q_flag . '$1' . $closing_quote; 206 } 207 208 // Double quote at start, or preceded by (, {, <, [, -, or spaces, and not followed by spaces. 209 if ( '"' !== $opening_quote ) { 210 $dynamic[ '/(?<=\A|[([{\-]|<|' . $spaces . ')"(?!' . $spaces . ')/' ] = $open_q_flag; 211 } 212 213 $dynamic_characters['quote'] = array_keys( $dynamic ); 214 $dynamic_replacements['quote'] = array_values( $dynamic ); 215 $dynamic = array(); 216 217 // Dashes and spaces 218 $dynamic['/---/'] = $em_dash; 219 $dynamic[ '/(?<=^|' . $spaces . ')--(?=$|' . $spaces . ')/' ] = $em_dash; 220 $dynamic['/(?<!xn)--/'] = $en_dash; 221 $dynamic[ '/(?<=^|' . $spaces . ')-(?=$|' . $spaces . ')/' ] = $en_dash; 222 223 $dynamic_characters['dash'] = array_keys( $dynamic ); 224 $dynamic_replacements['dash'] = array_values( $dynamic ); 225 } 226 227 // Must do this every time in case plugins use these filters in a context sensitive manner 228 /** 229 * Filters the list of HTML elements not to texturize. 230 * 231 * @since 2.8.0 232 * 233 * @param string[] $default_no_texturize_tags An array of HTML element names. 234 */ 235 $no_texturize_tags = apply_filters( 'no_texturize_tags', $default_no_texturize_tags ); 236 /** 237 * Filters the list of shortcodes not to texturize. 238 * 239 * @since 2.8.0 240 * 241 * @param string[] $default_no_texturize_shortcodes An array of shortcode names. 242 */ 243 $no_texturize_shortcodes = apply_filters( 'no_texturize_shortcodes', $default_no_texturize_shortcodes ); 244 245 $no_texturize_tags_stack = array(); 246 $no_texturize_shortcodes_stack = array(); 247 248 // Look for shortcodes and HTML elements. 249 250 preg_match_all( '@\[/?([^<>&/\[\]\x00-\x20=]++)@', $text, $matches ); 251 $tagnames = array_intersect( array_keys( $shortcode_tags ), $matches[1] ); 252 $found_shortcodes = ! empty( $tagnames ); 253 $shortcode_regex = $found_shortcodes ? _get_wptexturize_shortcode_regex( $tagnames ) : ''; 254 $regex = _get_wptexturize_split_regex( $shortcode_regex ); 255 256 $textarr = preg_split( $regex, $text, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY ); 257 258 foreach ( $textarr as &$curl ) { 259 // Only call _wptexturize_pushpop_element if $curl is a delimiter. 260 $first = $curl[0]; 261 if ( '<' === $first ) { 262 if ( '<!--' === substr( $curl, 0, 4 ) ) { 263 // This is an HTML comment delimiter. 264 continue; 265 } else { 266 // This is an HTML element delimiter. 267 268 // Replace each & with & unless it already looks like an entity. 269 $curl = preg_replace( '/&(?!#(?:\d+|x[a-f0-9]+);|[a-z1-4]{1,8};)/i', '&', $curl ); 270 271 _wptexturize_pushpop_element( $curl, $no_texturize_tags_stack, $no_texturize_tags ); 272 } 273 } elseif ( '' === trim( $curl ) ) { 274 // This is a newline between delimiters. Performance improves when we check this. 275 continue; 276 277 } elseif ( '[' === $first && $found_shortcodes && 1 === preg_match( '/^' . $shortcode_regex . '$/', $curl ) ) { 278 // This is a shortcode delimiter. 279 280 if ( '[[' !== substr( $curl, 0, 2 ) && ']]' !== substr( $curl, -2 ) ) { 281 // Looks like a normal shortcode. 282 _wptexturize_pushpop_element( $curl, $no_texturize_shortcodes_stack, $no_texturize_shortcodes ); 283 } else { 284 // Looks like an escaped shortcode. 285 continue; 286 } 287 } elseif ( empty( $no_texturize_shortcodes_stack ) && empty( $no_texturize_tags_stack ) ) { 288 // This is neither a delimiter, nor is this content inside of no_texturize pairs. Do texturize. 289 290 $curl = str_replace( $static_characters, $static_replacements, $curl ); 291 292 if ( false !== strpos( $curl, "'" ) ) { 293 $curl = preg_replace( $dynamic_characters['apos'], $dynamic_replacements['apos'], $curl ); 294 $curl = wptexturize_primes( $curl, "'", $prime, $open_sq_flag, $closing_single_quote ); 295 $curl = str_replace( $apos_flag, $apos, $curl ); 296 $curl = str_replace( $open_sq_flag, $opening_single_quote, $curl ); 297 } 298 if ( false !== strpos( $curl, '"' ) ) { 299 $curl = preg_replace( $dynamic_characters['quote'], $dynamic_replacements['quote'], $curl ); 300 $curl = wptexturize_primes( $curl, '"', $double_prime, $open_q_flag, $closing_quote ); 301 $curl = str_replace( $open_q_flag, $opening_quote, $curl ); 302 } 303 if ( false !== strpos( $curl, '-' ) ) { 304 $curl = preg_replace( $dynamic_characters['dash'], $dynamic_replacements['dash'], $curl ); 305 } 306 307 // 9x9 (times), but never 0x9999 308 if ( 1 === preg_match( '/(?<=\d)x\d/', $curl ) ) { 309 // Searching for a digit is 10 times more expensive than for the x, so we avoid doing this one! 310 $curl = preg_replace( '/\b(\d(?(?<=0)[\d\.,]+|[\d\.,]*))x(\d[\d\.,]*)\b/', '$1×$2', $curl ); 311 } 312 313 // Replace each & with & unless it already looks like an entity. 314 $curl = preg_replace( '/&(?!#(?:\d+|x[a-f0-9]+);|[a-z1-4]{1,8};)/i', '&', $curl ); 315 } 316 } 317 318 return implode( '', $textarr ); 319 } 320 321 /** 322 * Implements a logic tree to determine whether or not "7'." represents seven feet, 323 * then converts the special char into either a prime char or a closing quote char. 324 * 325 * @since 4.3.0 326 * 327 * @param string $haystack The plain text to be searched. 328 * @param string $needle The character to search for such as ' or ". 329 * @param string $prime The prime char to use for replacement. 330 * @param string $open_quote The opening quote char. Opening quote replacement must be 331 * accomplished already. 332 * @param string $close_quote The closing quote char to use for replacement. 333 * @return string The $haystack value after primes and quotes replacements. 334 */ 335 function wptexturize_primes( $haystack, $needle, $prime, $open_quote, $close_quote ) { 336 $spaces = wp_spaces_regexp(); 337 $flag = '<!--wp-prime-or-quote-->'; 338 $quote_pattern = "/$needle(?=\\Z|[.,:;!?)}\\-\\]]|>|" . $spaces . ')/'; 339 $prime_pattern = "/(?<=\\d)$needle/"; 340 $flag_after_digit = "/(?<=\\d)$flag/"; 341 $flag_no_digit = "/(?<!\\d)$flag/"; 342 343 $sentences = explode( $open_quote, $haystack ); 344 345 foreach ( $sentences as $key => &$sentence ) { 346 if ( false === strpos( $sentence, $needle ) ) { 347 continue; 348 } elseif ( 0 !== $key && 0 === substr_count( $sentence, $close_quote ) ) { 349 $sentence = preg_replace( $quote_pattern, $flag, $sentence, -1, $count ); 350 if ( $count > 1 ) { 351 // This sentence appears to have multiple closing quotes. Attempt Vulcan logic. 352 $sentence = preg_replace( $flag_no_digit, $close_quote, $sentence, -1, $count2 ); 353 if ( 0 === $count2 ) { 354 // Try looking for a quote followed by a period. 355 $count2 = substr_count( $sentence, "$flag." ); 356 if ( $count2 > 0 ) { 357 // Assume the rightmost quote-period match is the end of quotation. 358 $pos = strrpos( $sentence, "$flag." ); 359 } else { 360 // When all else fails, make the rightmost candidate a closing quote. 361 // This is most likely to be problematic in the context of bug #18549. 362 $pos = strrpos( $sentence, $flag ); 363 } 364 $sentence = substr_replace( $sentence, $close_quote, $pos, strlen( $flag ) ); 365 } 366 // Use conventional replacement on any remaining primes and quotes. 367 $sentence = preg_replace( $prime_pattern, $prime, $sentence ); 368 $sentence = preg_replace( $flag_after_digit, $prime, $sentence ); 369 $sentence = str_replace( $flag, $close_quote, $sentence ); 370 } elseif ( 1 == $count ) { 371 // Found only one closing quote candidate, so give it priority over primes. 372 $sentence = str_replace( $flag, $close_quote, $sentence ); 373 $sentence = preg_replace( $prime_pattern, $prime, $sentence ); 374 } else { 375 // No closing quotes found. Just run primes pattern. 376 $sentence = preg_replace( $prime_pattern, $prime, $sentence ); 377 } 378 } else { 379 $sentence = preg_replace( $prime_pattern, $prime, $sentence ); 380 $sentence = preg_replace( $quote_pattern, $close_quote, $sentence ); 381 } 382 if ( '"' == $needle && false !== strpos( $sentence, '"' ) ) { 383 $sentence = str_replace( '"', $close_quote, $sentence ); 384 } 385 } 386 387 return implode( $open_quote, $sentences ); 388 } 389 390 /** 391 * Search for disabled element tags. Push element to stack on tag open and pop 392 * on tag close. 393 * 394 * Assumes first char of $text is tag opening and last char is tag closing. 395 * Assumes second char of $text is optionally '/' to indicate closing as in </html>. 396 * 397 * @since 2.9.0 398 * @access private 399 * 400 * @param string $text Text to check. Must be a tag like `<html>` or `[shortcode]`. 401 * @param string[] $stack Array of open tag elements. 402 * @param string[] $disabled_elements Array of tag names to match against. Spaces are not allowed in tag names. 403 */ 404 function _wptexturize_pushpop_element( $text, &$stack, $disabled_elements ) { 405 // Is it an opening tag or closing tag? 406 if ( isset( $text[1] ) && '/' !== $text[1] ) { 407 $opening_tag = true; 408 $name_offset = 1; 409 } elseif ( 0 == count( $stack ) ) { 410 // Stack is empty. Just stop. 411 return; 412 } else { 413 $opening_tag = false; 414 $name_offset = 2; 415 } 416 417 // Parse out the tag name. 418 $space = strpos( $text, ' ' ); 419 if ( false === $space ) { 420 $space = -1; 421 } else { 422 $space -= $name_offset; 423 } 424 $tag = substr( $text, $name_offset, $space ); 425 426 // Handle disabled tags. 427 if ( in_array( $tag, $disabled_elements ) ) { 428 if ( $opening_tag ) { 429 /* 430 * This disables texturize until we find a closing tag of our type 431 * (e.g. <pre>) even if there was invalid nesting before that 432 * 433 * Example: in the case <pre>sadsadasd</code>"baba"</pre> 434 * "baba" won't be texturize 435 */ 436 437 array_push( $stack, $tag ); 438 } elseif ( end( $stack ) == $tag ) { 439 array_pop( $stack ); 440 } 441 } 442 } 443 444 /** 445 * Replaces double line-breaks with paragraph elements. 446 * 447 * A group of regex replaces used to identify text formatted with newlines and 448 * replace double line-breaks with HTML paragraph tags. The remaining line-breaks 449 * after conversion become <<br />> tags, unless $br is set to '0' or 'false'. 450 * 451 * @since 0.71 452 * 453 * @param string $pee The text which has to be formatted. 454 * @param bool $br Optional. If set, this will convert all remaining line-breaks 455 * after paragraphing. Default true. 456 * @return string Text which has been converted into correct paragraph tags. 457 */ 458 function wpautop( $pee, $br = true ) { 459 $pre_tags = array(); 460 461 if ( trim( $pee ) === '' ) { 462 return ''; 463 } 464 465 // Just to make things a little easier, pad the end. 466 $pee = $pee . "\n"; 467 468 /* 469 * Pre tags shouldn't be touched by autop. 470 * Replace pre tags with placeholders and bring them back after autop. 471 */ 472 if ( strpos( $pee, '<pre' ) !== false ) { 473 $pee_parts = explode( '</pre>', $pee ); 474 $last_pee = array_pop( $pee_parts ); 475 $pee = ''; 476 $i = 0; 477 478 foreach ( $pee_parts as $pee_part ) { 479 $start = strpos( $pee_part, '<pre' ); 480 481 // Malformed html? 482 if ( $start === false ) { 483 $pee .= $pee_part; 484 continue; 485 } 486 487 $name = "<pre wp-pre-tag-$i></pre>"; 488 $pre_tags[ $name ] = substr( $pee_part, $start ) . '</pre>'; 489 490 $pee .= substr( $pee_part, 0, $start ) . $name; 491 $i++; 492 } 493 494 $pee .= $last_pee; 495 } 496 // Change multiple <br>s into two line breaks, which will turn into paragraphs. 497 $pee = preg_replace( '|<br\s*/?>\s*<br\s*/?>|', "\n\n", $pee ); 498 499 $allblocks = '(?:table|thead|tfoot|caption|col|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|form|map|area|blockquote|address|math|style|p|h[1-6]|hr|fieldset|legend|section|article|aside|hgroup|header|footer|nav|figure|figcaption|details|menu|summary)'; 500 501 // Add a double line break above block-level opening tags. 502 $pee = preg_replace( '!(<' . $allblocks . '[\s/>])!', "\n\n$1", $pee ); 503 504 // Add a double line break below block-level closing tags. 505 $pee = preg_replace( '!(</' . $allblocks . '>)!', "$1\n\n", $pee ); 506 507 // Add a double line break after hr tags, which are self closing. 508 $pee = preg_replace( '!(<hr\s*?/?>)!', "$1\n\n", $pee ); 509 510 // Standardize newline characters to "\n". 511 $pee = str_replace( array( "\r\n", "\r" ), "\n", $pee ); 512 513 // Find newlines in all elements and add placeholders. 514 $pee = wp_replace_in_html_tags( $pee, array( "\n" => ' <!-- wpnl --> ' ) ); 515 516 // Collapse line breaks before and after <option> elements so they don't get autop'd. 517 if ( strpos( $pee, '<option' ) !== false ) { 518 $pee = preg_replace( '|\s*<option|', '<option', $pee ); 519 $pee = preg_replace( '|</option>\s*|', '</option>', $pee ); 520 } 521 522 /* 523 * Collapse line breaks inside <object> elements, before <param> and <embed> elements 524 * so they don't get autop'd. 525 */ 526 if ( strpos( $pee, '</object>' ) !== false ) { 527 $pee = preg_replace( '|(<object[^>]*>)\s*|', '$1', $pee ); 528 $pee = preg_replace( '|\s*</object>|', '</object>', $pee ); 529 $pee = preg_replace( '%\s*(</?(?:param|embed)[^>]*>)\s*%', '$1', $pee ); 530 } 531 532 /* 533 * Collapse line breaks inside <audio> and <video> elements, 534 * before and after <source> and <track> elements. 535 */ 536 if ( strpos( $pee, '<source' ) !== false || strpos( $pee, '<track' ) !== false ) { 537 $pee = preg_replace( '%([<\[](?:audio|video)[^>\]]*[>\]])\s*%', '$1', $pee ); 538 $pee = preg_replace( '%\s*([<\[]/(?:audio|video)[>\]])%', '$1', $pee ); 539 $pee = preg_replace( '%\s*(<(?:source|track)[^>]*>)\s*%', '$1', $pee ); 540 } 541 542 // Collapse line breaks before and after <figcaption> elements. 543 if ( strpos( $pee, '<figcaption' ) !== false ) { 544 $pee = preg_replace( '|\s*(<figcaption[^>]*>)|', '$1', $pee ); 545 $pee = preg_replace( '|</figcaption>\s*|', '</figcaption>', $pee ); 546 } 547 548 // Remove more than two contiguous line breaks. 549 $pee = preg_replace( "/\n\n+/", "\n\n", $pee ); 550 551 // Split up the contents into an array of strings, separated by double line breaks. 552 $pees = preg_split( '/\n\s*\n/', $pee, -1, PREG_SPLIT_NO_EMPTY ); 553 554 // Reset $pee prior to rebuilding. 555 $pee = ''; 556 557 // Rebuild the content as a string, wrapping every bit with a <p>. 558 foreach ( $pees as $tinkle ) { 559 $pee .= '<p>' . trim( $tinkle, "\n" ) . "</p>\n"; 560 } 561 562 // Under certain strange conditions it could create a P of entirely whitespace. 563 $pee = preg_replace( '|<p>\s*</p>|', '', $pee ); 564 565 // Add a closing <p> inside <div>, <address>, or <form> tag if missing. 566 $pee = preg_replace( '!<p>([^<]+)</(div|address|form)>!', '<p>$1</p></$2>', $pee ); 567 568 // If an opening or closing block element tag is wrapped in a <p>, unwrap it. 569 $pee = preg_replace( '!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', '$1', $pee ); 570 571 // In some cases <li> may get wrapped in <p>, fix them. 572 $pee = preg_replace( '|<p>(<li.+?)</p>|', '$1', $pee ); 573 574 // If a <blockquote> is wrapped with a <p>, move it inside the <blockquote>. 575 $pee = preg_replace( '|<p><blockquote([^>]*)>|i', '<blockquote$1><p>', $pee ); 576 $pee = str_replace( '</blockquote></p>', '</p></blockquote>', $pee ); 577 578 // If an opening or closing block element tag is preceded by an opening <p> tag, remove it. 579 $pee = preg_replace( '!<p>\s*(</?' . $allblocks . '[^>]*>)!', '$1', $pee ); 580 581 // If an opening or closing block element tag is followed by a closing <p> tag, remove it. 582 $pee = preg_replace( '!(</?' . $allblocks . '[^>]*>)\s*</p>!', '$1', $pee ); 583 584 // Optionally insert line breaks. 585 if ( $br ) { 586 // Replace newlines that shouldn't be touched with a placeholder. 587 $pee = preg_replace_callback( '/<(script|style|svg).*?<\/\\1>/s', '_autop_newline_preservation_helper', $pee ); 588 589 // Normalize <br> 590 $pee = str_replace( array( '<br>', '<br/>' ), '<br />', $pee ); 591 592 // Replace any new line characters that aren't preceded by a <br /> with a <br />. 593 $pee = preg_replace( '|(?<!<br />)\s*\n|', "<br />\n", $pee ); 594 595 // Replace newline placeholders with newlines. 596 $pee = str_replace( '<WPPreserveNewline />', "\n", $pee ); 597 } 598 599 // If a <br /> tag is after an opening or closing block tag, remove it. 600 $pee = preg_replace( '!(</?' . $allblocks . '[^>]*>)\s*<br />!', '$1', $pee ); 601 602 // If a <br /> tag is before a subset of opening or closing block tags, remove it. 603 $pee = preg_replace( '!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee ); 604 $pee = preg_replace( "|\n</p>$|", '</p>', $pee ); 605 606 // Replace placeholder <pre> tags with their original content. 607 if ( ! empty( $pre_tags ) ) { 608 $pee = str_replace( array_keys( $pre_tags ), array_values( $pre_tags ), $pee ); 609 } 610 611 // Restore newlines in all elements. 612 if ( false !== strpos( $pee, '<!-- wpnl -->' ) ) { 613 $pee = str_replace( array( ' <!-- wpnl --> ', '<!-- wpnl -->' ), "\n", $pee ); 614 } 615 616 return $pee; 617 } 618 619 /** 620 * Separate HTML elements and comments from the text. 621 * 622 * @since 4.2.4 623 * 624 * @param string $input The text which has to be formatted. 625 * @return string[] Array of the formatted text. 626 */ 627 function wp_html_split( $input ) { 628 return preg_split( get_html_split_regex(), $input, -1, PREG_SPLIT_DELIM_CAPTURE ); 629 } 630 631 /** 632 * Retrieve the regular expression for an HTML element. 633 * 634 * @since 4.4.0 635 * 636 * @staticvar string $regex 637 * 638 * @return string The regular expression 639 */ 640 function get_html_split_regex() { 641 static $regex; 642 643 if ( ! isset( $regex ) ) { 644 // phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation 645 $comments = 646 '!' // Start of comment, after the <. 647 . '(?:' // Unroll the loop: Consume everything until --> is found. 648 . '-(?!->)' // Dash not followed by end of comment. 649 . '[^\-]*+' // Consume non-dashes. 650 . ')*+' // Loop possessively. 651 . '(?:-->)?'; // End of comment. If not found, match all input. 652 653 $cdata = 654 '!\[CDATA\[' // Start of comment, after the <. 655 . '[^\]]*+' // Consume non-]. 656 . '(?:' // Unroll the loop: Consume everything until ]]> is found. 657 . '](?!]>)' // One ] not followed by end of comment. 658 . '[^\]]*+' // Consume non-]. 659 . ')*+' // Loop possessively. 660 . '(?:]]>)?'; // End of comment. If not found, match all input. 661 662 $escaped = 663 '(?=' // Is the element escaped? 664 . '!--' 665 . '|' 666 . '!\[CDATA\[' 667 . ')' 668 . '(?(?=!-)' // If yes, which type? 669 . $comments 670 . '|' 671 . $cdata 672 . ')'; 673 674 $regex = 675 '/(' // Capture the entire match. 676 . '<' // Find start of element. 677 . '(?' // Conditional expression follows. 678 . $escaped // Find end of escaped element. 679 . '|' // ... else ... 680 . '[^>]*>?' // Find end of normal element. 681 . ')' 682 . ')/'; 683 // phpcs:enable 684 } 685 686 return $regex; 687 } 688 689 /** 690 * Retrieve the combined regular expression for HTML and shortcodes. 691 * 692 * @access private 693 * @ignore 694 * @internal This function will be removed in 4.5.0 per Shortcode API Roadmap. 695 * @since 4.4.0 696 * 697 * @staticvar string $html_regex 698 * 699 * @param string $shortcode_regex The result from _get_wptexturize_shortcode_regex(). Optional. 700 * @return string The regular expression 701 */ 702 function _get_wptexturize_split_regex( $shortcode_regex = '' ) { 703 static $html_regex; 704 705 if ( ! isset( $html_regex ) ) { 706 // phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation 707 $comment_regex = 708 '!' // Start of comment, after the <. 709 . '(?:' // Unroll the loop: Consume everything until --> is found. 710 . '-(?!->)' // Dash not followed by end of comment. 711 . '[^\-]*+' // Consume non-dashes. 712 . ')*+' // Loop possessively. 713 . '(?:-->)?'; // End of comment. If not found, match all input. 714 715 $html_regex = // Needs replaced with wp_html_split() per Shortcode API Roadmap. 716 '<' // Find start of element. 717 . '(?(?=!--)' // Is this a comment? 718 . $comment_regex // Find end of comment. 719 . '|' 720 . '[^>]*>?' // Find end of element. If not found, match all input. 721 . ')'; 722 // phpcs:enable 723 } 724 725 if ( empty( $shortcode_regex ) ) { 726 $regex = '/(' . $html_regex . ')/'; 727 } else { 728 $regex = '/(' . $html_regex . '|' . $shortcode_regex . ')/'; 729 } 730 731 return $regex; 732 } 733 734 /** 735 * Retrieve the regular expression for shortcodes. 736 * 737 * @access private 738 * @ignore 739 * @since 4.4.0 740 * 741 * @param string[] $tagnames Array of shortcodes to find. 742 * @return string The regular expression 743 */ 744 function _get_wptexturize_shortcode_regex( $tagnames ) { 745 $tagregexp = join( '|', array_map( 'preg_quote', $tagnames ) ); 746 $tagregexp = "(?:$tagregexp)(?=[\\s\\]\\/])"; // Excerpt of get_shortcode_regex(). 747 // phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound -- don't remove regex indentation 748 $regex = 749 '\[' // Find start of shortcode. 750 . '[\/\[]?' // Shortcodes may begin with [/ or [[ 751 . $tagregexp // Only match registered shortcodes, because performance. 752 . '(?:' 753 . '[^\[\]<>]+' // Shortcodes do not contain other shortcodes. Quantifier critical. 754 . '|' 755 . '<[^\[\]>]*>' // HTML elements permitted. Prevents matching ] before >. 756 . ')*+' // Possessive critical. 757 . '\]' // Find end of shortcode. 758 . '\]?'; // Shortcodes may end with ]] 759 // phpcs:enable 760 761 return $regex; 762 } 763 764 /** 765 * Replace characters or phrases within HTML elements only. 766 * 767 * @since 4.2.3 768 * 769 * @param string $haystack The text which has to be formatted. 770 * @param array $replace_pairs In the form array('from' => 'to', ...). 771 * @return string The formatted text. 772 */ 773 function wp_replace_in_html_tags( $haystack, $replace_pairs ) { 774 // Find all elements. 775 $textarr = wp_html_split( $haystack ); 776 $changed = false; 777 778 // Optimize when searching for one item. 779 if ( 1 === count( $replace_pairs ) ) { 780 // Extract $needle and $replace. 781 foreach ( $replace_pairs as $needle => $replace ) { 782 } 783 784 // Loop through delimiters (elements) only. 785 for ( $i = 1, $c = count( $textarr ); $i < $c; $i += 2 ) { 786 if ( false !== strpos( $textarr[ $i ], $needle ) ) { 787 $textarr[ $i ] = str_replace( $needle, $replace, $textarr[ $i ] ); 788 $changed = true; 789 } 790 } 791 } else { 792 // Extract all $needles. 793 $needles = array_keys( $replace_pairs ); 794 795 // Loop through delimiters (elements) only. 796 for ( $i = 1, $c = count( $textarr ); $i < $c; $i += 2 ) { 797 foreach ( $needles as $needle ) { 798 if ( false !== strpos( $textarr[ $i ], $needle ) ) { 799 $textarr[ $i ] = strtr( $textarr[ $i ], $replace_pairs ); 800 $changed = true; 801 // After one strtr() break out of the foreach loop and look at next element. 802 break; 803 } 804 } 805 } 806 } 807 808 if ( $changed ) { 809 $haystack = implode( $textarr ); 810 } 811 812 return $haystack; 813 } 814 815 /** 816 * Newline preservation help function for wpautop 817 * 818 * @since 3.1.0 819 * @access private 820 * 821 * @param array $matches preg_replace_callback matches array 822 * @return string 823 */ 824 function _autop_newline_preservation_helper( $matches ) { 825 return str_replace( "\n", '<WPPreserveNewline />', $matches[0] ); 826 } 827 828 /** 829 * Don't auto-p wrap shortcodes that stand alone 830 * 831 * Ensures that shortcodes are not wrapped in `<p>...</p>`. 832 * 833 * @since 2.9.0 834 * 835 * @global array $shortcode_tags 836 * 837 * @param string $pee The content. 838 * @return string The filtered content. 839 */ 840 function shortcode_unautop( $pee ) { 841 global $shortcode_tags; 842 843 if ( empty( $shortcode_tags ) || ! is_array( $shortcode_tags ) ) { 844 return $pee; 845 } 846 847 $tagregexp = join( '|', array_map( 'preg_quote', array_keys( $shortcode_tags ) ) ); 848 $spaces = wp_spaces_regexp(); 849 850 // phpcs:disable Squiz.Strings.ConcatenationSpacing.PaddingFound,WordPress.WhiteSpace.PrecisionAlignment.Found -- don't remove regex indentation 851 $pattern = 852 '/' 853 . '<p>' // Opening paragraph 854 . '(?:' . $spaces . ')*+' // Optional leading whitespace 855 . '(' // 1: The shortcode 856 . '\\[' // Opening bracket 857 . "($tagregexp)" // 2: Shortcode name 858 . '(?![\\w-])' // Not followed by word character or hyphen 859 // Unroll the loop: Inside the opening shortcode tag 860 . '[^\\]\\/]*' // Not a closing bracket or forward slash 861 . '(?:' 862 . '\\/(?!\\])' // A forward slash not followed by a closing bracket 863 . '[^\\]\\/]*' // Not a closing bracket or forward slash 864 . ')*?' 865 . '(?:' 866 . '\\/\\]' // Self closing tag and closing bracket 867 . '|' 868 . '\\]' // Closing bracket 869 . '(?:' // Unroll the loop: Optionally, anything between the opening and closing shortcode tags 870 . '[^\\[]*+' // Not an opening bracket 871 . '(?:' 872 . '\\[(?!\\/\\2\\])' // An opening bracket not followed by the closing shortcode tag 873 . '[^\\[]*+' // Not an opening bracket 874 . ')*+' 875 . '\\[\\/\\2\\]' // Closing shortcode tag 876 . ')?' 877 . ')' 878 . ')' 879 . '(?:' . $spaces . ')*+' // optional trailing whitespace 880 . '<\\/p>' // closing paragraph 881 . '/'; 882 // phpcs:enable 883 884 return preg_replace( $pattern, '$1', $pee ); 885 } 886 887 /** 888 * Checks to see if a string is utf8 encoded. 889 * 890 * NOTE: This function checks for 5-Byte sequences, UTF8 891 * has Bytes Sequences with a maximum length of 4. 892 * 893 * @author bmorel at ssi dot fr (modified) 894 * @since 1.2.1 895 * 896 * @param string $str The string to be checked 897 * @return bool True if $str fits a UTF-8 model, false otherwise. 898 */ 899 function seems_utf8( $str ) { 900 mbstring_binary_safe_encoding(); 901 $length = strlen( $str ); 902 reset_mbstring_encoding(); 903 for ( $i = 0; $i < $length; $i++ ) { 904 $c = ord( $str[ $i ] ); 905 if ( $c < 0x80 ) { 906 $n = 0; // 0bbbbbbb 907 } elseif ( ( $c & 0xE0 ) == 0xC0 ) { 908 $n = 1; // 110bbbbb 909 } elseif ( ( $c & 0xF0 ) == 0xE0 ) { 910 $n = 2; // 1110bbbb 911 } elseif ( ( $c & 0xF8 ) == 0xF0 ) { 912 $n = 3; // 11110bbb 913 } elseif ( ( $c & 0xFC ) == 0xF8 ) { 914 $n = 4; // 111110bb 915 } elseif ( ( $c & 0xFE ) == 0xFC ) { 916 $n = 5; // 1111110b 917 } else { 918 return false; // Does not match any model 919 } 920 for ( $j = 0; $j < $n; $j++ ) { // n bytes matching 10bbbbbb follow ? 921 if ( ( ++$i == $length ) || ( ( ord( $str[ $i ] ) & 0xC0 ) != 0x80 ) ) { 922 return false; 923 } 924 } 925 } 926 return true; 927 } 928 929 /** 930 * Converts a number of special characters into their HTML entities. 931 * 932 * Specifically deals with: &, <, >, ", and '. 933 * 934 * $quote_style can be set to ENT_COMPAT to encode " to 935 * ", or ENT_QUOTES to do both. Default is ENT_NOQUOTES where no quotes are encoded. 936 * 937 * @since 1.2.2 938 * @access private 939 * 940 * @staticvar string $_charset 941 * 942 * @param string $string The text which is to be encoded. 943 * @param int|string $quote_style Optional. Converts double quotes if set to ENT_COMPAT, 944 * both single and double if set to ENT_QUOTES or none if set to ENT_NOQUOTES. 945 * Also compatible with old values; converting single quotes if set to 'single', 946 * double if set to 'double' or both if otherwise set. 947 * Default is ENT_NOQUOTES. 948 * @param false|string $charset Optional. The character encoding of the string. Default is false. 949 * @param bool $double_encode Optional. Whether to encode existing html entities. Default is false. 950 * @return string The encoded text with HTML entities. 951 */ 952 function _wp_specialchars( $string, $quote_style = ENT_NOQUOTES, $charset = false, $double_encode = false ) { 953 $string = (string) $string; 954 955 if ( 0 === strlen( $string ) ) { 956 return ''; 957 } 958 959 // Don't bother if there are no specialchars - saves some processing 960 if ( ! preg_match( '/[&<>"\']/', $string ) ) { 961 return $string; 962 } 963 964 // Account for the previous behaviour of the function when the $quote_style is not an accepted value 965 if ( empty( $quote_style ) ) { 966 $quote_style = ENT_NOQUOTES; 967 } elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { 968 $quote_style = ENT_QUOTES; 969 } 970 971 // Store the site charset as a static to avoid multiple calls to wp_load_alloptions() 972 if ( ! $charset ) { 973 static $_charset = null; 974 if ( ! isset( $_charset ) ) { 975 $alloptions = wp_load_alloptions(); 976 $_charset = isset( $alloptions['blog_charset'] ) ? $alloptions['blog_charset'] : ''; 977 } 978 $charset = $_charset; 979 } 980 981 if ( in_array( $charset, array( 'utf8', 'utf-8', 'UTF8' ) ) ) { 982 $charset = 'UTF-8'; 983 } 984 985 $_quote_style = $quote_style; 986 987 if ( $quote_style === 'double' ) { 988 $quote_style = ENT_COMPAT; 989 $_quote_style = ENT_COMPAT; 990 } elseif ( $quote_style === 'single' ) { 991 $quote_style = ENT_NOQUOTES; 992 } 993 994 if ( ! $double_encode ) { 995 // Guarantee every &entity; is valid, convert &garbage; into &garbage; 996 // This is required for PHP < 5.4.0 because ENT_HTML401 flag is unavailable. 997 $string = wp_kses_normalize_entities( $string ); 998 } 999 1000 $string = htmlspecialchars( $string, $quote_style, $charset, $double_encode ); 1001 1002 // Back-compat. 1003 if ( 'single' === $_quote_style ) { 1004 $string = str_replace( "'", ''', $string ); 1005 } 1006 1007 return $string; 1008 } 1009 1010 /** 1011 * Converts a number of HTML entities into their special characters. 1012 * 1013 * Specifically deals with: &, <, >, ", and '. 1014 * 1015 * $quote_style can be set to ENT_COMPAT to decode " entities, 1016 * or ENT_QUOTES to do both " and '. Default is ENT_NOQUOTES where no quotes are decoded. 1017 * 1018 * @since 2.8.0 1019 * 1020 * @param string $string The text which is to be decoded. 1021 * @param string|int $quote_style Optional. Converts double quotes if set to ENT_COMPAT, 1022 * both single and double if set to ENT_QUOTES or 1023 * none if set to ENT_NOQUOTES. 1024 * Also compatible with old _wp_specialchars() values; 1025 * converting single quotes if set to 'single', 1026 * double if set to 'double' or both if otherwise set. 1027 * Default is ENT_NOQUOTES. 1028 * @return string The decoded text without HTML entities. 1029 */ 1030 function wp_specialchars_decode( $string, $quote_style = ENT_NOQUOTES ) { 1031 $string = (string) $string; 1032 1033 if ( 0 === strlen( $string ) ) { 1034 return ''; 1035 } 1036 1037 // Don't bother if there are no entities - saves a lot of processing 1038 if ( strpos( $string, '&' ) === false ) { 1039 return $string; 1040 } 1041 1042 // Match the previous behaviour of _wp_specialchars() when the $quote_style is not an accepted value 1043 if ( empty( $quote_style ) ) { 1044 $quote_style = ENT_NOQUOTES; 1045 } elseif ( ! in_array( $quote_style, array( 0, 2, 3, 'single', 'double' ), true ) ) { 1046 $quote_style = ENT_QUOTES; 1047 } 1048 1049 // More complete than get_html_translation_table( HTML_SPECIALCHARS ) 1050 $single = array( 1051 ''' => '\'', 1052 ''' => '\'', 1053 ); 1054 $single_preg = array( 1055 '/�*39;/' => ''', 1056 '/�*27;/i' => ''', 1057 ); 1058 $double = array( 1059 '"' => '"', 1060 '"' => '"', 1061 '"' => '"', 1062 ); 1063 $double_preg = array( 1064 '/�*34;/' => '"', 1065 '/�*22;/i' => '"', 1066 ); 1067 $others = array( 1068 '<' => '<', 1069 '<' => '<', 1070 '>' => '>', 1071 '>' => '>', 1072 '&' => '&', 1073 '&' => '&', 1074 '&' => '&', 1075 ); 1076 $others_preg = array( 1077 '/�*60;/' => '<', 1078 '/�*62;/' => '>', 1079 '/�*38;/' => '&', 1080 '/�*26;/i' => '&', 1081 ); 1082 1083 if ( $quote_style === ENT_QUOTES ) { 1084 $translation = array_merge( $single, $double, $others ); 1085 $translation_preg = array_merge( $single_preg, $double_preg, $others_preg ); 1086 } elseif ( $quote_style === ENT_COMPAT || $quote_style === 'double' ) { 1087 $translation = array_merge( $double, $others ); 1088 $translation_preg = array_merge( $double_preg, $others_preg ); 1089 } elseif ( $quote_style === 'single' ) { 1090 $translation = array_merge( $single, $others ); 1091 $translation_preg = array_merge( $single_preg, $others_preg ); 1092 } elseif ( $quote_style === ENT_NOQUOTES ) { 1093 $translation = $others; 1094 $translation_preg = $others_preg; 1095 } 1096 1097 // Remove zero padding on numeric entities 1098 $string = preg_replace( array_keys( $translation_preg ), array_values( $translation_preg ), $string ); 1099 1100 // Replace characters according to translation table 1101 return strtr( $string, $translation ); 1102 } 1103 1104 /** 1105 * Checks for invalid UTF8 in a string. 1106 * 1107 * @since 2.8.0 1108 * 1109 * @staticvar bool $is_utf8 1110 * @staticvar bool $utf8_pcre 1111 * 1112 * @param string $string The text which is to be checked. 1113 * @param bool $strip Optional. Whether to attempt to strip out invalid UTF8. Default is false. 1114 * @return string The checked text. 1115 */ 1116 function wp_check_invalid_utf8( $string, $strip = false ) { 1117 $string = (string) $string; 1118 1119 if ( 0 === strlen( $string ) ) { 1120 return ''; 1121 } 1122 1123 // Store the site charset as a static to avoid multiple calls to get_option() 1124 static $is_utf8 = null; 1125 if ( ! isset( $is_utf8 ) ) { 1126 $is_utf8 = in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ); 1127 } 1128 if ( ! $is_utf8 ) { 1129 return $string; 1130 } 1131 1132 // Check for support for utf8 in the installed PCRE library once and store the result in a static 1133 static $utf8_pcre = null; 1134 if ( ! isset( $utf8_pcre ) ) { 1135 // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged 1136 $utf8_pcre = @preg_match( '/^./u', 'a' ); 1137 } 1138 // We can't demand utf8 in the PCRE installation, so just return the string in those cases 1139 if ( ! $utf8_pcre ) { 1140 return $string; 1141 } 1142 1143 // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged -- preg_match fails when it encounters invalid UTF8 in $string 1144 if ( 1 === @preg_match( '/^./us', $string ) ) { 1145 return $string; 1146 } 1147 1148 // Attempt to strip the bad chars if requested (not recommended) 1149 if ( $strip && function_exists( 'iconv' ) ) { 1150 return iconv( 'utf-8', 'utf-8', $string ); 1151 } 1152 1153 return ''; 1154 } 1155 1156 /** 1157 * Encode the Unicode values to be used in the URI. 1158 * 1159 * @since 1.5.0 1160 * 1161 * @param string $utf8_string 1162 * @param int $length Max length of the string 1163 * @return string String with Unicode encoded for URI. 1164 */ 1165 function utf8_uri_encode( $utf8_string, $length = 0 ) { 1166 $unicode = ''; 1167 $values = array(); 1168 $num_octets = 1; 1169 $unicode_length = 0; 1170 1171 mbstring_binary_safe_encoding(); 1172 $string_length = strlen( $utf8_string ); 1173 reset_mbstring_encoding(); 1174 1175 for ( $i = 0; $i < $string_length; $i++ ) { 1176 1177 $value = ord( $utf8_string[ $i ] ); 1178 1179 if ( $value < 128 ) { 1180 if ( $length && ( $unicode_length >= $length ) ) { 1181 break; 1182 } 1183 $unicode .= chr( $value ); 1184 $unicode_length++; 1185 } else { 1186 if ( count( $values ) == 0 ) { 1187 if ( $value < 224 ) { 1188 $num_octets = 2; 1189 } elseif ( $value < 240 ) { 1190 $num_octets = 3; 1191 } else { 1192 $num_octets = 4; 1193 } 1194 } 1195 1196 $values[] = $value; 1197 1198 if ( $length && ( $unicode_length + ( $num_octets * 3 ) ) > $length ) { 1199 break; 1200 } 1201 if ( count( $values ) == $num_octets ) { 1202 for ( $j = 0; $j < $num_octets; $j++ ) { 1203 $unicode .= '%' . dechex( $values[ $j ] ); 1204 } 1205 1206 $unicode_length += $num_octets * 3; 1207 1208 $values = array(); 1209 $num_octets = 1; 1210 } 1211 } 1212 } 1213 1214 return $unicode; 1215 } 1216 1217 /** 1218 * Converts all accent characters to ASCII characters. 1219 * 1220 * If there are no accent characters, then the string given is just returned. 1221 * 1222 * **Accent characters converted:** 1223 * 1224 * Currency signs: 1225 * 1226 * | Code | Glyph | Replacement | Description | 1227 * | -------- | ----- | ----------- | ------------------- | 1228 * | U+00A3 | £ | (empty) | British Pound sign | 1229 * | U+20AC | € | E | Euro sign | 1230 * 1231 * Decompositions for Latin-1 Supplement: 1232 * 1233 * | Code | Glyph | Replacement | Description | 1234 * | ------- | ----- | ----------- | -------------------------------------- | 1235 * | U+00AA | ª | a | Feminine ordinal indicator | 1236 * | U+00BA | º | o | Masculine ordinal indicator | 1237 * | U+00C0 | À | A | Latin capital letter A with grave | 1238 * | U+00C1 | Á | A | Latin capital letter A with acute | 1239 * | U+00C2 |  | A | Latin capital letter A with circumflex | 1240 * | U+00C3 | à | A | Latin capital letter A with tilde | 1241 * | U+00C4 | Ä | A | Latin capital letter A with diaeresis | 1242 * | U+00C5 | Å | A | Latin capital letter A with ring above | 1243 * | U+00C6 | Æ | AE | Latin capital letter AE | 1244 * | U+00C7 | Ç | C | Latin capital letter C with cedilla | 1245 * | U+00C8 | È | E | Latin capital letter E with grave | 1246 * | U+00C9 | É | E | Latin capital letter E with acute | 1247 * | U+00CA | Ê | E | Latin capital letter E with circumflex | 1248 * | U+00CB | Ë | E | Latin capital letter E with diaeresis | 1249 * | U+00CC | Ì | I | Latin capital letter I with grave | 1250 * | U+00CD | Í | I | Latin capital letter I with acute | 1251 * | U+00CE | Î | I | Latin capital letter I with circumflex | 1252 * | U+00CF | Ï | I | Latin capital letter I with diaeresis | 1253 * | U+00D0 | Ð | D | Latin capital letter Eth | 1254 * | U+00D1 | Ñ | N | Latin capital letter N with tilde | 1255 * | U+00D2 | Ò | O | Latin capital letter O with grave | 1256 * | U+00D3 | Ó | O | Latin capital letter O with acute | 1257 * | U+00D4 | Ô | O | Latin capital letter O with circumflex | 1258 * | U+00D5 | Õ | O | Latin capital letter O with tilde | 1259 * | U+00D6 | Ö | O | Latin capital letter O with diaeresis | 1260 * | U+00D8 | Ø | O | Latin capital letter O with stroke | 1261 * | U+00D9 | Ù | U | Latin capital letter U with grave | 1262 * | U+00DA | Ú | U | Latin capital letter U with acute | 1263 * | U+00DB | Û | U | Latin capital letter U with circumflex | 1264 * | U+00DC | Ü | U | Latin capital letter U with diaeresis | 1265 * | U+00DD | Ý | Y | Latin capital letter Y with acute | 1266 * | U+00DE | Þ | TH | Latin capital letter Thorn | 1267 * | U+00DF | ß | s | Latin small letter sharp s | 1268 * | U+00E0 | à | a | Latin small letter a with grave | 1269 * | U+00E1 | á | a | Latin small letter a with acute | 1270 * | U+00E2 | â | a | Latin small letter a with circumflex | 1271 * | U+00E3 | ã | a | Latin small letter a with tilde | 1272 * | U+00E4 | ä | a | Latin small letter a with diaeresis | 1273 * | U+00E5 | å | a | Latin small letter a with ring above | 1274 * | U+00E6 | æ | ae | Latin small letter ae | 1275 * | U+00E7 | ç | c | Latin small letter c with cedilla | 1276 * | U+00E8 | è | e | Latin small letter e with grave | 1277 * | U+00E9 | é | e | Latin small letter e with acute | 1278 * | U+00EA | ê | e | Latin small letter e with circumflex | 1279 * | U+00EB | ë | e | Latin small letter e with diaeresis | 1280 * | U+00EC | ì | i | Latin small letter i with grave | 1281 * | U+00ED | í | i | Latin small letter i with acute | 1282 * | U+00EE | î | i | Latin small letter i with circumflex | 1283 * | U+00EF | ï | i | Latin small letter i with diaeresis | 1284 * | U+00F0 | ð | d | Latin small letter Eth | 1285 * | U+00F1 | ñ | n | Latin small letter n with tilde | 1286 * | U+00F2 | ò | o | Latin small letter o with grave | 1287 * | U+00F3 | ó | o | Latin small letter o with acute | 1288 * | U+00F4 | ô | o | Latin small letter o with circumflex | 1289 * | U+00F5 | õ | o | Latin small letter o with tilde | 1290 * | U+00F6 | ö | o | Latin small letter o with diaeresis | 1291 * | U+00F8 | ø | o | Latin small letter o with stroke | 1292 * | U+00F9 | ù | u | Latin small letter u with grave | 1293 * | U+00FA | ú | u | Latin small letter u with acute | 1294 * | U+00FB | û | u | Latin small letter u with circumflex | 1295 * | U+00FC | ü | u | Latin small letter u with diaeresis | 1296 * | U+00FD | ý | y | Latin small letter y with acute | 1297 * | U+00FE | þ | th | Latin small letter Thorn | 1298 * | U+00FF | ÿ | y | Latin small letter y with diaeresis | 1299 * 1300 * Decompositions for Latin Extended-A: 1301 * 1302 * | Code | Glyph | Replacement | Description | 1303 * | ------- | ----- | ----------- | ------------------------------------------------- | 1304 * | U+0100 | Ā | A | Latin capital letter A with macron | 1305 * | U+0101 | ā | a | Latin small letter a with macron | 1306 * | U+0102 | Ă | A | Latin capital letter A with breve | 1307 * | U+0103 | ă | a | Latin small letter a with breve | 1308 * | U+0104 | Ą | A | Latin capital letter A with ogonek | 1309 * | U+0105 | ą | a | Latin small letter a with ogonek | 1310 * | U+01006 | Ć | C | Latin capital letter C with acute | 1311 * | U+0107 | ć | c | Latin small letter c with acute | 1312 * | U+0108 | Ĉ | C | Latin capital letter C with circumflex | 1313 * | U+0109 | ĉ | c | Latin small letter c with circumflex | 1314 * | U+010A | Ċ | C | Latin capital letter C with dot above | 1315 * | U+010B | ċ | c | Latin small letter c with dot above | 1316 * | U+010C | Č | C | Latin capital letter C with caron | 1317 * | U+010D | č | c | Latin small letter c with caron | 1318 * | U+010E | Ď | D | Latin capital letter D with caron | 1319 * | U+010F | ď | d | Latin small letter d with caron | 1320 * | U+0110 | Đ | D | Latin capital letter D with stroke | 1321 * | U+0111 | đ | d | Latin small letter d with stroke | 1322 * | U+0112 | Ē | E | Latin capital letter E with macron | 1323 * | U+0113 | ē | e | Latin small letter e with macron | 1324 * | U+0114 | Ĕ | E | Latin capital letter E with breve | 1325 * | U+0115 | ĕ | e | Latin small letter e with breve | 1326 * | U+0116 | Ė | E | Latin capital letter E with dot above | 1327 * | U+0117 | ė | e | Latin small letter e with dot above | 1328 * | U+0118 | Ę | E | Latin capital letter E with ogonek | 1329 * | U+0119 | ę | e | Latin small letter e with ogonek | 1330 * | U+011A | Ě | E | Latin capital letter E with caron | 1331 * | U+011B | ě | e | Latin small letter e with caron | 1332 * | U+011C | Ĝ | G | Latin capital letter G with circumflex | 1333 * | U+011D | ĝ | g | Latin small letter g with circumflex | 1334 * | U+011E | Ğ | G | Latin capital letter G with breve | 1335 * | U+011F | ğ | g | Latin small letter g with breve | 1336 * | U+0120 | Ġ | G | Latin capital letter G with dot above | 1337 * | U+0121 | ġ | g | Latin small letter g with dot above | 1338 * | U+0122 | Ģ | G | Latin capital letter G with cedilla | 1339 * | U+0123 | ģ | g | Latin small letter g with cedilla | 1340 * | U+0124 | Ĥ | H | Latin capital letter H with circumflex | 1341 * | U+0125 | ĥ | h | Latin small letter h with circumflex | 1342 * | U+0126 | Ħ | H | Latin capital letter H with stroke | 1343 * | U+0127 | ħ | h | Latin small letter h with stroke | 1344 * | U+0128 | Ĩ | I | Latin capital letter I with tilde | 1345 * | U+0129 | ĩ | i | Latin small letter i with tilde | 1346 * | U+012A | Ī | I | Latin capital letter I with macron | 1347 * | U+012B | ī | i | Latin small letter i with macron | 1348 * | U+012C | Ĭ | I | Latin capital letter I with breve | 1349 * | U+012D | ĭ | i | Latin small letter i with breve | 1350 * | U+012E | Į | I | Latin capital letter I with ogonek | 1351 * | U+012F | į | i | Latin small letter i with ogonek | 1352 * | U+0130 | İ | I | Latin capital letter I with dot above | 1353 * | U+0131 | ı | i | Latin small letter dotless i | 1354 * | U+0132 | IJ | IJ | Latin capital ligature IJ | 1355 * | U+0133 | ij | ij | Latin small ligature ij | 1356 * | U+0134 | Ĵ | J | Latin capital letter J with circumflex | 1357 * | U+0135 | ĵ | j | Latin small letter j with circumflex | 1358 * | U+0136 | Ķ | K | Latin capital letter K with cedilla | 1359 * | U+0137 | ķ | k | Latin small letter k with cedilla | 1360 * | U+0138 | ĸ | k | Latin small letter Kra | 1361 * | U+0139 | Ĺ | L | Latin capital letter L with acute | 1362 * | U+013A | ĺ | l | Latin small letter l with acute | 1363 * | U+013B | Ļ | L | Latin capital letter L with cedilla | 1364 * | U+013C | ļ | l | Latin small letter l with cedilla | 1365 * | U+013D | Ľ | L | Latin capital letter L with caron | 1366 * | U+013E | ľ | l | Latin small letter l with caron | 1367 * | U+013F | Ŀ | L | Latin capital letter L with middle dot | 1368 * | U+0140 | ŀ | l | Latin small letter l with middle dot | 1369 * | U+0141 | Ł | L | Latin capital letter L with stroke | 1370 * | U+0142 | ł | l | Latin small letter l with stroke | 1371 * | U+0143 | Ń | N | Latin capital letter N with acute | 1372 * | U+0144 | ń | n | Latin small letter N with acute | 1373 * | U+0145 | Ņ | N | Latin capital letter N with cedilla | 1374 * | U+0146 | ņ | n | Latin small letter n with cedilla | 1375 * | U+0147 | Ň | N | Latin capital letter N with caron | 1376 * | U+0148 | ň | n | Latin small letter n with caron | 1377 * | U+0149 | ʼn | n | Latin small letter n preceded by apostrophe | 1378 * | U+014A | Ŋ | N | Latin capital letter Eng | 1379 * | U+014B | ŋ | n | Latin small letter Eng | 1380 * | U+014C | Ō | O | Latin capital letter O with macron | 1381 * | U+014D | ō | o | Latin small letter o with macron | 1382 * | U+014E | Ŏ | O | Latin capital letter O with breve | 1383 * | U+014F | ŏ | o | Latin small letter o with breve | 1384 * | U+0150 | Ő | O | Latin capital letter O with double acute | 1385 * | U+0151 | ő | o | Latin small letter o with double acute | 1386 * | U+0152 | Œ | OE | Latin capital ligature OE | 1387 * | U+0153 | œ | oe | Latin small ligature oe | 1388 * | U+0154 | Ŕ | R | Latin capital letter R with acute | 1389 * | U+0155 | ŕ | r | Latin small letter r with acute | 1390 * | U+0156 | Ŗ | R | Latin capital letter R with cedilla | 1391 * | U+0157 | ŗ | r | Latin small letter r with cedilla | 1392 * | U+0158 | Ř | R | Latin capital letter R with caron | 1393 * | U+0159 | ř | r | Latin small letter r with caron | 1394 * | U+015A | Ś | S | Latin capital letter S with acute | 1395 * | U+015B | ś | s | Latin small letter s with acute | 1396 * | U+015C | Ŝ | S | Latin capital letter S with circumflex | 1397 * | U+015D | ŝ | s | Latin small letter s with circumflex | 1398 * | U+015E | Ş | S | Latin capital letter S with cedilla | 1399 * | U+015F | ş | s | Latin small letter s with cedilla | 1400 * | U+0160 | Š | S | Latin capital letter S with caron | 1401 * | U+0161 | š | s | Latin small letter s with caron | 1402 * | U+0162 | Ţ | T | Latin capital letter T with cedilla | 1403 * | U+0163 | ţ | t | Latin small letter t with cedilla | 1404 * | U+0164 | Ť | T | Latin capital letter T with caron | 1405 * | U+0165 | ť | t | Latin small letter t with caron | 1406 * | U+0166 | Ŧ | T | Latin capital letter T with stroke | 1407 * | U+0167 | ŧ | t | Latin small letter t with stroke | 1408 * | U+0168 | Ũ | U | Latin capital letter U with tilde | 1409 * | U+0169 | ũ | u | Latin small letter u with tilde | 1410 * | U+016A | Ū | U | Latin capital letter U with macron | 1411 * | U+016B | ū | u | Latin small letter u with macron | 1412 * | U+016C | Ŭ | U | Latin capital letter U with breve | 1413 * | U+016D | ŭ | u | Latin small letter u with breve | 1414 * | U+016E | Ů | U | Latin capital letter U with ring above | 1415 * | U+016F | ů | u | Latin small letter u with ring above | 1416 * | U+0170 | Ű | U | Latin capital letter U with double acute | 1417 * | U+0171 | ű | u | Latin small letter u with double acute | 1418 * | U+0172 | Ų | U | Latin capital letter U with ogonek | 1419 * | U+0173 | ų | u | Latin small letter u with ogonek | 1420 * | U+0174 | Ŵ | W | Latin capital letter W with circumflex | 1421 * | U+0175 | ŵ | w | Latin small letter w with circumflex | 1422 * | U+0176 | Ŷ | Y | Latin capital letter Y with circumflex | 1423 * | U+0177 | ŷ | y | Latin small letter y with circumflex | 1424 * | U+0178 | Ÿ | Y | Latin capital letter Y with diaeresis | 1425 * | U+0179 | Ź | Z | Latin capital letter Z with acute | 1426 * | U+017A | ź | z | Latin small letter z with acute | 1427 * | U+017B | Ż | Z | Latin capital letter Z with dot above | 1428 * | U+017C | ż | z | Latin small letter z with dot above | 1429 * | U+017D | Ž | Z | Latin capital letter Z with caron | 1430 * | U+017E | ž | z | Latin small letter z with caron | 1431 * | U+017F | ſ | s | Latin small letter long s | 1432 * | U+01A0 | Ơ | O | Latin capital letter O with horn | 1433 * | U+01A1 | ơ | o | Latin small letter o with horn | 1434 * | U+01AF | Ư | U | Latin capital letter U with horn | 1435 * | U+01B0 | ư | u | Latin small letter u with horn | 1436 * | U+01CD | Ǎ | A | Latin capital letter A with caron | 1437 * | U+01CE | ǎ | a | Latin small letter a with caron | 1438 * | U+01CF | Ǐ | I | Latin capital letter I with caron | 1439 * | U+01D0 | ǐ | i | Latin small letter i with caron | 1440 * | U+01D1 | Ǒ | O | Latin capital letter O with caron | 1441 * | U+01D2 | ǒ | o | Latin small letter o with caron | 1442 * | U+01D3 | Ǔ | U | Latin capital letter U with caron | 1443 * | U+01D4 | ǔ | u | Latin small letter u with caron | 1444 * | U+01D5 | Ǖ | U | Latin capital letter U with diaeresis and macron | 1445 * | U+01D6 | ǖ | u | Latin small letter u with diaeresis and macron | 1446 * | U+01D7 | Ǘ | U | Latin capital letter U with diaeresis and acute | 1447 * | U+01D8 | ǘ | u | Latin small letter u with diaeresis and acute | 1448 * | U+01D9 | Ǚ | U | Latin capital letter U with diaeresis and caron | 1449 * | U+01DA | ǚ | u | Latin small letter u with diaeresis and caron | 1450 * | U+01DB | Ǜ | U | Latin capital letter U with diaeresis and grave | 1451 * | U+01DC | ǜ | u | Latin small letter u with diaeresis and grave | 1452 * 1453 * Decompositions for Latin Extended-B: 1454 * 1455 * | Code | Glyph | Replacement | Description | 1456 * | -------- | ----- | ----------- | ----------------------------------------- | 1457 * | U+0218 | Ș | S | Latin capital letter S with comma below | 1458 * | U+0219 | ș | s | Latin small letter s with comma below | 1459 * | U+021A | Ț | T | Latin capital letter T with comma below | 1460 * | U+021B | ț | t | Latin small letter t with comma below | 1461 * 1462 * Vowels with diacritic (Chinese, Hanyu Pinyin): 1463 * 1464 * | Code | Glyph | Replacement | Description | 1465 * | -------- | ----- | ----------- | ----------------------------------------------------- | 1466 * | U+0251 | ɑ | a | Latin small letter alpha | 1467 * | U+1EA0 | Ạ | A | Latin capital letter A with dot below | 1468 * | U+1EA1 | ạ | a | Latin small letter a with dot below | 1469 * | U+1EA2 | Ả | A | Latin capital letter A with hook above | 1470 * | U+1EA3 | ả | a | Latin small letter a with hook above | 1471 * | U+1EA4 | Ấ | A | Latin capital letter A with circumflex and acute | 1472 * | U+1EA5 | ấ | a | Latin small letter a with circumflex and acute | 1473 * | U+1EA6 | Ầ | A | Latin capital letter A with circumflex and grave | 1474 * | U+1EA7 | ầ | a | Latin small letter a with circumflex and grave | 1475 * | U+1EA8 | Ẩ | A | Latin capital letter A with circumflex and hook above | 1476 * | U+1EA9 | ẩ | a | Latin small letter a with circumflex and hook above | 1477 * | U+1EAA | Ẫ | A | Latin capital letter A with circumflex and tilde | 1478 * | U+1EAB | ẫ | a | Latin small letter a with circumflex and tilde | 1479 * | U+1EA6 | Ậ | A | Latin capital letter A with circumflex and dot below | 1480 * | U+1EAD | ậ | a | Latin small letter a with circumflex and dot below | 1481 * | U+1EAE | Ắ | A | Latin capital letter A with breve and acute | 1482 * | U+1EAF | ắ | a | Latin small letter a with breve and acute | 1483 * | U+1EB0 | Ằ | A | Latin capital letter A with breve and grave | 1484 * | U+1EB1 | ằ | a | Latin small letter a with breve and grave | 1485 * | U+1EB2 | Ẳ | A | Latin capital letter A with breve and hook above | 1486 * | U+1EB3 | ẳ | a | Latin small letter a with breve and hook above | 1487 * | U+1EB4 | Ẵ | A | Latin capital letter A with breve and tilde | 1488 * | U+1EB5 | ẵ | a | Latin small letter a with breve and tilde | 1489 * | U+1EB6 | Ặ | A | Latin capital letter A with breve and dot below | 1490 * | U+1EB7 | ặ | a | Latin small letter a with breve and dot below | 1491 * | U+1EB8 | Ẹ | E | Latin capital letter E with dot below | 1492 * | U+1EB9 | ẹ | e | Latin small letter e with dot below | 1493 * | U+1EBA | Ẻ | E | Latin capital letter E with hook above | 1494 * | U+1EBB | ẻ | e | Latin small letter e with hook above | 1495 * | U+1EBC | Ẽ | E | Latin capital letter E with tilde | 1496 * | U+1EBD | ẽ | e | Latin small letter e with tilde | 1497 * | U+1EBE | Ế | E | Latin capital letter E with circumflex and acute | 1498 * | U+1EBF | ế | e | Latin small letter e with circumflex and acute | 1499 * | U+1EC0 | Ề | E | Latin capital letter E with circumflex and grave | 1500 * | U+1EC1 | ề | e | Latin small letter e with circumflex and grave | 1501 * | U+1EC2 | Ể | E | Latin capital letter E with circumflex and hook above | 1502 * | U+1EC3 | ể | e | Latin small letter e with circumflex and hook above | 1503 * | U+1EC4 | Ễ | E | Latin capital letter E with circumflex and tilde | 1504 * | U+1EC5 | ễ | e | Latin small letter e with circumflex and tilde | 1505 * | U+1EC6 | Ệ | E | Latin capital letter E with circumflex and dot below | 1506 * | U+1EC7 | ệ | e | Latin small letter e with circumflex and dot below | 1507 * | U+1EC8 | Ỉ | I | Latin capital letter I with hook above | 1508 * | U+1EC9 | ỉ | i | Latin small letter i with hook above | 1509 * | U+1ECA | Ị | I | Latin capital letter I with dot below | 1510 * | U+1ECB | ị | i | Latin small letter i with dot below | 1511 * | U+1ECC | Ọ | O | Latin capital letter O with dot below | 1512 * | U+1ECD | ọ | o | Latin small letter o with dot below | 1513 * | U+1ECE | Ỏ | O | Latin capital letter O with hook above | 1514 * | U+1ECF | ỏ | o | Latin small letter o with hook above | 1515 * | U+1ED0 | Ố | O | Latin capital letter O with circumflex and acute | 1516 * | U+1ED1 | ố | o | Latin small letter o with circumflex and acute | 1517 * | U+1ED2 | Ồ | O | Latin capital letter O with circumflex and grave | 1518 * | U+1ED3 | ồ | o | Latin small letter o with circumflex and grave | 1519 * | U+1ED4 | Ổ | O | Latin capital letter O with circumflex and hook above | 1520 * | U+1ED5 | ổ | o | Latin small letter o with circumflex and hook above | 1521 * | U+1ED6 | Ỗ | O | Latin capital letter O with circumflex and tilde | 1522 * | U+1ED7 | ỗ | o | Latin small letter o with circumflex and tilde | 1523 * | U+1ED8 | Ộ | O | Latin capital letter O with circumflex and dot below | 1524 * | U+1ED9 | ộ | o | Latin small letter o with circumflex and dot below | 1525 * | U+1EDA | Ớ | O | Latin capital letter O with horn and acute | 1526 * | U+1EDB | ớ | o | Latin small letter o with horn and acute | 1527 * | U+1EDC | Ờ | O | Latin capital letter O with horn and grave | 1528 * | U+1EDD | ờ | o | Latin small letter o with horn and grave | 1529 * | U+1EDE | Ở | O | Latin capital letter O with horn and hook above | 1530 * | U+1EDF | ở | o | Latin small letter o with horn and hook above | 1531 * | U+1EE0 | Ỡ | O | Latin capital letter O with horn and tilde | 1532 * | U+1EE1 | ỡ | o | Latin small letter o with horn and tilde | 1533 * | U+1EE2 | Ợ | O | Latin capital letter O with horn and dot below | 1534 * | U+1EE3 | ợ | o | Latin small letter o with horn and dot below | 1535 * | U+1EE4 | Ụ | U | Latin capital letter U with dot below | 1536 * | U+1EE5 | ụ | u | Latin small letter u with dot below | 1537 * | U+1EE6 | Ủ | U | Latin capital letter U with hook above | 1538 * | U+1EE7 | ủ | u | Latin small letter u with hook above | 1539 * | U+1EE8 | Ứ | U | Latin capital letter U with horn and acute | 1540 * | U+1EE9 | ứ | u | Latin small letter u with horn and acute | 1541 * | U+1EEA | Ừ | U | Latin capital letter U with horn and grave | 1542 * | U+1EEB | ừ | u | Latin small letter u with horn and grave | 1543 * | U+1EEC | Ử | U | Latin capital letter U with horn and hook above | 1544 * | U+1EED | ử | u | Latin small letter u with horn and hook above | 1545 * | U+1EEE | Ữ | U | Latin capital letter U with horn and tilde | 1546 * | U+1EEF | ữ | u | Latin small letter u with horn and tilde | 1547 * | U+1EF0 | Ự | U | Latin capital letter U with horn and dot below | 1548 * | U+1EF1 | ự | u | Latin small letter u with horn and dot below | 1549 * | U+1EF2 | Ỳ | Y | Latin capital letter Y with grave | 1550 * | U+1EF3 | ỳ | y | Latin small letter y with grave | 1551 * | U+1EF4 | Ỵ | Y | Latin capital letter Y with dot below | 1552 * | U+1EF5 | ỵ | y | Latin small letter y with dot below | 1553 * | U+1EF6 | Ỷ | Y | Latin capital letter Y with hook above | 1554 * | U+1EF7 | ỷ | y | Latin small letter y with hook above | 1555 * | U+1EF8 | Ỹ | Y | Latin capital letter Y with tilde | 1556 * | U+1EF9 | ỹ | y | Latin small letter y with tilde | 1557 * 1558 * German (`de_DE`), German formal (`de_DE_formal`), German (Switzerland) formal (`de_CH`), 1559 * and German (Switzerland) informal (`de_CH_informal`) locales: 1560 * 1561 * | Code | Glyph | Replacement | Description | 1562 * | -------- | ----- | ----------- | --------------------------------------- | 1563 * | U+00C4 | Ä | Ae | Latin capital letter A with diaeresis | 1564 * | U+00E4 | ä | ae | Latin small letter a with diaeresis | 1565 * | U+00D6 | Ö | Oe | Latin capital letter O with diaeresis | 1566 * | U+00F6 | ö | oe | Latin small letter o with diaeresis | 1567 * | U+00DC | Ü | Ue | Latin capital letter U with diaeresis | 1568 * | U+00FC | ü | ue | Latin small letter u with diaeresis | 1569 * | U+00DF | ß | ss | Latin small letter sharp s | 1570 * 1571 * Danish (`da_DK`) locale: 1572 * 1573 * | Code | Glyph | Replacement | Description | 1574 * | -------- | ----- | ----------- | --------------------------------------- | 1575 * | U+00C6 | Æ | Ae | Latin capital letter AE | 1576 * | U+00E6 | æ | ae | Latin small letter ae | 1577 * | U+00D8 | Ø | Oe | Latin capital letter O with stroke | 1578 * | U+00F8 | ø | oe | Latin small letter o with stroke | 1579 * | U+00C5 | Å | Aa | Latin capital letter A with ring above | 1580 * | U+00E5 | å | aa | Latin small letter a with ring above | 1581 * 1582 * Catalan (`ca`) locale: 1583 * 1584 * | Code | Glyph | Replacement | Description | 1585 * | -------- | ----- | ----------- | --------------------------------------- | 1586 * | U+00B7 | l·l | ll | Flown dot (between two Ls) | 1587 * 1588 * Serbian (`sr_RS`) and Bosnian (`bs_BA`) locales: 1589 * 1590 * | Code | Glyph | Replacement | Description | 1591 * | -------- | ----- | ----------- | --------------------------------------- | 1592 * | U+0110 | Đ | DJ | Latin capital letter D with stroke | 1593 * | U+0111 | đ | dj | Latin small letter d with stroke | 1594 * 1595 * @since 1.2.1 1596 * @since 4.6.0 Added locale support for `de_CH`, `de_CH_informal`, and `ca`. 1597 * @since 4.7.0 Added locale support for `sr_RS`. 1598 * @since 4.8.0 Added locale support for `bs_BA`. 1599 * 1600 * @param string $string Text that might have accent characters 1601 * @return string Filtered string with replaced "nice" characters. 1602 */ 1603 function remove_accents( $string ) { 1604 if ( ! preg_match( '/[\x80-\xff]/', $string ) ) { 1605 return $string; 1606 } 1607 1608 if ( seems_utf8( $string ) ) { 1609 $chars = array( 1610 // Decompositions for Latin-1 Supplement 1611 'ª' => 'a', 1612 'º' => 'o', 1613 'À' => 'A', 1614 'Á' => 'A', 1615 'Â' => 'A', 1616 'Ã' => 'A', 1617 'Ä' => 'A', 1618 'Å' => 'A', 1619 'Æ' => 'AE', 1620 'Ç' => 'C', 1621 'È' => 'E', 1622 'É' => 'E', 1623 'Ê' => 'E', 1624 'Ë' => 'E', 1625 'Ì' => 'I', 1626 'Í' => 'I', 1627 'Î' => 'I', 1628 'Ï' => 'I', 1629 'Ð' => 'D', 1630 'Ñ' => 'N', 1631 'Ò' => 'O', 1632 'Ó' => 'O', 1633 'Ô' => 'O', 1634 'Õ' => 'O', 1635 'Ö' => 'O', 1636 'Ù' => 'U', 1637 'Ú' => 'U', 1638 'Û' => 'U', 1639 'Ü' => 'U', 1640 'Ý' => 'Y', 1641 'Þ' => 'TH', 1642 'ß' => 's', 1643 'à' => 'a', 1644 'á' => 'a', 1645 'â' => 'a', 1646 'ã' => 'a', 1647 'ä' => 'a', 1648 'å' => 'a', 1649 'æ' => 'ae', 1650 'ç' => 'c', 1651 'è' => 'e', 1652 'é' => 'e', 1653 'ê' => 'e', 1654 'ë' => 'e', 1655 'ì' => 'i', 1656 'í' => 'i', 1657 'î' => 'i', 1658 'ï' => 'i', 1659 'ð' => 'd', 1660 'ñ' => 'n', 1661 'ò' => 'o', 1662 'ó' => 'o', 1663 'ô' => 'o', 1664 'õ' => 'o', 1665 'ö' => 'o', 1666 'ø' => 'o', 1667 'ù' => 'u', 1668 'ú' => 'u', 1669 'û' => 'u', 1670 'ü' => 'u', 1671 'ý' => 'y', 1672 'þ' => 'th', 1673 'ÿ' => 'y', 1674 'Ø' => 'O', 1675 // Decompositions for Latin Extended-A 1676 'Ā' => 'A', 1677 'ā' => 'a', 1678 'Ă' => 'A', 1679 'ă' => 'a', 1680 'Ą' => 'A', 1681 'ą' => 'a', 1682 'Ć' => 'C', 1683 'ć' => 'c', 1684 'Ĉ' => 'C', 1685 'ĉ' => 'c', 1686 'Ċ' => 'C', 1687 'ċ' => 'c', 1688 'Č' => 'C', 1689 'č' => 'c', 1690 'Ď' => 'D', 1691 'ď' => 'd', 1692 'Đ' => 'D', 1693 'đ' => 'd', 1694 'Ē' => 'E', 1695 'ē' => 'e', 1696 'Ĕ' => 'E', 1697 'ĕ' => 'e', 1698 'Ė' => 'E', 1699 'ė' => 'e', 1700 'Ę' => 'E', 1701 'ę' => 'e', 1702 'Ě' => 'E', 1703 'ě' => 'e', 1704 'Ĝ' => 'G', 1705 'ĝ' => 'g', 1706 'Ğ' => 'G', 1707 'ğ' => 'g', 1708 'Ġ' => 'G', 1709 'ġ' => 'g', 1710 'Ģ' => 'G', 1711 'ģ' => 'g', 1712 'Ĥ' => 'H', 1713 'ĥ' => 'h', 1714 'Ħ' => 'H', 1715 'ħ' => 'h', 1716 'Ĩ' => 'I', 1717 'ĩ' => 'i', 1718 'Ī' => 'I', 1719 'ī' => 'i', 1720 'Ĭ' => 'I', 1721 'ĭ' => 'i', 1722 'Į' => 'I', 1723 'į' => 'i', 1724 'İ' => 'I', 1725 'ı' => 'i', 1726 'IJ' => 'IJ', 1727 'ij' => 'ij', 1728 'Ĵ' => 'J', 1729 'ĵ' => 'j', 1730 'Ķ' => 'K', 1731 'ķ' => 'k', 1732 'ĸ' => 'k', 1733 'Ĺ' => 'L', 1734 'ĺ' => 'l', 1735 'Ļ' => 'L', 1736 'ļ' => 'l', 1737 'Ľ' => 'L', 1738 'ľ' => 'l', 1739 'Ŀ' => 'L', 1740 'ŀ' => 'l', 1741 'Ł' => 'L', 1742 'ł' => 'l', 1743 'Ń' => 'N', 1744 'ń' => 'n', 1745 'Ņ' => 'N', 1746 'ņ' => 'n', 1747 'Ň' => 'N', 1748 'ň' => 'n', 1749 'ʼn' => 'n', 1750 'Ŋ' => 'N', 1751 'ŋ' => 'n', 1752 'Ō' => 'O', 1753 'ō' => 'o', 1754 'Ŏ' => 'O', 1755 'ŏ' => 'o', 1756 'Ő' => 'O', 1757 'ő' => 'o', 1758 'Œ' => 'OE', 1759 'œ' => 'oe', 1760 'Ŕ' => 'R', 1761 'ŕ' => 'r', 1762 'Ŗ' => 'R', 1763 'ŗ' => 'r', 1764 'Ř' => 'R', 1765 'ř' => 'r', 1766 'Ś' => 'S', 1767 'ś' => 's', 1768 'Ŝ' => 'S', 1769 'ŝ' => 's', 1770 'Ş' => 'S', 1771 'ş' => 's', 1772 'Š' => 'S', 1773 'š' => 's', 1774 'Ţ' => 'T', 1775 'ţ' => 't', 1776 'Ť' => 'T', 1777 'ť' => 't', 1778 'Ŧ' => 'T', 1779 'ŧ' => 't', 1780 'Ũ' => 'U', 1781 'ũ' => 'u', 1782 'Ū' => 'U', 1783 'ū' => 'u', 1784 'Ŭ' => 'U', 1785 'ŭ' => 'u', 1786 'Ů' => 'U', 1787 'ů' => 'u', 1788 'Ű' => 'U', 1789 'ű' => 'u', 1790 'Ų' => 'U', 1791 'ų' => 'u', 1792 'Ŵ' => 'W', 1793 'ŵ' => 'w', 1794 'Ŷ' => 'Y', 1795 'ŷ' => 'y', 1796 'Ÿ' => 'Y', 1797 'Ź' => 'Z', 1798 'ź' => 'z', 1799 'Ż' => 'Z', 1800 'ż' => 'z', 1801 'Ž' => 'Z', 1802 'ž' => 'z', 1803 'ſ' => 's', 1804 // Decompositions for Latin Extended-B 1805 'Ș' => 'S', 1806 'ș' => 's', 1807 'Ț' => 'T', 1808 'ț' => 't', 1809 // Euro Sign 1810 '€' => 'E', 1811 // GBP (Pound) Sign 1812 '£' => '', 1813 // Vowels with diacritic (Vietnamese) 1814 // unmarked 1815 'Ơ' => 'O', 1816 'ơ' => 'o', 1817 'Ư' => 'U', 1818 'ư' => 'u', 1819 // grave accent 1820 'Ầ' => 'A', 1821 'ầ' => 'a', 1822 'Ằ' => 'A', 1823 'ằ' => 'a', 1824 'Ề' => 'E', 1825 'ề' => 'e', 1826 'Ồ' => 'O', 1827 'ồ' => 'o', 1828 'Ờ' => 'O', 1829 'ờ' => 'o', 1830 'Ừ' => 'U', 1831 'ừ' => 'u', 1832 'Ỳ' => 'Y', 1833 'ỳ' => 'y', 1834 // hook 1835 'Ả' => 'A', 1836 'ả' => 'a', 1837 'Ẩ' => 'A', 1838 'ẩ' => 'a', 1839 'Ẳ' => 'A', 1840 'ẳ' => 'a', 1841 'Ẻ' => 'E', 1842 'ẻ' => 'e', 1843 'Ể' => 'E', 1844 'ể' => 'e', 1845 'Ỉ' => 'I', 1846 'ỉ' => 'i', 1847 'Ỏ' => 'O', 1848 'ỏ' => 'o', 1849 'Ổ' => 'O', 1850 'ổ' => 'o', 1851 'Ở' => 'O', 1852 'ở' => 'o', 1853 'Ủ' => 'U', 1854 'ủ' => 'u', 1855 'Ử' => 'U', 1856 'ử' => 'u', 1857 'Ỷ' => 'Y', 1858 'ỷ' => 'y', 1859 // tilde 1860 'Ẫ' => 'A', 1861 'ẫ' => 'a', 1862 'Ẵ' => 'A', 1863 'ẵ' => 'a', 1864 'Ẽ' => 'E', 1865 'ẽ' => 'e', 1866 'Ễ' => 'E', 1867 'ễ' => 'e', 1868 'Ỗ' => 'O', 1869 'ỗ' => 'o', 1870 'Ỡ' => 'O', 1871 'ỡ' => 'o', 1872 'Ữ' => 'U', 1873 'ữ' => 'u', 1874 'Ỹ' => 'Y', 1875 'ỹ' => 'y', 1876 // acute accent 1877 'Ấ' => 'A', 1878 'ấ' => 'a', 1879 'Ắ' => 'A', 1880 'ắ' => 'a', 1881 'Ế' => 'E', 1882 'ế' => 'e', 1883 'Ố' => 'O', 1884 'ố' => 'o', 1885 'Ớ' => 'O', 1886 'ớ' => 'o', 1887 'Ứ' => 'U', 1888 'ứ' => 'u', 1889 // dot below 1890 'Ạ' => 'A', 1891 'ạ' => 'a', 1892 'Ậ' => 'A', 1893 'ậ' => 'a', 1894 'Ặ' => 'A', 1895 'ặ' => 'a', 1896 'Ẹ' => 'E', 1897 'ẹ' => 'e', 1898 'Ệ' => 'E', 1899 'ệ' => 'e', 1900 'Ị' => 'I', 1901 'ị' => 'i', 1902 'Ọ' => 'O', 1903 'ọ' => 'o', 1904 'Ộ' => 'O', 1905 'ộ' => 'o', 1906 'Ợ' => 'O', 1907 'ợ' => 'o', 1908 'Ụ' => 'U', 1909 'ụ' => 'u', 1910 'Ự' => 'U', 1911 'ự' => 'u', 1912 'Ỵ' => 'Y', 1913 'ỵ' => 'y', 1914 // Vowels with diacritic (Chinese, Hanyu Pinyin) 1915 'ɑ' => 'a', 1916 // macron 1917 'Ǖ' => 'U', 1918 'ǖ' => 'u', 1919 // acute accent 1920 'Ǘ' => 'U', 1921 'ǘ' => 'u', 1922 // caron 1923 'Ǎ' => 'A', 1924 'ǎ' => 'a', 1925 'Ǐ' => 'I', 1926 'ǐ' => 'i', 1927 'Ǒ' => 'O', 1928 'ǒ' => 'o', 1929 'Ǔ' => 'U', 1930 'ǔ' => 'u', 1931 'Ǚ' => 'U', 1932 'ǚ' => 'u', 1933 // grave accent 1934 'Ǜ' => 'U', 1935 'ǜ' => 'u', 1936 ); 1937 1938 // Used for locale-specific rules 1939 $locale = get_locale(); 1940 1941 if ( 'de_DE' == $locale || 'de_DE_formal' == $locale || 'de_CH' == $locale || 'de_CH_informal' == $locale ) { 1942 $chars['Ä'] = 'Ae'; 1943 $chars['ä'] = 'ae'; 1944 $chars['Ö'] = 'Oe'; 1945 $chars['ö'] = 'oe'; 1946 $chars['Ü'] = 'Ue'; 1947 $chars['ü'] = 'ue'; 1948 $chars['ß'] = 'ss'; 1949 } elseif ( 'da_DK' === $locale ) { 1950 $chars['Æ'] = 'Ae'; 1951 $chars['æ'] = 'ae'; 1952 $chars['Ø'] = 'Oe'; 1953 $chars['ø'] = 'oe'; 1954 $chars['Å'] = 'Aa'; 1955 $chars['å'] = 'aa'; 1956 } elseif ( 'ca' === $locale ) { 1957 $chars['l·l'] = 'll'; 1958 } elseif ( 'sr_RS' === $locale || 'bs_BA' === $locale ) { 1959 $chars['Đ'] = 'DJ'; 1960 $chars['đ'] = 'dj'; 1961 } 1962 1963 $string = strtr( $string, $chars ); 1964 } else { 1965 $chars = array(); 1966 // Assume ISO-8859-1 if not UTF-8 1967 $chars['in'] = "\x80\x83\x8a\x8e\x9a\x9e" 1968 . "\x9f\xa2\xa5\xb5\xc0\xc1\xc2" 1969 . "\xc3\xc4\xc5\xc7\xc8\xc9\xca" 1970 . "\xcb\xcc\xcd\xce\xcf\xd1\xd2" 1971 . "\xd3\xd4\xd5\xd6\xd8\xd9\xda" 1972 . "\xdb\xdc\xdd\xe0\xe1\xe2\xe3" 1973 . "\xe4\xe5\xe7\xe8\xe9\xea\xeb" 1974 . "\xec\xed\xee\xef\xf1\xf2\xf3" 1975 . "\xf4\xf5\xf6\xf8\xf9\xfa\xfb" 1976 . "\xfc\xfd\xff"; 1977 1978 $chars['out'] = 'EfSZszYcYuAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy'; 1979 1980 $string = strtr( $string, $chars['in'], $chars['out'] ); 1981 $double_chars = array(); 1982 $double_chars['in'] = array( "\x8c", "\x9c", "\xc6", "\xd0", "\xde", "\xdf", "\xe6", "\xf0", "\xfe" ); 1983 $double_chars['out'] = array( 'OE', 'oe', 'AE', 'DH', 'TH', 'ss', 'ae', 'dh', 'th' ); 1984 $string = str_replace( $double_chars['in'], $double_chars['out'], $string ); 1985 } 1986 1987 return $string; 1988 } 1989 1990 /** 1991 * Sanitizes a filename, replacing whitespace with dashes. 1992 * 1993 * Removes special characters that are illegal in filenames on certain 1994 * operating systems and special characters requiring special escaping 1995 * to manipulate at the command line. Replaces spaces and consecutive 1996 * dashes with a single dash. Trims period, dash and underscore from beginning 1997 * and end of filename. It is not guaranteed that this function will return a 1998 * filename that is allowed to be uploaded. 1999 * 2000 * @since 2.1.0 2001 * 2002 * @param string $filename The filename to be sanitized. 2003 * @return string The sanitized filename. 2004 */ 2005 function sanitize_file_name( $filename ) { 2006 $filename_raw = $filename; 2007 $special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', chr( 0 ) ); 2008 /** 2009 * Filters the list of characters to remove from a filename. 2010 * 2011 * @since 2.8.0 2012 * 2013 * @param string[] $special_chars Array of characters to remove. 2014 * @param string $filename_raw The original filename to be sanitized. 2015 */ 2016 $special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw ); 2017 $filename = preg_replace( "#\x{00a0}#siu", ' ', $filename ); 2018 $filename = str_replace( $special_chars, '', $filename ); 2019 $filename = str_replace( array( '%20', '+' ), '-', $filename ); 2020 $filename = preg_replace( '/[\r\n\t -]+/', '-', $filename ); 2021 $filename = trim( $filename, '.-_' ); 2022 2023 if ( false === strpos( $filename, '.' ) ) { 2024 $mime_types = wp_get_mime_types(); 2025 $filetype = wp_check_filetype( 'test.' . $filename, $mime_types ); 2026 if ( $filetype['ext'] === $filename ) { 2027 $filename = 'unnamed-file.' . $filetype['ext']; 2028 } 2029 } 2030 2031 // Split the filename into a base and extension[s] 2032 $parts = explode( '.', $filename ); 2033 2034 // Return if only one extension 2035 if ( count( $parts ) <= 2 ) { 2036 /** 2037 * Filters a sanitized filename string. 2038 * 2039 * @since 2.8.0 2040 * 2041 * @param string $filename Sanitized filename. 2042 * @param string $filename_raw The filename prior to sanitization. 2043 */ 2044 return apply_filters( 'sanitize_file_name', $filename, $filename_raw ); 2045 } 2046 2047 // Process multiple extensions 2048 $filename = array_shift( $parts ); 2049 $extension = array_pop( $parts ); 2050 $mimes = get_allowed_mime_types(); 2051 2052 /* 2053 * Loop over any intermediate extensions. Postfix them with a trailing underscore 2054 * if they are a 2 - 5 character long alpha string not in the extension whitelist. 2055 */ 2056 foreach ( (array) $parts as $part ) { 2057 $filename .= '.' . $part; 2058 2059 if ( preg_match( '/^[a-zA-Z]{2,5}\d?$/', $part ) ) { 2060 $allowed = false; 2061 foreach ( $mimes as $ext_preg => $mime_match ) { 2062 $ext_preg = '!^(' . $ext_preg . ')$!i'; 2063 if ( preg_match( $ext_preg, $part ) ) { 2064 $allowed = true; 2065 break; 2066 } 2067 } 2068 if ( ! $allowed ) { 2069 $filename .= '_'; 2070 } 2071 } 2072 } 2073 $filename .= '.' . $extension; 2074 /** This filter is documented in wp-includes/formatting.php */ 2075 return apply_filters( 'sanitize_file_name', $filename, $filename_raw ); 2076 } 2077 2078 /** 2079 * Sanitizes a username, stripping out unsafe characters. 2080 * 2081 * Removes tags, octets, entities, and if strict is enabled, will only keep 2082 * alphanumeric, _, space, ., -, @. After sanitizing, it passes the username, 2083 * raw username (the username in the parameter), and the value of $strict as 2084 * parameters for the {@see 'sanitize_user'} filter. 2085 * 2086 * @since 2.0.0 2087 * 2088 * @param string $username The username to be sanitized. 2089 * @param bool $strict If set limits $username to specific characters. Default false. 2090 * @return string The sanitized username, after passing through filters. 2091 */ 2092 function sanitize_user( $username, $strict = false ) { 2093 $raw_username = $username; 2094 $username = wp_strip_all_tags( $username ); 2095 $username = remove_accents( $username ); 2096 // Kill octets 2097 $username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username ); 2098 $username = preg_replace( '/&.+?;/', '', $username ); // Kill entities 2099 2100 // If strict, reduce to ASCII for max portability. 2101 if ( $strict ) { 2102 $username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username ); 2103 } 2104 2105 $username = trim( $username ); 2106 // Consolidate contiguous whitespace 2107 $username = preg_replace( '|\s+|', ' ', $username ); 2108 2109 /** 2110 * Filters a sanitized username string. 2111 * 2112 * @since 2.0.1 2113 * 2114 * @param string $username Sanitized username. 2115 * @param string $raw_username The username prior to sanitization. 2116 * @param bool $strict Whether to limit the sanitization to specific characters. Default false. 2117 */ 2118 return apply_filters( 'sanitize_user', $username, $raw_username, $strict ); 2119 } 2120 2121 /** 2122 * Sanitizes a string key. 2123 * 2124 * Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed. 2125 * 2126 * @since 3.0.0 2127 * 2128 * @param string $key String key 2129 * @return string Sanitized key 2130 */ 2131 function sanitize_key( $key ) { 2132 $raw_key = $key; 2133 $key = strtolower( $key ); 2134 $key = preg_replace( '/[^a-z0-9_\-]/', '', $key ); 2135 2136 /** 2137 * Filters a sanitized key string. 2138 * 2139 * @since 3.0.0 2140 * 2141 * @param string $key Sanitized key. 2142 * @param string $raw_key The key prior to sanitization. 2143 */ 2144 return apply_filters( 'sanitize_key', $key, $raw_key ); 2145 } 2146 2147 /** 2148 * Sanitizes a title, or returns a fallback title. 2149 * 2150 * Specifically, HTML and PHP tags are stripped. Further actions can be added 2151 * via the plugin API. If $title is empty and $fallback_title is set, the latter 2152 * will be used. 2153 * 2154 * @since 1.0.0 2155 * 2156 * @param string $title The string to be sanitized. 2157 * @param string $fallback_title Optional. A title to use if $title is empty. 2158 * @param string $context Optional. The operation for which the string is sanitized 2159 * @return string The sanitized string. 2160 */ 2161 function sanitize_title( $title, $fallback_title = '', $context = 'save' ) { 2162 $raw_title = $title; 2163 2164 if ( 'save' == $context ) { 2165 $title = remove_accents( $title ); 2166 } 2167 2168 /** 2169 * Filters a sanitized title string. 2170 * 2171 * @since 1.2.0 2172 * 2173 * @param string $title Sanitized title. 2174 * @param string $raw_title The title prior to sanitization. 2175 * @param string $context The context for which the title is being sanitized. 2176 */ 2177 $title = apply_filters( 'sanitize_title', $title, $raw_title, $context ); 2178 2179 if ( '' === $title || false === $title ) { 2180 $title = $fallback_title; 2181 } 2182 2183 return $title; 2184 } 2185 2186 /** 2187 * Sanitizes a title with the 'query' context. 2188 * 2189 * Used for querying the database for a value from URL. 2190 * 2191 * @since 3.1.0 2192 * 2193 * @param string $title The string to be sanitized. 2194 * @return string The sanitized string. 2195 */ 2196 function sanitize_title_for_query( $title ) { 2197 return sanitize_title( $title, '', 'query' ); 2198 } 2199 2200 /** 2201 * Sanitizes a title, replacing whitespace and a few other characters with dashes. 2202 * 2203 * Limits the output to alphanumeric characters, underscore (_) and dash (-). 2204 * Whitespace becomes a dash. 2205 * 2206 * @since 1.2.0 2207 * 2208 * @param string $title The title to be sanitized. 2209 * @param string $raw_title Optional. Not used. 2210 * @param string $context Optional. The operation for which the string is sanitized. 2211 * @return string The sanitized title. 2212 */ 2213 function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) { 2214 $title = strip_tags( $title ); 2215 // Preserve escaped octets. 2216 $title = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title ); 2217 // Remove percent signs that are not part of an octet. 2218 $title = str_replace( '%', '', $title ); 2219 // Restore octets. 2220 $title = preg_replace( '|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title ); 2221 2222 if ( seems_utf8( $title ) ) { 2223 if ( function_exists( 'mb_strtolower' ) ) { 2224 $title = mb_strtolower( $title, 'UTF-8' ); 2225 } 2226 $title = utf8_uri_encode( $title, 200 ); 2227 } 2228 2229 $title = strtolower( $title ); 2230 2231 if ( 'save' == $context ) { 2232 // Convert nbsp, ndash and mdash to hyphens 2233 $title = str_replace( array( '%c2%a0', '%e2%80%93', '%e2%80%94' ), '-', $title ); 2234 // Convert nbsp, ndash and mdash HTML entities to hyphens 2235 $title = str_replace( array( ' ', ' ', '–', '–', '—', '—' ), '-', $title ); 2236 // Convert forward slash to hyphen 2237 $title = str_replace( '/', '-', $title ); 2238 2239 // Strip these characters entirely 2240 $title = str_replace( 2241 array( 2242 // soft hyphens 2243 '%c2%ad', 2244 // iexcl and iquest 2245 '%c2%a1', 2246 '%c2%bf', 2247 // angle quotes 2248 '%c2%ab', 2249 '%c2%bb', 2250 '%e2%80%b9', 2251 '%e2%80%ba', 2252 // curly quotes 2253 '%e2%80%98', 2254 '%e2%80%99', 2255 '%e2%80%9c', 2256 '%e2%80%9d', 2257 '%e2%80%9a', 2258 '%e2%80%9b', 2259 '%e2%80%9e', 2260 '%e2%80%9f', 2261 // copy, reg, deg, hellip and trade 2262 '%c2%a9', 2263 '%c2%ae', 2264 '%c2%b0', 2265 '%e2%80%a6', 2266 '%e2%84%a2', 2267 // acute accents 2268 '%c2%b4', 2269 '%cb%8a', 2270 '%cc%81', 2271 '%cd%81', 2272 // grave accent, macron, caron 2273 '%cc%80', 2274 '%cc%84', 2275 '%cc%8c', 2276 ), 2277 '', 2278 $title 2279 ); 2280 2281 // Convert times to x 2282 $title = str_replace( '%c3%97', 'x', $title ); 2283 } 2284 2285 $title = preg_replace( '/&.+?;/', '', $title ); // kill entities 2286 $title = str_replace( '.', '-', $title ); 2287 2288 $title = preg_replace( '/[^%a-z0-9 _-]/', '', $title ); 2289 $title = preg_replace( '/\s+/', '-', $title ); 2290 $title = preg_replace( '|-+|', '-', $title ); 2291 $title = trim( $title, '-' ); 2292 2293 return $title; 2294 } 2295 2296 /** 2297 * Ensures a string is a valid SQL 'order by' clause. 2298 * 2299 * Accepts one or more columns, with or without a sort order (ASC / DESC). 2300 * e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc. 2301 * 2302 * Also accepts 'RAND()'. 2303 * 2304 * @since 2.5.1 2305 * 2306 * @param string $orderby Order by clause to be validated. 2307 * @return string|false Returns $orderby if valid, false otherwise. 2308 */ 2309 function sanitize_sql_orderby( $orderby ) { 2310 if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND\(\s*\)\s*$/i', $orderby ) ) { 2311 return $orderby; 2312 } 2313 return false; 2314 } 2315 2316 /** 2317 * Sanitizes an HTML classname to ensure it only contains valid characters. 2318 * 2319 * Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty 2320 * string then it will return the alternative value supplied. 2321 * 2322 * @todo Expand to support the full range of CDATA that a class attribute can contain. 2323 * 2324 * @since 2.8.0 2325 * 2326 * @param string $class The classname to be sanitized 2327 * @param string $fallback Optional. The value to return if the sanitization ends up as an empty string. 2328 * Defaults to an empty string. 2329 * @return string The sanitized value 2330 */ 2331 function sanitize_html_class( $class, $fallback = '' ) { 2332 //Strip out any % encoded octets 2333 $sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class ); 2334 2335 //Limit to A-Z,a-z,0-9,_,- 2336 $sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized ); 2337 2338 if ( '' == $sanitized && $fallback ) { 2339 return sanitize_html_class( $fallback ); 2340 } 2341 /** 2342 * Filters a sanitized HTML class string. 2343 * 2344 * @since 2.8.0 2345 * 2346 * @param string $sanitized The sanitized HTML class. 2347 * @param string $class HTML class before sanitization. 2348 * @param string $fallback The fallback string. 2349 */ 2350 return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback ); 2351 } 2352 2353 /** 2354 * Converts lone & characters into `&` (a.k.a. `&`) 2355 * 2356 * @since 0.71 2357 * 2358 * @param string $content String of characters to be converted. 2359 * @param string $deprecated Not used. 2360 * @return string Converted string. 2361 */ 2362 function convert_chars( $content, $deprecated = '' ) { 2363 if ( ! empty( $deprecated ) ) { 2364 _deprecated_argument( __FUNCTION__, '0.71' ); 2365 } 2366 2367 if ( strpos( $content, '&' ) !== false ) { 2368 $content = preg_replace( '/&([^#])(?![a-z1-4]{1,8};)/i', '&$1', $content ); 2369 } 2370 2371 return $content; 2372 } 2373 2374 /** 2375 * Converts invalid Unicode references range to valid range. 2376 * 2377 * @since 4.3.0 2378 * 2379 * @param string $content String with entities that need converting. 2380 * @return string Converted string. 2381 */ 2382 function convert_invalid_entities( $content ) { 2383 $wp_htmltranswinuni = array( 2384 '€' => '€', // the Euro sign 2385 '' => '', 2386 '‚' => '‚', // these are Windows CP1252 specific characters 2387 'ƒ' => 'ƒ', // they would look weird on non-Windows browsers 2388 '„' => '„', 2389 '…' => '…', 2390 '†' => '†', 2391 '‡' => '‡', 2392 'ˆ' => 'ˆ', 2393 '‰' => '‰', 2394 'Š' => 'Š', 2395 '‹' => '‹', 2396 'Œ' => 'Œ', 2397 '' => '', 2398 'Ž' => 'Ž', 2399 '' => '', 2400 '' => '', 2401 '‘' => '‘', 2402 '’' => '’', 2403 '“' => '“', 2404 '”' => '”', 2405 '•' => '•', 2406 '–' => '–', 2407 '—' => '—', 2408 '˜' => '˜', 2409 '™' => '™', 2410 'š' => 'š', 2411 '›' => '›', 2412 'œ' => 'œ', 2413 '' => '', 2414 'ž' => 'ž', 2415 'Ÿ' => 'Ÿ', 2416 ); 2417 2418 if ( strpos( $content, '' ) !== false ) { 2419 $content = strtr( $content, $wp_htmltranswinuni ); 2420 } 2421 2422 return $content; 2423 } 2424 2425 /** 2426 * Balances tags if forced to, or if the 'use_balanceTags' option is set to true. 2427 * 2428 * @since 0.71 2429 * 2430 * @param string $text Text to be balanced 2431 * @param bool $force If true, forces balancing, ignoring the value of the option. Default false. 2432 * @return string Balanced text 2433 */ 2434 function balanceTags( $text, $force = false ) { // phpcs:ignore WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid 2435 if ( $force || (int) get_option( 'use_balanceTags' ) === 1 ) { 2436 return force_balance_tags( $text ); 2437 } else { 2438 return $text; 2439 } 2440 } 2441 2442 /** 2443 * Balances tags of string using a modified stack. 2444 * 2445 * @since 2.0.4 2446 * @since 5.3.0 Improve accuracy and add support for custom element tags. 2447 * 2448 * @author Leonard Lin <leonard@acm.org> 2449 * @license GPL 2450 * @copyright November 4, 2001 2451 * @version 1.1 2452 * @todo Make better - change loop condition to $text in 1.2 2453 * @internal Modified by Scott Reilly (coffee2code) 02 Aug 2004 2454 * 1.1 Fixed handling of append/stack pop order of end text 2455 * Added Cleaning Hooks 2456 * 1.0 First Version 2457 * 2458 * @param string $text Text to be balanced. 2459 * @return string Balanced text. 2460 */ 2461 function force_balance_tags( $text ) { 2462 $tagstack = array(); 2463 $stacksize = 0; 2464 $tagqueue = ''; 2465 $newtext = ''; 2466 // Known single-entity/self-closing tags 2467 $single_tags = array( 'area', 'base', 'basefont', 'br', 'col', 'command', 'embed', 'frame', 'hr', 'img', 'input', 'isindex', 'link', 'meta', 'param', 'source' ); 2468 // Tags that can be immediately nested within themselves 2469 $nestable_tags = array( 'blockquote', 'div', 'object', 'q', 'span' ); 2470 2471 // WP bug fix for comments - in case you REALLY meant to type '< !--' 2472 $text = str_replace( '< !--', '< !--', $text ); 2473 // WP bug fix for LOVE <3 (and other situations with '<' before a number) 2474 $text = preg_replace( '#<([0-9]{1})#', '<$1', $text ); 2475 2476 /** 2477 * Matches supported tags. 2478 * 2479 * To get the pattern as a string without the comments paste into a PHP 2480 * REPL like `php -a`. 2481 * 2482 * @see https://html.spec.whatwg.org/#elements-2 2483 * @see https://w3c.github.io/webcomponents/spec/custom/#valid-custom-element-name 2484 * 2485 * @example 2486 * ~# php -a 2487 * php > $s = [paste copied contents of expression below including parentheses]; 2488 * php > echo $s; 2489 */ 2490 $tag_pattern = ( 2491 '#<' . // Start with an opening bracket. 2492 '(/?)' . // Group 1 - If it's a closing tag it'll have a leading slash. 2493 '(' . // Group 2 - Tag name. 2494 // Custom element tags have more lenient rules than HTML tag names. 2495 '(?:[a-z](?:[a-z0-9._]*)-(?:[a-z0-9._-]+)+)' . 2496 '|' . 2497 // Traditional tag rules approximate HTML tag names. 2498 '(?:[\w:]+)' . 2499 ')' . 2500 '(?:' . 2501 // We either immediately close the tag with its '>' and have nothing here. 2502 '\s*' . 2503 '(/?)' . // Group 3 - "attributes" for empty tag. 2504 '|' . 2505 // Or we must start with space characters to separate the tag name from the attributes (or whitespace). 2506 '(\s+)' . // Group 4 - Pre-attribute whitespace. 2507 '([^>]*)' . // Group 5 - Attributes. 2508 ')' . 2509 '>#' // End with a closing bracket. 2510 ); 2511 2512 while ( preg_match( $tag_pattern, $text, $regex ) ) { 2513 $full_match = $regex[0]; 2514 $has_leading_slash = ! empty( $regex[1] ); 2515 $tag_name = $regex[2]; 2516 $tag = strtolower( $tag_name ); 2517 $is_single_tag = in_array( $tag, $single_tags, true ); 2518 $pre_attribute_ws = isset( $regex[4] ) ? $regex[4] : ''; 2519 $attributes = trim( isset( $regex[5] ) ? $regex[5] : $regex[3] ); 2520 $has_self_closer = '/' === substr( $attributes, -1 ); 2521 2522 $newtext .= $tagqueue; 2523 2524 $i = strpos( $text, $full_match ); 2525 $l = strlen( $full_match ); 2526 2527 // Clear the shifter. 2528 $tagqueue = ''; 2529 if ( $has_leading_slash ) { // End Tag. 2530 // If too many closing tags. 2531 if ( $stacksize <= 0 ) { 2532 $tag = ''; 2533 // Or close to be safe $tag = '/' . $tag. 2534 2535 // If stacktop value = tag close value, then pop. 2536 } elseif ( $tagstack[ $stacksize - 1 ] === $tag ) { // Found closing tag. 2537 $tag = '</' . $tag . '>'; // Close Tag. 2538 array_pop( $tagstack ); 2539 $stacksize--; 2540 } else { // Closing tag not at top, search for it. 2541 for ( $j = $stacksize - 1; $j >= 0; $j-- ) { 2542 if ( $tagstack[ $j ] === $tag ) { 2543 // Add tag to tagqueue. 2544 for ( $k = $stacksize - 1; $k >= $j; $k-- ) { 2545 $tagqueue .= '</' . array_pop( $tagstack ) . '>'; 2546 $stacksize--; 2547 } 2548 break; 2549 } 2550 } 2551 $tag = ''; 2552 } 2553 } else { // Begin Tag. 2554 if ( $has_self_closer ) { // If it presents itself as a self-closing tag... 2555 // ...but it isn't a known single-entity self-closing tag, then don't let it be treated as such and 2556 // immediately close it with a closing tag (the tag will encapsulate no text as a result) 2557 if ( ! $is_single_tag ) { 2558 $attributes = trim( substr( $attributes, 0, -1 ) ) . "></$tag"; 2559 } 2560 } elseif ( $is_single_tag ) { // ElseIf it's a known single-entity tag but it doesn't close itself, do so 2561 $pre_attribute_ws = ' '; 2562 $attributes .= '/'; 2563 } else { // It's not a single-entity tag. 2564 // If the top of the stack is the same as the tag we want to push, close previous tag. 2565 if ( $stacksize > 0 && ! in_array( $tag, $nestable_tags, true ) && $tagstack[ $stacksize - 1 ] === $tag ) { 2566 $tagqueue = '</' . array_pop( $tagstack ) . '>'; 2567 $stacksize--; 2568 } 2569 $stacksize = array_push( $tagstack, $tag ); 2570 } 2571 2572 // Attributes. 2573 if ( $has_self_closer && $is_single_tag ) { 2574 // We need some space - avoid <br/> and prefer <br />. 2575 $pre_attribute_ws = ' '; 2576 } 2577 2578 $tag = '<' . $tag . $pre_attribute_ws . $attributes . '>'; 2579 // If already queuing a close tag, then put this tag on too. 2580 if ( ! empty( $tagqueue ) ) { 2581 $tagqueue .= $tag; 2582 $tag = ''; 2583 } 2584 } 2585 $newtext .= substr( $text, 0, $i ) . $tag; 2586 $text = substr( $text, $i + $l ); 2587 } 2588 2589 // Clear Tag Queue. 2590 $newtext .= $tagqueue; 2591 2592 // Add remaining text. 2593 $newtext .= $text; 2594 2595 while ( $x = array_pop( $tagstack ) ) { 2596 $newtext .= '</' . $x . '>'; // Add remaining tags to close. 2597 } 2598 2599 // WP fix for the bug with HTML comments. 2600 $newtext = str_replace( '< !--', '<!--', $newtext ); 2601 $newtext = str_replace( '< !--', '< !--', $newtext ); 2602 2603 return $newtext; 2604 } 2605 2606 /** 2607 * Acts on text which is about to be edited. 2608 * 2609 * The $content is run through esc_textarea(), which uses htmlspecialchars() 2610 * to convert special characters to HTML entities. If `$richedit` is set to true, 2611 * it is simply a holder for the {@see 'format_to_edit'} filter. 2612 * 2613 * @since 0.71 2614 * @since 4.4.0 The `$richedit` parameter was renamed to `$rich_text` for clarity. 2615 * 2616 * @param string $content The text about to be edited. 2617 * @param bool $rich_text Optional. Whether `$content` should be considered rich text, 2618 * in which case it would not be passed through esc_textarea(). 2619 * Default false. 2620 * @return string The text after the filter (and possibly htmlspecialchars()) has been run. 2621 */ 2622 function format_to_edit( $content, $rich_text = false ) { 2623 /** 2624 * Filters the text to be formatted for editing. 2625 * 2626 * @since 1.2.0 2627 * 2628 * @param string $content The text, prior to formatting for editing. 2629 */ 2630 $content = apply_filters( 'format_to_edit', $content ); 2631 if ( ! $rich_text ) { 2632 $content = esc_textarea( $content ); 2633 } 2634 return $content; 2635 } 2636 2637 /** 2638 * Add leading zeros when necessary. 2639 * 2640 * If you set the threshold to '4' and the number is '10', then you will get 2641 * back '0010'. If you set the threshold to '4' and the number is '5000', then you 2642 * will get back '5000'. 2643 * 2644 * Uses sprintf to append the amount of zeros based on the $threshold parameter 2645 * and the size of the number. If the number is large enough, then no zeros will 2646 * be appended. 2647 * 2648 * @since 0.71 2649 * 2650 * @param int $number Number to append zeros to if not greater than threshold. 2651 * @param int $threshold Digit places number needs to be to not have zeros added. 2652 * @return string Adds leading zeros to number if needed. 2653 */ 2654 function zeroise( $number, $threshold ) { 2655 return sprintf( '%0' . $threshold . 's', $number ); 2656 } 2657 2658 /** 2659 * Adds backslashes before letters and before a number at the start of a string. 2660 * 2661 * @since 0.71 2662 * 2663 * @param string $string Value to which backslashes will be added. 2664 * @return string String with backslashes inserted. 2665 */ 2666 function backslashit( $string ) { 2667 if ( isset( $string[0] ) && $string[0] >= '0' && $string[0] <= '9' ) { 2668 $string = '\\\\' . $string; 2669 } 2670 return addcslashes( $string, 'A..Za..z' ); 2671 } 2672 2673 /** 2674 * Appends a trailing slash. 2675 * 2676 * Will remove trailing forward and backslashes if it exists already before adding 2677 * a trailing forward slash. This prevents double slashing a string or path. 2678 * 2679 * The primary use of this is for paths and thus should be used for paths. It is 2680 * not restricted to paths and offers no specific path support. 2681 * 2682 * @since 1.2.0 2683 * 2684 * @param string $string What to add the trailing slash to. 2685 * @return string String with trailing slash added. 2686 */ 2687 function trailingslashit( $string ) { 2688 return untrailingslashit( $string ) . '/'; 2689 } 2690 2691 /** 2692 * Removes trailing forward slashes and backslashes if they exist. 2693 * 2694 * The primary use of this is for paths and thus should be used for paths. It is 2695 * not restricted to paths and offers no specific path support. 2696 * 2697 * @since 2.2.0 2698 * 2699 * @param string $string What to remove the trailing slashes from. 2700 * @return string String without the trailing slashes. 2701 */ 2702 function untrailingslashit( $string ) { 2703 return rtrim( $string, '/\\' ); 2704 } 2705 2706 /** 2707 * Adds slashes to escape strings. 2708 * 2709 * Slashes will first be removed if magic_quotes_gpc is set, see {@link 2710 * https://secure.php.net/magic_quotes} for more details. 2711 * 2712 * @since 0.71 2713 * 2714 * @param string $gpc The string returned from HTTP request data. 2715 * @return string Returns a string escaped with slashes. 2716 */ 2717 function addslashes_gpc( $gpc ) { 2718 return wp_slash( $gpc ); 2719 } 2720 2721 /** 2722 * Navigates through an array, object, or scalar, and removes slashes from the values. 2723 * 2724 * @since 2.0.0 2725 * 2726 * @param mixed $value The value to be stripped. 2727 * @return mixed Stripped value. 2728 */ 2729 function stripslashes_deep( $value ) { 2730 return map_deep( $value, 'stripslashes_from_strings_only' ); 2731 } 2732 2733 /** 2734 * Callback function for `stripslashes_deep()` which strips slashes from strings. 2735 * 2736 * @since 4.4.0 2737 * 2738 * @param mixed $value The array or string to be stripped. 2739 * @return mixed $value The stripped value. 2740 */ 2741 function stripslashes_from_strings_only( $value ) { 2742 return is_string( $value ) ? stripslashes( $value ) : $value; 2743 } 2744 2745 /** 2746 * Navigates through an array, object, or scalar, and encodes the values to be used in a URL. 2747 * 2748 * @since 2.2.0 2749 * 2750 * @param mixed $value The array or string to be encoded. 2751 * @return mixed $value The encoded value. 2752 */ 2753 function urlencode_deep( $value ) { 2754 return map_deep( $value, 'urlencode' ); 2755 } 2756 2757 /** 2758 * Navigates through an array, object, or scalar, and raw-encodes the values to be used in a URL. 2759 * 2760 * @since 3.4.0 2761 * 2762 * @param mixed $value The array or string to be encoded. 2763 * @return mixed $value The encoded value. 2764 */ 2765 function rawurlencode_deep( $value ) { 2766 return map_deep( $value, 'rawurlencode' ); 2767 } 2768 2769 /** 2770 * Navigates through an array, object, or scalar, and decodes URL-encoded values 2771 * 2772 * @since 4.4.0 2773 * 2774 * @param mixed $value The array or string to be decoded. 2775 * @return mixed $value The decoded value. 2776 */ 2777 function urldecode_deep( $value ) { 2778 return map_deep( $value, 'urldecode' ); 2779 } 2780 2781 /** 2782 * Converts email addresses characters to HTML entities to block spam bots. 2783 * 2784 * @since 0.71 2785 * 2786 * @param string $email_address Email address. 2787 * @param int $hex_encoding Optional. Set to 1 to enable hex encoding. 2788 * @return string Converted email address. 2789 */ 2790 function antispambot( $email_address, $hex_encoding = 0 ) { 2791 $email_no_spam_address = ''; 2792 for ( $i = 0, $len = strlen( $email_address ); $i < $len; $i++ ) { 2793 $j = rand( 0, 1 + $hex_encoding ); 2794 if ( $j == 0 ) { 2795 $email_no_spam_address .= '&#' . ord( $email_address[ $i ] ) . ';'; 2796 } elseif ( $j == 1 ) { 2797 $email_no_spam_address .= $email_address[ $i ]; 2798 } elseif ( $j == 2 ) { 2799 $email_no_spam_address .= '%' . zeroise( dechex( ord( $email_address[ $i ] ) ), 2 ); 2800 } 2801 } 2802 2803 return str_replace( '@', '@', $email_no_spam_address ); 2804 } 2805 2806 /** 2807 * Callback to convert URI match to HTML A element. 2808 * 2809 * This function was backported from 2.5.0 to 2.3.2. Regex callback for make_clickable(). 2810 * 2811 * @since 2.3.2 2812 * @access private 2813 * 2814 * @param array $matches Single Regex Match. 2815 * @return string HTML A element with URI address. 2816 */ 2817 function _make_url_clickable_cb( $matches ) { 2818 $url = $matches[2]; 2819 2820 if ( ')' == $matches[3] && strpos( $url, '(' ) ) { 2821 // If the trailing character is a closing parethesis, and the URL has an opening parenthesis in it, add the closing parenthesis to the URL. 2822 // Then we can let the parenthesis balancer do its thing below. 2823 $url .= $matches[3]; 2824 $suffix = ''; 2825 } else { 2826 $suffix = $matches[3]; 2827 } 2828 2829 // Include parentheses in the URL only if paired 2830 while ( substr_count( $url, '(' ) < substr_count( $url, ')' ) ) { 2831 $suffix = strrchr( $url, ')' ) . $suffix; 2832 $url = substr( $url, 0, strrpos( $url, ')' ) ); 2833 } 2834 2835 $url = esc_url( $url ); 2836 if ( empty( $url ) ) { 2837 return $matches[0]; 2838 } 2839 2840 if ( 'comment_text' === current_filter() ) { 2841 $rel = 'nofollow ugc'; 2842 } else { 2843 $rel = 'nofollow'; 2844 } 2845 2846 /** 2847 * Filters the rel value that is added to URL matches converted to links. 2848 * 2849 * @since 5.3.0 2850 * 2851 * @param string $rel The rel value. 2852 * @param string $url The matched URL being converted to a link tag. 2853 */ 2854 $rel = apply_filters( 'make_clickable_rel', $rel, $url ); 2855 $rel = esc_attr( $rel ); 2856 2857 return $matches[1] . "<a href=\"$url\" rel=\"$rel\">$url</a>" . $suffix; 2858 } 2859 2860 /** 2861 * Callback to convert URL match to HTML A element. 2862 * 2863 * This function was backported from 2.5.0 to 2.3.2. Regex callback for make_clickable(). 2864 * 2865 * @since 2.3.2 2866 * @access private 2867 * 2868 * @param array $matches Single Regex Match. 2869 * @return string HTML A element with URL address. 2870 */ 2871 function _make_web_ftp_clickable_cb( $matches ) { 2872 $ret = ''; 2873 $dest = $matches[2]; 2874 $dest = 'http://' . $dest; 2875 2876 // removed trailing [.,;:)] from URL 2877 if ( in_array( substr( $dest, -1 ), array( '.', ',', ';', ':', ')' ) ) === true ) { 2878 $ret = substr( $dest, -1 ); 2879 $dest = substr( $dest, 0, strlen( $dest ) - 1 ); 2880 } 2881 2882 $dest = esc_url( $dest ); 2883 if ( empty( $dest ) ) { 2884 return $matches[0]; 2885 } 2886 2887 if ( 'comment_text' === current_filter() ) { 2888 $rel = 'nofollow ugc'; 2889 } else { 2890 $rel = 'nofollow'; 2891 } 2892 2893 /** This filter is documented in wp-includes/formatting.php */ 2894 $rel = apply_filters( 'make_clickable_rel', $rel, $dest ); 2895 $rel = esc_attr( $rel ); 2896 2897 return $matches[1] . "<a href=\"$dest\" rel=\"$rel\">$dest</a>$ret"; 2898 } 2899 2900 /** 2901 * Callback to convert email address match to HTML A element. 2902 * 2903 * This function was backported from 2.5.0 to 2.3.2. Regex callback for make_clickable(). 2904 * 2905 * @since 2.3.2 2906 * @access private 2907 * 2908 * @param array $matches Single Regex Match. 2909 * @return string HTML A element with email address. 2910 */ 2911 function _make_email_clickable_cb( $matches ) { 2912 $email = $matches[2] . '@' . $matches[3]; 2913 return $matches[1] . "<a href=\"mailto:$email\">$email</a>"; 2914 } 2915 2916 /** 2917 * Convert plaintext URI to HTML links. 2918 * 2919 * Converts URI, www and ftp, and email addresses. Finishes by fixing links 2920 * within links. 2921 * 2922 * @since 0.71 2923 * 2924 * @param string $text Content to convert URIs. 2925 * @return string Content with converted URIs. 2926 */ 2927 function make_clickable( $text ) { 2928 $r = ''; 2929 $textarr = preg_split( '/(<[^<>]+>)/', $text, -1, PREG_SPLIT_DELIM_CAPTURE ); // split out HTML tags 2930 $nested_code_pre = 0; // Keep track of how many levels link is nested inside <pre> or <code> 2931 foreach ( $textarr as $piece ) { 2932 2933 if ( preg_match( '|^<code[\s>]|i', $piece ) || preg_match( '|^<pre[\s>]|i', $piece ) || preg_match( '|^<script[\s>]|i', $piece ) || preg_match( '|^<style[\s>]|i', $piece ) ) { 2934 $nested_code_pre++; 2935 } elseif ( $nested_code_pre && ( '</code>' === strtolower( $piece ) || '</pre>' === strtolower( $piece ) || '</script>' === strtolower( $piece ) || '</style>' === strtolower( $piece ) ) ) { 2936 $nested_code_pre--; 2937 } 2938 2939 if ( $nested_code_pre || empty( $piece ) || ( $piece[0] === '<' && ! preg_match( '|^<\s*[\w]{1,20}+://|', $piece ) ) ) { 2940 $r .= $piece; 2941 continue; 2942 } 2943 2944 // Long strings might contain expensive edge cases ... 2945 if ( 10000 < strlen( $piece ) ) { 2946 // ... break it up 2947 foreach ( _split_str_by_whitespace( $piece, 2100 ) as $chunk ) { // 2100: Extra room for scheme and leading and trailing paretheses 2948 if ( 2101 < strlen( $chunk ) ) { 2949 $r .= $chunk; // Too big, no whitespace: bail. 2950 } else { 2951 $r .= make_clickable( $chunk ); 2952 } 2953 } 2954 } else { 2955 $ret = " $piece "; // Pad with whitespace to simplify the regexes 2956 2957 $url_clickable = '~ 2958 ([\\s(<.,;:!?]) # 1: Leading whitespace, or punctuation 2959 ( # 2: URL 2960 [\\w]{1,20}+:// # Scheme and hier-part prefix 2961 (?=\S{1,2000}\s) # Limit to URLs less than about 2000 characters long 2962 [\\w\\x80-\\xff#%\\~/@\\[\\]*(+=&$-]*+ # Non-punctuation URL character 2963 (?: # Unroll the Loop: Only allow puctuation URL character if followed by a non-punctuation URL character 2964 [\'.,;:!?)] # Punctuation URL character 2965 [\\w\\x80-\\xff#%\\~/@\\[\\]*(+=&$-]++ # Non-punctuation URL character 2966 )* 2967 ) 2968 (\)?) # 3: Trailing closing parenthesis (for parethesis balancing post processing) 2969 ~xS'; 2970 // The regex is a non-anchored pattern and does not have a single fixed starting character. 2971 // Tell PCRE to spend more time optimizing since, when used on a page load, it will probably be used several times. 2972 2973 $ret = preg_replace_callback( $url_clickable, '_make_url_clickable_cb', $ret ); 2974 2975 $ret = preg_replace_callback( '#([\s>])((www|ftp)\.[\w\\x80-\\xff\#$%&~/.\-;:=,?@\[\]+]+)#is', '_make_web_ftp_clickable_cb', $ret ); 2976 $ret = preg_replace_callback( '#([\s>])([.0-9a-z_+-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,})#i', '_make_email_clickable_cb', $ret ); 2977 2978 $ret = substr( $ret, 1, -1 ); // Remove our whitespace padding. 2979 $r .= $ret; 2980 } 2981 } 2982 2983 // Cleanup of accidental links within links 2984 return preg_replace( '#(<a([ \r\n\t]+[^>]+?>|>))<a [^>]+?>([^>]+?)</a></a>#i', '$1$3</a>', $r ); 2985 } 2986 2987 /** 2988 * Breaks a string into chunks by splitting at whitespace characters. 2989 * The length of each returned chunk is as close to the specified length goal as possible, 2990 * with the caveat that each chunk includes its trailing delimiter. 2991 * Chunks longer than the goal are guaranteed to not have any inner whitespace. 2992 * 2993 * Joining the returned chunks with empty delimiters reconstructs the input string losslessly. 2994 * 2995 * Input string must have no null characters (or eventual transformations on output chunks must not care about null characters) 2996 * 2997 * _split_str_by_whitespace( "1234 67890 1234 67890a cd 1234 890 123456789 1234567890a 45678 1 3 5 7 90 ", 10 ) == 2998 * array ( 2999 * 0 => '1234 67890 ', // 11 characters: Perfect split 3000 * 1 => '1234 ', // 5 characters: '1234 67890a' was too long 3001 * 2 => '67890a cd ', // 10 characters: '67890a cd 1234' was too long 3002 * 3 => '1234 890 ', // 11 characters: Perfect split 3003 * 4 => '123456789 ', // 10 characters: '123456789 1234567890a' was too long 3004 * 5 => '1234567890a ', // 12 characters: Too long, but no inner whitespace on which to split 3005 * 6 => ' 45678 ', // 11 characters: Perfect split 3006 * 7 => '1 3 5 7 90 ', // 11 characters: End of $string 3007 * ); 3008 * 3009 * @since 3.4.0 3010 * @access private 3011 * 3012 * @param string $string The string to split. 3013 * @param int $goal The desired chunk length. 3014 * @return array Numeric array of chunks. 3015 */ 3016 function _split_str_by_whitespace( $string, $goal ) { 3017 $chunks = array(); 3018 3019 $string_nullspace = strtr( $string, "\r\n\t\v\f ", "\000\000\000\000\000\000" ); 3020 3021 while ( $goal < strlen( $string_nullspace ) ) { 3022 $pos = strrpos( substr( $string_nullspace, 0, $goal + 1 ), "\000" ); 3023 3024 if ( false === $pos ) { 3025 $pos = strpos( $string_nullspace, "\000", $goal + 1 ); 3026 if ( false === $pos ) { 3027 break; 3028 } 3029 } 3030 3031 $chunks[] = substr( $string, 0, $pos + 1 ); 3032 $string = substr( $string, $pos + 1 ); 3033 $string_nullspace = substr( $string_nullspace, $pos + 1 ); 3034 } 3035 3036 if ( $string ) { 3037 $chunks[] = $string; 3038 } 3039 3040 return $chunks; 3041 } 3042 3043 /** 3044 * Callback to add a rel attribute to HTML A element. 3045 * 3046 * Will remove already existing string before adding to prevent invalidating (X)HTML. 3047 * 3048 * @since 5.3.0 3049 * 3050 * @param array $matches Single match. 3051 * @param string $rel The rel attribute to add. 3052 * @return string HTML A element with the added rel attribute. 3053 */ 3054 function wp_rel_callback( $matches, $rel ) { 3055 $text = $matches[1]; 3056 $atts = wp_kses_hair( $matches[1], wp_allowed_protocols() ); 3057 3058 if ( ! empty( $atts['href'] ) ) { 3059 if ( in_array( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_SCHEME ) ), array( 'http', 'https' ), true ) ) { 3060 if ( strtolower( wp_parse_url( $atts['href']['value'], PHP_URL_HOST ) ) === strtolower( wp_parse_url( home_url(), PHP_URL_HOST ) ) ) { 3061 return "<a $text>"; 3062 } 3063 } 3064 } 3065 3066 if ( ! empty( $atts['rel'] ) ) { 3067 $parts = array_map( 'trim', explode( ' ', $atts['rel']['value'] ) ); 3068 $rel_array = array_map( 'trim', explode( ' ', $rel ) ); 3069 $parts = array_unique( array_merge( $parts, $rel_array ) ); 3070 $rel = implode( ' ', $parts ); 3071 unset( $atts['rel'] ); 3072 3073 $html = ''; 3074 foreach ( $atts as $name => $value ) { 3075 if ( isset( $value['vless'] ) && 'y' === $value['vless'] ) { 3076 $html .= $name . ' '; 3077 } else { 3078 $html .= "{$name}=\"" . esc_attr( $value['value'] ) . '" '; 3079 } 3080 } 3081 $text = trim( $html ); 3082 } 3083 return "<a $text rel=\"" . esc_attr( $rel ) . '">'; 3084 } 3085 3086 /** 3087 * Adds `rel="nofollow"` string to all HTML A elements in content. 3088 * 3089 * @since 1.5.0 3090 * 3091 * @param string $text Content that may contain HTML A elements. 3092 * @return string Converted content. 3093 */ 3094 function wp_rel_nofollow( $text ) { 3095 // This is a pre-save filter, so text is already escaped. 3096 $text = stripslashes( $text ); 3097 $text = preg_replace_callback( 3098 '|<a (.+?)>|i', 3099 function( $matches ) { 3100 return wp_rel_callback( $matches, 'nofollow' ); 3101 }, 3102 $text 3103 ); 3104 return wp_slash( $text ); 3105 } 3106 3107 /** 3108 * Callback to add `rel="nofollow"` string to HTML A element. 3109 * 3110 * @since 2.3.0 3111 * @deprecated 5.3.0 Use wp_rel_callback() 3112 * 3113 * @param array $matches Single match. 3114 * @return string HTML A Element with `rel="nofollow"`. 3115 */ 3116 function wp_rel_nofollow_callback( $matches ) { 3117 return wp_rel_callback( $matches, 'nofollow' ); 3118 } 3119 3120 /** 3121 * Adds `rel="nofollow ugc"` string to all HTML A elements in content. 3122 * 3123 * @since 5.3.0 3124 * 3125 * @param string $text Content that may contain HTML A elements. 3126 * @return string Converted content. 3127 */ 3128 function wp_rel_ugc( $text ) { 3129 // This is a pre-save filter, so text is already escaped. 3130 $text = stripslashes( $text ); 3131 $text = preg_replace_callback( 3132 '|<a (.+?)>|i', 3133 function( $matches ) { 3134 return wp_rel_callback( $matches, 'nofollow ugc' ); 3135 }, 3136 $text 3137 ); 3138 return wp_slash( $text ); 3139 } 3140 3141 /** 3142 * Adds rel noreferrer and noopener to all HTML A elements that have a target. 3143 * 3144 * @since 5.1.0 3145 * 3146 * @param string $text Content that may contain HTML A elements. 3147 * @return string Converted content. 3148 */ 3149 function wp_targeted_link_rel( $text ) { 3150 // Don't run (more expensive) regex if no links with targets. 3151 if ( stripos( $text, 'target' ) !== false && stripos( $text, '<a ' ) !== false ) { 3152 if ( ! is_serialized( $text ) ) { 3153 $text = preg_replace_callback( '|<a\s([^>]*target\s*=[^>]*)>|i', 'wp_targeted_link_rel_callback', $text ); 3154 } 3155 } 3156 3157 return $text; 3158 } 3159 3160 /** 3161 * Callback to add rel="noreferrer noopener" string to HTML A element. 3162 * 3163 * Will not duplicate existing noreferrer and noopener values 3164 * to prevent from invalidating the HTML. 3165 * 3166 * @since 5.1.0 3167 * 3168 * @param array $matches Single Match 3169 * @return string HTML A Element with rel noreferrer noopener in addition to any existing values 3170 */ 3171 function wp_targeted_link_rel_callback( $matches ) { 3172 $link_html = $matches[1]; 3173 $rel_match = array(); 3174 3175 /** 3176 * Filters the rel values that are added to links with `target` attribute. 3177 * 3178 * @since 5.1.0 3179 * 3180 * @param string $rel The rel values. 3181 * @param string $link_html The matched content of the link tag including all HTML attributes. 3182 */ 3183 $rel = apply_filters( 'wp_targeted_link_rel', 'noopener noreferrer', $link_html ); 3184 3185 // Avoid additional regex if the filter removes rel values. 3186 if ( ! $rel ) { 3187 return "<a $link_html>"; 3188 } 3189 3190 // Value with delimiters, spaces around are optional. 3191 $attr_regex = '|rel\s*=\s*?(\\\\{0,1}["\'])(.*?)\\1|i'; 3192 preg_match( $attr_regex, $link_html, $rel_match ); 3193 3194 if ( empty( $rel_match[0] ) ) { 3195 // No delimiters, try with a single value and spaces, because `rel = va"lue` is totally fine... 3196 $attr_regex = '|rel\s*=(\s*)([^\s]*)|i'; 3197 preg_match( $attr_regex, $link_html, $rel_match ); 3198 } 3199 3200 if ( ! empty( $rel_match[0] ) ) { 3201 $parts = preg_split( '|\s+|', strtolower( $rel_match[2] ) ); 3202 $parts = array_map( 'esc_attr', $parts ); 3203 $needed = explode( ' ', $rel ); 3204 $parts = array_unique( array_merge( $parts, $needed ) ); 3205 $delimiter = trim( $rel_match[1] ) ? $rel_match[1] : '"'; 3206 $rel = 'rel=' . $delimiter . trim( implode( ' ', $parts ) ) . $delimiter; 3207 $link_html = str_replace( $rel_match[0], $rel, $link_html ); 3208 } elseif ( preg_match( '|target\s*=\s*?\\\\"|', $link_html ) ) { 3209 $link_html .= " rel=\\\"$rel\\\""; 3210 } elseif ( preg_match( '#(target|href)\s*=\s*?\'#', $link_html ) ) { 3211 $link_html .= " rel='$rel'"; 3212 } else { 3213 $link_html .= " rel=\"$rel\""; 3214 } 3215 3216 return "<a $link_html>"; 3217 } 3218 3219 /** 3220 * Adds all filters modifying the rel attribute of targeted links. 3221 * 3222 * @since 5.1.0 3223 */ 3224 function wp_init_targeted_link_rel_filters() { 3225 $filters = array( 3226 'title_save_pre', 3227 'content_save_pre', 3228 'excerpt_save_pre', 3229 'content_filtered_save_pre', 3230 'pre_comment_content', 3231 'pre_term_description', 3232 'pre_link_description', 3233 'pre_link_notes', 3234 'pre_user_description', 3235 ); 3236 3237 foreach ( $filters as $filter ) { 3238 add_filter( $filter, 'wp_targeted_link_rel' ); 3239 }; 3240 } 3241 3242 /** 3243 * Removes all filters modifying the rel attribute of targeted links. 3244 * 3245 * @since 5.1.0 3246 */ 3247 function wp_remove_targeted_link_rel_filters() { 3248 $filters = array( 3249 'title_save_pre', 3250 'content_save_pre', 3251 'excerpt_save_pre', 3252 'content_filtered_save_pre', 3253 'pre_comment_content', 3254 'pre_term_description', 3255 'pre_link_description', 3256 'pre_link_notes', 3257 'pre_user_description', 3258 ); 3259 3260 foreach ( $filters as $filter ) { 3261 remove_filter( $filter, 'wp_targeted_link_rel' ); 3262 }; 3263 } 3264 3265 /** 3266 * Convert one smiley code to the icon graphic file equivalent. 3267 * 3268 * Callback handler for convert_smilies(). 3269 * 3270 * Looks up one smiley code in the $wpsmiliestrans global array and returns an 3271 * `<img>` string for that smiley. 3272 * 3273 * @since 2.8.0 3274 * 3275 * @global array $wpsmiliestrans 3276 * 3277 * @param array $matches Single match. Smiley code to convert to image. 3278 * @return string Image string for smiley. 3279 */ 3280 function translate_smiley( $matches ) { 3281 global $wpsmiliestrans; 3282 3283 if ( count( $matches ) == 0 ) { 3284 return ''; 3285 } 3286 3287 $smiley = trim( reset( $matches ) ); 3288 $img = $wpsmiliestrans[ $smiley ]; 3289 3290 $matches = array(); 3291 $ext = preg_match( '/\.([^.]+)$/', $img, $matches ) ? strtolower( $matches[1] ) : false; 3292 $image_exts = array( 'jpg', 'jpeg', 'jpe', 'gif', 'png' ); 3293 3294 // Don't convert smilies that aren't images - they're probably emoji. 3295 if ( ! in_array( $ext, $image_exts ) ) { 3296 return $img; 3297 } 3298 3299 /** 3300 * Filters the Smiley image URL before it's used in the image element. 3301 * 3302 * @since 2.9.0 3303 * 3304 * @param string $smiley_url URL for the smiley image. 3305 * @param string $img Filename for the smiley image. 3306 * @param string $site_url Site URL, as returned by site_url(). 3307 */ 3308 $src_url = apply_filters( 'smilies_src', includes_url( "images/smilies/$img" ), $img, site_url() ); 3309 3310 return sprintf( '<img src="%s" alt="%s" class="wp-smiley" style="height: 1em; max-height: 1em;" />', esc_url( $src_url ), esc_attr( $smiley ) ); 3311 } 3312 3313 /** 3314 * Convert text equivalent of smilies to images. 3315 * 3316 * Will only convert smilies if the option 'use_smilies' is true and the global 3317 * used in the function isn't empty. 3318 * 3319 * @since 0.71 3320 * 3321 * @global string|array $wp_smiliessearch 3322 * 3323 * @param string $text Content to convert smilies from text. 3324 * @return string Converted content with text smilies replaced with images. 3325 */ 3326 function convert_smilies( $text ) { 3327 global $wp_smiliessearch; 3328 $output = ''; 3329 if ( get_option( 'use_smilies' ) && ! empty( $wp_smiliessearch ) ) { 3330 // HTML loop taken from texturize function, could possible be consolidated 3331 $textarr = preg_split( '/(<.*>)/U', $text, -1, PREG_SPLIT_DELIM_CAPTURE ); // capture the tags as well as in between 3332 $stop = count( $textarr );// loop stuff 3333 3334 // Ignore proessing of specific tags 3335 $tags_to_ignore = 'code|pre|style|script|textarea'; 3336 $ignore_block_element = ''; 3337 3338 for ( $i = 0; $i < $stop; $i++ ) { 3339 $content = $textarr[ $i ]; 3340 3341 // If we're in an ignore block, wait until we find its closing tag 3342 if ( '' == $ignore_block_element && preg_match( '/^<(' . $tags_to_ignore . ')[^>]*>/', $content, $matches ) ) { 3343 $ignore_block_element = $matches[1]; 3344 } 3345 3346 // If it's not a tag and not in ignore block 3347 if ( '' == $ignore_block_element && strlen( $content ) > 0 && '<' != $content[0] ) { 3348 $content = preg_replace_callback( $wp_smiliessearch, 'translate_smiley', $content ); 3349 } 3350 3351 // did we exit ignore block 3352 if ( '' != $ignore_block_element && '</' . $ignore_block_element . '>' == $content ) { 3353 $ignore_block_element = ''; 3354 } 3355 3356 $output .= $content; 3357 } 3358 } else { 3359 // return default text. 3360 $output = $text; 3361 } 3362 return $output; 3363 } 3364 3365 /** 3366 * Verifies that an email is valid. 3367 * 3368 * Does not grok i18n domains. Not RFC compliant. 3369 * 3370 * @since 0.71 3371 * 3372 * @param string $email Email address to verify. 3373 * @param bool $deprecated Deprecated. 3374 * @return string|false Valid email address on success, false on failure. 3375 */ 3376 function is_email( $email, $deprecated = false ) { 3377 if ( ! empty( $deprecated ) ) { 3378 _deprecated_argument( __FUNCTION__, '3.0.0' ); 3379 } 3380 3381 // Test for the minimum length the email can be 3382 if ( strlen( $email ) < 6 ) { 3383 /** 3384 * Filters whether an email address is valid. 3385 * 3386 * This filter is evaluated under several different contexts, such as 'email_too_short', 3387 * 'email_no_at', 'local_invalid_chars', 'domain_period_sequence', 'domain_period_limits', 3388 * 'domain_no_periods', 'sub_hyphen_limits', 'sub_invalid_chars', or no specific context. 3389 * 3390 * @since 2.8.0 3391 * 3392 * @param string|false $is_email The email address if successfully passed the is_email() checks, false otherwise. 3393 * @param string $email The email address being checked. 3394 * @param string $context Context under which the email was tested. 3395 */ 3396 return apply_filters( 'is_email', false, $email, 'email_too_short' ); 3397 } 3398 3399 // Test for an @ character after the first position 3400 if ( strpos( $email, '@', 1 ) === false ) { 3401 /** This filter is documented in wp-includes/formatting.php */ 3402 return apply_filters( 'is_email', false, $email, 'email_no_at' ); 3403 } 3404 3405 // Split out the local and domain parts 3406 list( $local, $domain ) = explode( '@', $email, 2 ); 3407 3408 // LOCAL PART 3409 // Test for invalid characters 3410 if ( ! preg_match( '/^[a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]+$/', $local ) ) { 3411 /** This filter is documented in wp-includes/formatting.php */ 3412 return apply_filters( 'is_email', false, $email, 'local_invalid_chars' ); 3413 } 3414 3415 // DOMAIN PART 3416 // Test for sequences of periods 3417 if ( preg_match( '/\.{2,}/', $domain ) ) { 3418 /** This filter is documented in wp-includes/formatting.php */ 3419 return apply_filters( 'is_email', false, $email, 'domain_period_sequence' ); 3420 } 3421 3422 // Test for leading and trailing periods and whitespace 3423 if ( trim( $domain, " \t\n\r\0\x0B." ) !== $domain ) { 3424 /** This filter is documented in wp-includes/formatting.php */ 3425 return apply_filters( 'is_email', false, $email, 'domain_period_limits' ); 3426 } 3427 3428 // Split the domain into subs 3429 $subs = explode( '.', $domain ); 3430 3431 // Assume the domain will have at least two subs 3432 if ( 2 > count( $subs ) ) { 3433 /** This filter is documented in wp-includes/formatting.php */ 3434 return apply_filters( 'is_email', false, $email, 'domain_no_periods' ); 3435 } 3436 3437 // Loop through each sub 3438 foreach ( $subs as $sub ) { 3439 // Test for leading and trailing hyphens and whitespace 3440 if ( trim( $sub, " \t\n\r\0\x0B-" ) !== $sub ) { 3441 /** This filter is documented in wp-includes/formatting.php */ 3442 return apply_filters( 'is_email', false, $email, 'sub_hyphen_limits' ); 3443 } 3444 3445 // Test for invalid characters 3446 if ( ! preg_match( '/^[a-z0-9-]+$/i', $sub ) ) { 3447 /** This filter is documented in wp-includes/formatting.php */ 3448 return apply_filters( 'is_email', false, $email, 'sub_invalid_chars' ); 3449 } 3450 } 3451 3452 // Congratulations your email made it! 3453 /** This filter is documented in wp-includes/formatting.php */ 3454 return apply_filters( 'is_email', $email, $email, null ); 3455 } 3456 3457 /** 3458 * Convert to ASCII from email subjects. 3459 * 3460 * @since 1.2.0 3461 * 3462 * @param string $string Subject line 3463 * @return string Converted string to ASCII 3464 */ 3465 function wp_iso_descrambler( $string ) { 3466 /* this may only work with iso-8859-1, I'm afraid */ 3467 if ( ! preg_match( '#\=\?(.+)\?Q\?(.+)\?\=#i', $string, $matches ) ) { 3468 return $string; 3469 } else { 3470 $subject = str_replace( '_', ' ', $matches[2] ); 3471 return preg_replace_callback( '#\=([0-9a-f]{2})#i', '_wp_iso_convert', $subject ); 3472 } 3473 } 3474 3475 /** 3476 * Helper function to convert hex encoded chars to ASCII 3477 * 3478 * @since 3.1.0 3479 * @access private 3480 * 3481 * @param array $match The preg_replace_callback matches array 3482 * @return string Converted chars 3483 */ 3484 function _wp_iso_convert( $match ) { 3485 return chr( hexdec( strtolower( $match[1] ) ) ); 3486 } 3487 3488 /** 3489 * Returns a date in the GMT equivalent. 3490 * 3491 * Requires and returns a date in the Y-m-d H:i:s format. 3492 * Return format can be overridden using the $format parameter. 3493 * 3494 * @since 1.2.0 3495 * 3496 * @param string $string The date to be converted. 3497 * @param string $format The format string for the returned date. Default 'Y-m-d H:i:s'. 3498 * @return string GMT version of the date provided. 3499 */ 3500 function get_gmt_from_date( $string, $format = 'Y-m-d H:i:s' ) { 3501 $datetime = date_create( $string, wp_timezone() ); 3502 3503 if ( false === $datetime ) { 3504 return gmdate( $format, 0 ); 3505 } 3506 3507 return $datetime->setTimezone( new DateTimeZone( 'UTC' ) )->format( $format ); 3508 } 3509 3510 /** 3511 * Converts a GMT date into the correct format for the blog. 3512 * 3513 * Requires and returns a date in the Y-m-d H:i:s format. 3514 * Return format can be overridden using the $format parameter. 3515 * 3516 * @since 1.2.0 3517 * 3518 * @param string $string The date to be converted. 3519 * @param string $format The format string for the returned date. Default 'Y-m-d H:i:s'. 3520 * @return string Formatted date relative to the timezone. 3521 */ 3522 function get_date_from_gmt( $string, $format = 'Y-m-d H:i:s' ) { 3523 $datetime = date_create( $string, new DateTimeZone( 'UTC' ) ); 3524 3525 if ( false === $datetime ) { 3526 return gmdate( $format, 0 ); 3527 } 3528 3529 return $datetime->setTimezone( wp_timezone() )->format( $format ); 3530 } 3531 3532 /** 3533 * Computes an offset in seconds from an iso8601 timezone. 3534 * 3535 * @since 1.5.0 3536 * 3537 * @param string $timezone Either 'Z' for 0 offset or '±hhmm'. 3538 * @return int|float The offset in seconds. 3539 */ 3540 function iso8601_timezone_to_offset( $timezone ) { 3541 // $timezone is either 'Z' or '[+|-]hhmm' 3542 if ( $timezone == 'Z' ) { 3543 $offset = 0; 3544 } else { 3545 $sign = ( substr( $timezone, 0, 1 ) == '+' ) ? 1 : -1; 3546 $hours = intval( substr( $timezone, 1, 2 ) ); 3547 $minutes = intval( substr( $timezone, 3, 4 ) ) / 60; 3548 $offset = $sign * HOUR_IN_SECONDS * ( $hours + $minutes ); 3549 } 3550 return $offset; 3551 } 3552 3553 /** 3554 * Converts an iso8601 (Ymd\TH:i:sO) date to MySQL DateTime (Y-m-d H:i:s) format used by post_date[_gmt]. 3555 * 3556 * @since 1.5.0 3557 * 3558 * @param string $date_string Date and time in ISO 8601 format {@link https://en.wikipedia.org/wiki/ISO_8601}. 3559 * @param string $timezone Optional. If set to 'gmt' returns the result in UTC. Default 'user'. 3560 * @return string|bool The date and time in MySQL DateTime format - Y-m-d H:i:s, or false on failure. 3561 */ 3562 function iso8601_to_datetime( $date_string, $timezone = 'user' ) { 3563 $timezone = strtolower( $timezone ); 3564 $wp_timezone = wp_timezone(); 3565 $datetime = date_create( $date_string, $wp_timezone ); // Timezone is ignored if input has one. 3566 3567 if ( false === $datetime ) { 3568 return false; 3569 } 3570 3571 if ( 'gmt' === $timezone ) { 3572 return $datetime->setTimezone( new DateTimeZone( 'UTC' ) )->format( 'Y-m-d H:i:s' ); 3573 } 3574 3575 if ( 'user' === $timezone ) { 3576 return $datetime->setTimezone( $wp_timezone )->format( 'Y-m-d H:i:s' ); 3577 } 3578 3579 return false; 3580 } 3581 3582 /** 3583 * Strips out all characters that are not allowable in an email. 3584 * 3585 * @since 1.5.0 3586 * 3587 * @param string $email Email address to filter. 3588 * @return string Filtered email address. 3589 */ 3590 function sanitize_email( $email ) { 3591 // Test for the minimum length the email can be 3592 if ( strlen( $email ) < 6 ) { 3593 /** 3594 * Filters a sanitized email address. 3595 * 3596 * This filter is evaluated under several contexts, including 'email_too_short', 3597 * 'email_no_at', 'local_invalid_chars', 'domain_period_sequence', 'domain_period_limits', 3598 * 'domain_no_periods', 'domain_no_valid_subs', or no context. 3599 * 3600 * @since 2.8.0 3601 * 3602 * @param string $sanitized_email The sanitized email address. 3603 * @param string $email The email address, as provided to sanitize_email(). 3604 * @param string|null $message A message to pass to the user. null if email is sanitized. 3605 */ 3606 return apply_filters( 'sanitize_email', '', $email, 'email_too_short' ); 3607 } 3608 3609 // Test for an @ character after the first position 3610 if ( strpos( $email, '@', 1 ) === false ) { 3611 /** This filter is documented in wp-includes/formatting.php */ 3612 return apply_filters( 'sanitize_email', '', $email, 'email_no_at' ); 3613 } 3614 3615 // Split out the local and domain parts 3616 list( $local, $domain ) = explode( '@', $email, 2 ); 3617 3618 // LOCAL PART 3619 // Test for invalid characters 3620 $local = preg_replace( '/[^a-zA-Z0-9!#$%&\'*+\/=?^_`{|}~\.-]/', '', $local ); 3621 if ( '' === $local ) { 3622 /** This filter is documented in wp-includes/formatting.php */ 3623 return apply_filters( 'sanitize_email', '', $email, 'local_invalid_chars' ); 3624 } 3625 3626 // DOMAIN PART 3627 // Test for sequences of periods 3628 $domain = preg_replace( '/\.{2,}/', '', $domain ); 3629 if ( '' === $domain ) { 3630 /** This filter is documented in wp-includes/formatting.php */ 3631 return apply_filters( 'sanitize_email', '', $email, 'domain_period_sequence' ); 3632 } 3633 3634 // Test for leading and trailing periods and whitespace 3635 $domain = trim( $domain, " \t\n\r\0\x0B." ); 3636 if ( '' === $domain ) { 3637 /** This filter is documented in wp-includes/formatting.php */ 3638 return apply_filters( 'sanitize_email', '', $email, 'domain_period_limits' ); 3639 } 3640 3641 // Split the domain into subs 3642 $subs = explode( '.', $domain ); 3643 3644 // Assume the domain will have at least two subs 3645 if ( 2 > count( $subs ) ) { 3646 /** This filter is documented in wp-includes/formatting.php */ 3647 return apply_filters( 'sanitize_email', '', $email, 'domain_no_periods' ); 3648 } 3649 3650 // Create an array that will contain valid subs 3651 $new_subs = array(); 3652 3653 // Loop through each sub 3654 foreach ( $subs as $sub ) { 3655 // Test for leading and trailing hyphens 3656 $sub = trim( $sub, " \t\n\r\0\x0B-" ); 3657 3658 // Test for invalid characters 3659 $sub = preg_replace( '/[^a-z0-9-]+/i', '', $sub ); 3660 3661 // If there's anything left, add it to the valid subs 3662 if ( '' !== $sub ) { 3663 $new_subs[] = $sub; 3664 } 3665 } 3666 3667 // If there aren't 2 or more valid subs 3668 if ( 2 > count( $new_subs ) ) { 3669 /** This filter is documented in wp-includes/formatting.php */ 3670 return apply_filters( 'sanitize_email', '', $email, 'domain_no_valid_subs' ); 3671 } 3672 3673 // Join valid subs into the new domain 3674 $domain = join( '.', $new_subs ); 3675 3676 // Put the email back together 3677 $sanitized_email = $local . '@' . $domain; 3678 3679 // Congratulations your email made it! 3680 /** This filter is documented in wp-includes/formatting.php */ 3681 return apply_filters( 'sanitize_email', $sanitized_email, $email, null ); 3682 } 3683 3684 /** 3685 * Determines the difference between two timestamps. 3686 * 3687 * The difference is returned in a human readable format such as "1 hour", 3688 * "5 mins", "2 days". 3689 * 3690 * @since 1.5.0 3691 * @since 5.3.0 Added support for showing a difference in seconds. 3692 * 3693 * @param int $from Unix timestamp from which the difference begins. 3694 * @param int $to Optional. Unix timestamp to end the time difference. Default becomes time() if not set. 3695 * @return string Human readable time difference. 3696 */ 3697 function human_time_diff( $from, $to = 0 ) { 3698 if ( empty( $to ) ) { 3699 $to = time(); 3700 } 3701 3702 $diff = (int) abs( $to - $from ); 3703 3704 if ( $diff < MINUTE_IN_SECONDS ) { 3705 $secs = $diff; 3706 if ( $secs <= 1 ) { 3707 $secs = 1; 3708 } 3709 /* translators: Time difference between two dates, in seconds. %s: Number of seconds. */ 3710 $since = sprintf( _n( '%s second', '%s seconds', $secs ), $secs ); 3711 } elseif ( $diff < HOUR_IN_SECONDS && $diff >= MINUTE_IN_SECONDS ) { 3712 $mins = round( $diff / MINUTE_IN_SECONDS ); 3713 if ( $mins <= 1 ) { 3714 $mins = 1; 3715 } 3716 /* translators: Time difference between two dates, in minutes (min=minute). %s: Number of minutes. */ 3717 $since = sprintf( _n( '%s min', '%s mins', $mins ), $mins ); 3718 } elseif ( $diff < DAY_IN_SECONDS && $diff >= HOUR_IN_SECONDS ) { 3719 $hours = round( $diff / HOUR_IN_SECONDS ); 3720 if ( $hours <= 1 ) { 3721 $hours = 1; 3722 } 3723 /* translators: Time difference between two dates, in hours. %s: Number of hours. */ 3724 $since = sprintf( _n( '%s hour', '%s hours', $hours ), $hours ); 3725 } elseif ( $diff < WEEK_IN_SECONDS && $diff >= DAY_IN_SECONDS ) { 3726 $days = round( $diff / DAY_IN_SECONDS ); 3727 if ( $days <= 1 ) { 3728 $days = 1; 3729 } 3730 /* translators: Time difference between two dates, in days. %s: Number of days. */ 3731 $since = sprintf( _n( '%s day', '%s days', $days ), $days ); 3732 } elseif ( $diff < MONTH_IN_SECONDS && $diff >= WEEK_IN_SECONDS ) { 3733 $weeks = round( $diff / WEEK_IN_SECONDS ); 3734 if ( $weeks <= 1 ) { 3735 $weeks = 1; 3736 } 3737 /* translators: Time difference between two dates, in weeks. %s: Number of weeks. */ 3738 $since = sprintf( _n( '%s week', '%s weeks', $weeks ), $weeks ); 3739 } elseif ( $diff < YEAR_IN_SECONDS && $diff >= MONTH_IN_SECONDS ) { 3740 $months = round( $diff / MONTH_IN_SECONDS ); 3741 if ( $months <= 1 ) { 3742 $months = 1; 3743 } 3744 /* translators: Time difference between two dates, in months. %s: Number of months. */ 3745 $since = sprintf( _n( '%s month', '%s months', $months ), $months ); 3746 } elseif ( $diff >= YEAR_IN_SECONDS ) { 3747 $years = round( $diff / YEAR_IN_SECONDS ); 3748 if ( $years <= 1 ) { 3749 $years = 1; 3750 } 3751 /* translators: Time difference between two dates, in years. %s: Number of years. */ 3752 $since = sprintf( _n( '%s year', '%s years', $years ), $years ); 3753 } 3754 3755 /** 3756 * Filters the human readable difference between two timestamps. 3757 * 3758 * @since 4.0.0 3759 * 3760 * @param string $since The difference in human readable text. 3761 * @param int $diff The difference in seconds. 3762 * @param int $from Unix timestamp from which the difference begins. 3763 * @param int $to Unix timestamp to end the time difference. 3764 */ 3765 return apply_filters( 'human_time_diff', $since, $diff, $from, $to ); 3766 } 3767 3768 /** 3769 * Generates an excerpt from the content, if needed. 3770 * 3771 * Returns a maximum of 55 words with an ellipsis appended if necessary. 3772 * 3773 * The 55 word limit can be modified by plugins/themes using the {@see 'excerpt_length'} filter 3774 * The ' […]' string can be modified by plugins/themes using the {@see 'excerpt_more'} filter 3775 * 3776 * @since 1.5.0 3777 * @since 5.2.0 Added the `$post` parameter. 3778 * 3779 * @param string $text Optional. The excerpt. If set to empty, an excerpt is generated. 3780 * @param WP_Post|object|int $post Optional. WP_Post instance or Post ID/object. Default is null. 3781 * @return string The excerpt. 3782 */ 3783 function wp_trim_excerpt( $text = '', $post = null ) { 3784 $raw_excerpt = $text; 3785 if ( '' == $text ) { 3786 $post = get_post( $post ); 3787 $text = get_the_content( '', false, $post ); 3788 3789 $text = strip_shortcodes( $text ); 3790 $text = excerpt_remove_blocks( $text ); 3791 3792 /** This filter is documented in wp-includes/post-template.php */ 3793 $text = apply_filters( 'the_content', $text ); 3794 $text = str_replace( ']]>', ']]>', $text ); 3795 3796 /* translators: Maximum number of words used in a post excerpt. */ 3797 $excerpt_length = intval( _x( '55', 'excerpt_length' ) ); 3798 3799 /** 3800 * Filters the maximum number of words in a post excerpt. 3801 * 3802 * @since 2.7.0 3803 * 3804 * @param int $number The maximum number of words. Default 55. 3805 */ 3806 $excerpt_length = (int) apply_filters( 'excerpt_length', $excerpt_length ); 3807 3808 /** 3809 * Filters the string in the "more" link displayed after a trimmed excerpt. 3810 * 3811 * @since 2.9.0 3812 * 3813 * @param string $more_string The string shown within the more link. 3814 */ 3815 $excerpt_more = apply_filters( 'excerpt_more', ' ' . '[…]' ); 3816 $text = wp_trim_words( $text, $excerpt_length, $excerpt_more ); 3817 } 3818 3819 /** 3820 * Filters the trimmed excerpt string. 3821 * 3822 * @since 2.8.0 3823 * 3824 * @param string $text The trimmed text. 3825 * @param string $raw_excerpt The text prior to trimming. 3826 */ 3827 return apply_filters( 'wp_trim_excerpt', $text, $raw_excerpt ); 3828 } 3829 3830 /** 3831 * Trims text to a certain number of words. 3832 * 3833 * This function is localized. For languages that count 'words' by the individual 3834 * character (such as East Asian languages), the $num_words argument will apply 3835 * to the number of individual characters. 3836 * 3837 * @since 3.3.0 3838 * 3839 * @param string $text Text to trim. 3840 * @param int $num_words Number of words. Default 55. 3841 * @param string $more Optional. What to append if $text needs to be trimmed. Default '…'. 3842 * @return string Trimmed text. 3843 */ 3844 function wp_trim_words( $text, $num_words = 55, $more = null ) { 3845 if ( null === $more ) { 3846 $more = __( '…' ); 3847 } 3848 3849 $original_text = $text; 3850 $text = wp_strip_all_tags( $text ); 3851 $num_words = (int) $num_words; 3852 3853 /* 3854 * translators: If your word count is based on single characters (e.g. East Asian characters), 3855 * enter 'characters_excluding_spaces' or 'characters_including_spaces'. Otherwise, enter 'words'. 3856 * Do not translate into your own language. 3857 */ 3858 if ( strpos( _x( 'words', 'Word count type. Do not translate!' ), 'characters' ) === 0 && preg_match( '/^utf\-?8$/i', get_option( 'blog_charset' ) ) ) { 3859 $text = trim( preg_replace( "/[\n\r\t ]+/", ' ', $text ), ' ' ); 3860 preg_match_all( '/./u', $text, $words_array ); 3861 $words_array = array_slice( $words_array[0], 0, $num_words + 1 ); 3862 $sep = ''; 3863 } else { 3864 $words_array = preg_split( "/[\n\r\t ]+/", $text, $num_words + 1, PREG_SPLIT_NO_EMPTY ); 3865 $sep = ' '; 3866 } 3867 3868 if ( count( $words_array ) > $num_words ) { 3869 array_pop( $words_array ); 3870 $text = implode( $sep, $words_array ); 3871 $text = $text . $more; 3872 } else { 3873 $text = implode( $sep, $words_array ); 3874 } 3875 3876 /** 3877 * Filters the text content after words have been trimmed. 3878 * 3879 * @since 3.3.0 3880 * 3881 * @param string $text The trimmed text. 3882 * @param int $num_words The number of words to trim the text to. Default 55. 3883 * @param string $more An optional string to append to the end of the trimmed text, e.g. …. 3884 * @param string $original_text The text before it was trimmed. 3885 */ 3886 return apply_filters( 'wp_trim_words', $text, $num_words, $more, $original_text ); 3887 } 3888 3889 /** 3890 * Converts named entities into numbered entities. 3891 * 3892 * @since 1.5.1 3893 * 3894 * @param string $text The text within which entities will be converted. 3895 * @return string Text with converted entities. 3896 */ 3897 function ent2ncr( $text ) { 3898 3899 /** 3900 * Filters text before named entities are converted into numbered entities. 3901 * 3902 * A non-null string must be returned for the filter to be evaluated. 3903 * 3904 * @since 3.3.0 3905 * 3906 * @param string|null $converted_text The text to be converted. Default null. 3907 * @param string $text The text prior to entity conversion. 3908 */ 3909 $filtered = apply_filters( 'pre_ent2ncr', null, $text ); 3910 if ( null !== $filtered ) { 3911 return $filtered; 3912 } 3913 3914 $to_ncr = array( 3915 '"' => '"', 3916 '&' => '&', 3917 '<' => '<', 3918 '>' => '>', 3919 '|' => '|', 3920 ' ' => ' ', 3921 '¡' => '¡', 3922 '¢' => '¢', 3923 '£' => '£', 3924 '¤' => '¤', 3925 '¥' => '¥', 3926 '¦' => '¦', 3927 '&brkbar;' => '¦', 3928 '§' => '§', 3929 '¨' => '¨', 3930 '¨' => '¨', 3931 '©' => '©', 3932 'ª' => 'ª', 3933 '«' => '«', 3934 '¬' => '¬', 3935 '­' => '­', 3936 '®' => '®', 3937 '¯' => '¯', 3938 '&hibar;' => '¯', 3939 '°' => '°', 3940 '±' => '±', 3941 '²' => '²', 3942 '³' => '³', 3943 '´' => '´', 3944 'µ' => 'µ', 3945 '¶' => '¶', 3946 '·' => '·', 3947 '¸' => '¸', 3948 '¹' => '¹', 3949 'º' => 'º', 3950 '»' => '»', 3951 '¼' => '¼', 3952 '½' => '½', 3953 '¾' => '¾', 3954 '¿' => '¿', 3955 'À' => 'À', 3956 'Á' => 'Á', 3957 'Â' => 'Â', 3958 'Ã' => 'Ã', 3959 'Ä' => 'Ä', 3960 'Å' => 'Å', 3961 'Æ' => 'Æ', 3962 'Ç' => 'Ç', 3963 'È' => 'È', 3964 'É' => 'É', 3965 'Ê' => 'Ê', 3966 'Ë' => 'Ë', 3967 'Ì' => 'Ì', 3968 'Í' => 'Í', 3969 'Î' => 'Î', 3970 'Ï' => 'Ï', 3971 'Ð' => 'Ð', 3972 'Ñ' => 'Ñ', 3973 'Ò' => 'Ò', 3974 'Ó' => 'Ó', 3975 'Ô' => 'Ô', 3976 'Õ' => 'Õ', 3977 'Ö' => 'Ö', 3978 '×' => '×', 3979 'Ø' => 'Ø', 3980 'Ù' => 'Ù', 3981 'Ú' => 'Ú', 3982 'Û' => 'Û', 3983 'Ü' => 'Ü', 3984 'Ý' => 'Ý', 3985 'Þ' => 'Þ', 3986 'ß' => 'ß', 3987 'à' => 'à', 3988 'á' => 'á', 3989 'â' => 'â', 3990 'ã' => 'ã', 3991 'ä' => 'ä', 3992 'å' => 'å', 3993 'æ' => 'æ', 3994 'ç' => 'ç', 3995 'è' => 'è', 3996 'é' => 'é', 3997 'ê' => 'ê', 3998 'ë' => 'ë', 3999 'ì' => 'ì', 4000 'í' => 'í', 4001 'î' => 'î', 4002 'ï' => 'ï', 4003 'ð' => 'ð', 4004 'ñ' => 'ñ', 4005 'ò' => 'ò', 4006 'ó' => 'ó', 4007 'ô' => 'ô', 4008 'õ' => 'õ', 4009 'ö' => 'ö', 4010 '÷' => '÷', 4011 'ø' => 'ø', 4012 'ù' => 'ù', 4013 'ú' => 'ú', 4014 'û' => 'û', 4015 'ü' => 'ü', 4016 'ý' => 'ý', 4017 'þ' => 'þ', 4018 'ÿ' => 'ÿ', 4019 'Œ' => 'Œ', 4020 'œ' => 'œ', 4021 'Š' => 'Š', 4022 'š' => 'š', 4023 'Ÿ' => 'Ÿ', 4024 'ƒ' => 'ƒ', 4025 'ˆ' => 'ˆ', 4026 '˜' => '˜', 4027 'Α' => 'Α', 4028 'Β' => 'Β', 4029 'Γ' => 'Γ', 4030 'Δ' => 'Δ', 4031 'Ε' => 'Ε', 4032 'Ζ' => 'Ζ', 4033 'Η' => 'Η', 4034 'Θ' => 'Θ', 4035 'Ι' => 'Ι', 4036 'Κ' => 'Κ', 4037 'Λ' => 'Λ', 4038 'Μ' => 'Μ', 4039 'Ν' => 'Ν', 4040 'Ξ' => 'Ξ', 4041 'Ο' => 'Ο', 4042 'Π' => 'Π', 4043 'Ρ' => 'Ρ', 4044 'Σ' => 'Σ', 4045 'Τ' => 'Τ', 4046 'Υ' => 'Υ', 4047 'Φ' => 'Φ', 4048 'Χ' => 'Χ', 4049 'Ψ' => 'Ψ', 4050 'Ω' => 'Ω', 4051 'α' => 'α', 4052 'β' => 'β', 4053 'γ' => 'γ', 4054 'δ' => 'δ', 4055 'ε' => 'ε', 4056 'ζ' => 'ζ', 4057 'η' => 'η', 4058 'θ' => 'θ', 4059 'ι' => 'ι', 4060 'κ' => 'κ', 4061 'λ' => 'λ', 4062 'μ' => 'μ', 4063 'ν' => 'ν', 4064 'ξ' => 'ξ', 4065 'ο' => 'ο', 4066 'π' => 'π', 4067 'ρ' => 'ρ', 4068 'ς' => 'ς', 4069 'σ' => 'σ', 4070 'τ' => 'τ', 4071 'υ' => 'υ', 4072 'φ' => 'φ', 4073 'χ' => 'χ', 4074 'ψ' => 'ψ', 4075 'ω' => 'ω', 4076 'ϑ' => 'ϑ', 4077 'ϒ' => 'ϒ', 4078 'ϖ' => 'ϖ', 4079 ' ' => ' ', 4080 ' ' => ' ', 4081 ' ' => ' ', 4082 '‌' => '‌', 4083 '‍' => '‍', 4084 '‎' => '‎', 4085 '‏' => '‏', 4086 '–' => '–', 4087 '—' => '—', 4088 '‘' => '‘', 4089 '’' => '’', 4090 '‚' => '‚', 4091 '“' => '“', 4092 '”' => '”', 4093 '„' => '„', 4094 '†' => '†', 4095 '‡' => '‡', 4096 '•' => '•', 4097 '…' => '…', 4098 '‰' => '‰', 4099 '′' => '′', 4100 '″' => '″', 4101 '‹' => '‹', 4102 '›' => '›', 4103 '‾' => '‾', 4104 '⁄' => '⁄', 4105 '€' => '€', 4106 'ℑ' => 'ℑ', 4107 '℘' => '℘', 4108 'ℜ' => 'ℜ', 4109 '™' => '™', 4110 'ℵ' => 'ℵ', 4111 '↵' => '↵', 4112 '⇐' => '⇐', 4113 '⇑' => '⇑', 4114 '⇒' => '⇒', 4115 '⇓' => '⇓', 4116 '⇔' => '⇔', 4117 '∀' => '∀', 4118 '∂' => '∂', 4119 '∃' => '∃', 4120 '∅' => '∅', 4121 '∇' => '∇', 4122 '∈' => '∈', 4123 '∉' => '∉', 4124 '∋' => '∋', 4125 '∏' => '∏', 4126 '∑' => '∑', 4127 '−' => '−', 4128 '∗' => '∗', 4129 '√' => '√', 4130 '∝' => '∝', 4131 '∞' => '∞', 4132 '∠' => '∠', 4133 '∧' => '∧', 4134 '∨' => '∨', 4135 '∩' => '∩', 4136 '∪' => '∪', 4137 '∫' => '∫', 4138 '∴' => '∴', 4139 '∼' => '∼', 4140 '≅' => '≅', 4141 '≈' => '≈', 4142 '≠' => '≠', 4143 '≡' => '≡', 4144 '≤' => '≤', 4145 '≥' => '≥', 4146 '⊂' => '⊂', 4147 '⊃' => '⊃', 4148 '⊄' => '⊄', 4149 '⊆' => '⊆', 4150 '⊇' => '⊇', 4151 '⊕' => '⊕', 4152 '⊗' => '⊗', 4153 '⊥' => '⊥', 4154 '⋅' => '⋅', 4155 '⌈' => '⌈', 4156 '⌉' => '⌉', 4157 '⌊' => '⌊', 4158 '⌋' => '⌋', 4159 '⟨' => '〈', 4160 '⟩' => '〉', 4161 '←' => '←', 4162 '↑' => '↑', 4163 '→' => '→', 4164 '↓' => '↓', 4165 '↔' => '↔', 4166 '◊' => '◊', 4167 '♠' => '♠', 4168 '♣' => '♣', 4169 '♥' => '♥', 4170 '♦' => '♦', 4171 ); 4172 4173 return str_replace( array_keys( $to_ncr ), array_values( $to_ncr ), $text ); 4174 } 4175 4176 /** 4177 * Formats text for the editor. 4178 * 4179 * Generally the browsers treat everything inside a textarea as text, but 4180 * it is still a good idea to HTML entity encode `<`, `>` and `&` in the content. 4181 * 4182 * The filter {@see 'format_for_editor'} is applied here. If `$text` is empty the 4183 * filter will be applied to an empty string. 4184 * 4185 * @since 4.3.0 4186 * 4187 * @see _WP_Editors::editor() 4188 * 4189 * @param string $text The text to be formatted. 4190 * @param string $default_editor The default editor for the current user. 4191 * It is usually either 'html' or 'tinymce'. 4192 * @return string The formatted text after filter is applied. 4193 */ 4194 function format_for_editor( $text, $default_editor = null ) { 4195 if ( $text ) { 4196 $text = htmlspecialchars( $text, ENT_NOQUOTES, get_option( 'blog_charset' ) ); 4197 } 4198 4199 /** 4200 * Filters the text after it is formatted for the editor. 4201 * 4202 * @since 4.3.0 4203 * 4204 * @param string $text The formatted text. 4205 * @param string $default_editor The default editor for the current user. 4206 * It is usually either 'html' or 'tinymce'. 4207 */ 4208 return apply_filters( 'format_for_editor', $text, $default_editor ); 4209 } 4210 4211 /** 4212 * Perform a deep string replace operation to ensure the values in $search are no longer present 4213 * 4214 * Repeats the replacement operation until it no longer replaces anything so as to remove "nested" values 4215 * e.g. $subject = '%0%0%0DDD', $search ='%0D', $result ='' rather than the '%0%0DD' that 4216 * str_replace would return 4217 * 4218 * @since 2.8.1 4219 * @access private 4220 * 4221 * @param string|array $search The value being searched for, otherwise known as the needle. 4222 * An array may be used to designate multiple needles. 4223 * @param string $subject The string being searched and replaced on, otherwise known as the haystack. 4224 * @return string The string with the replaced values. 4225 */ 4226 function _deep_replace( $search, $subject ) { 4227 $subject = (string) $subject; 4228 4229 $count = 1; 4230 while ( $count ) { 4231 $subject = str_replace( $search, '', $subject, $count ); 4232 } 4233 4234 return $subject; 4235 } 4236 4237 /** 4238 * Escapes data for use in a MySQL query. 4239 * 4240 * Usually you should prepare queries using wpdb::prepare(). 4241 * Sometimes, spot-escaping is required or useful. One example 4242 * is preparing an array for use in an IN clause. 4243 * 4244 * NOTE: Since 4.8.3, '%' characters will be replaced with a placeholder string, 4245 * this prevents certain SQLi attacks from taking place. This change in behaviour 4246 * may cause issues for code that expects the return value of esc_sql() to be useable 4247 * for other purposes. 4248 * 4249 * @since 2.8.0 4250 * 4251 * @global wpdb $wpdb WordPress database abstraction object. 4252 * 4253 * @param string|array $data Unescaped data 4254 * @return string|array Escaped data 4255 */ 4256 function esc_sql( $data ) { 4257 global $wpdb; 4258 return $wpdb->_escape( $data ); 4259 } 4260 4261 /** 4262 * Checks and cleans a URL. 4263 * 4264 * A number of characters are removed from the URL. If the URL is for displaying 4265 * (the default behaviour) ampersands are also replaced. The {@see 'clean_url'} filter 4266 * is applied to the returned cleaned URL. 4267 * 4268 * @since 2.8.0 4269 * 4270 * @param string $url The URL to be cleaned. 4271 * @param string[] $protocols Optional. An array of acceptable protocols. 4272 * Defaults to return value of wp_allowed_protocols() 4273 * @param string $_context Private. Use esc_url_raw() for database usage. 4274 * @return string The cleaned $url after the {@see 'clean_url'} filter is applied. 4275 */ 4276 function esc_url( $url, $protocols = null, $_context = 'display' ) { 4277 $original_url = $url; 4278 4279 if ( '' == $url ) { 4280 return $url; 4281 } 4282 4283 $url = str_replace( ' ', '%20', ltrim( $url ) ); 4284 $url = preg_replace( '|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', $url ); 4285 4286 if ( '' === $url ) { 4287 return $url; 4288 } 4289 4290 if ( 0 !== stripos( $url, 'mailto:' ) ) { 4291 $strip = array( '%0d', '%0a', '%0D', '%0A' ); 4292 $url = _deep_replace( $strip, $url ); 4293 } 4294 4295 $url = str_replace( ';//', '://', $url ); 4296 /* If the URL doesn't appear to contain a scheme, we 4297 * presume it needs http:// prepended (unless a relative 4298 * link starting with /, # or ? or a php file). 4299 */ 4300 if ( strpos( $url, ':' ) === false && ! in_array( $url[0], array( '/', '#', '?' ) ) && 4301 ! preg_match( '/^[a-z0-9-]+?\.php/i', $url ) ) { 4302 $url = 'http://' . $url; 4303 } 4304 4305 // Replace ampersands and single quotes only when displaying. 4306 if ( 'display' == $_context ) { 4307 $url = wp_kses_normalize_entities( $url ); 4308 $url = str_replace( '&', '&', $url ); 4309 $url = str_replace( "'", ''', $url ); 4310 } 4311 4312 if ( ( false !== strpos( $url, '[' ) ) || ( false !== strpos( $url, ']' ) ) ) { 4313 4314 $parsed = wp_parse_url( $url ); 4315 $front = ''; 4316 4317 if ( isset( $parsed['scheme'] ) ) { 4318 $front .= $parsed['scheme'] . '://'; 4319 } elseif ( '/' === $url[0] ) { 4320 $front .= '//'; 4321 } 4322 4323 if ( isset( $parsed['user'] ) ) { 4324 $front .= $parsed['user']; 4325 } 4326 4327 if ( isset( $parsed['pass'] ) ) { 4328 $front .= ':' . $parsed['pass']; 4329 } 4330 4331 if ( isset( $parsed['user'] ) || isset( $parsed['pass'] ) ) { 4332 $front .= '@'; 4333 } 4334 4335 if ( isset( $parsed['host'] ) ) { 4336 $front .= $parsed['host']; 4337 } 4338 4339 if ( isset( $parsed['port'] ) ) { 4340 $front .= ':' . $parsed['port']; 4341 } 4342 4343 $end_dirty = str_replace( $front, '', $url ); 4344 $end_clean = str_replace( array( '[', ']' ), array( '%5B', '%5D' ), $end_dirty ); 4345 $url = str_replace( $end_dirty, $end_clean, $url ); 4346 4347 } 4348 4349 if ( '/' === $url[0] ) { 4350 $good_protocol_url = $url; 4351 } else { 4352 if ( ! is_array( $protocols ) ) { 4353 $protocols = wp_allowed_protocols(); 4354 } 4355 $good_protocol_url = wp_kses_bad_protocol( $url, $protocols ); 4356 if ( strtolower( $good_protocol_url ) != strtolower( $url ) ) { 4357 return ''; 4358 } 4359 } 4360 4361 /** 4362 * Filters a string cleaned and escaped for output as a URL. 4363 * 4364 * @since 2.3.0 4365 * 4366 * @param string $good_protocol_url The cleaned URL to be returned. 4367 * @param string $original_url The URL prior to cleaning. 4368 * @param string $_context If 'display', replace ampersands and single quotes only. 4369 */ 4370 return apply_filters( 'clean_url', $good_protocol_url, $original_url, $_context ); 4371 } 4372 4373 /** 4374 * Performs esc_url() for database usage. 4375 * 4376 * @since 2.8.0 4377 * 4378 * @param string $url The URL to be cleaned. 4379 * @param string[] $protocols An array of acceptable protocols. 4380 * @return string The cleaned URL. 4381 */ 4382 function esc_url_raw( $url, $protocols = null ) { 4383 return esc_url( $url, $protocols, 'db' ); 4384 } 4385 4386 /** 4387 * Convert entities, while preserving already-encoded entities. 4388 * 4389 * @link https://secure.php.net/htmlentities Borrowed from the PHP Manual user notes. 4390 * 4391 * @since 1.2.2 4392 * 4393 * @param string $myHTML The text to be converted. 4394 * @return string Converted text. 4395 */ 4396 function htmlentities2( $myHTML ) { 4397 $translation_table = get_html_translation_table( HTML_ENTITIES, ENT_QUOTES ); 4398 $translation_table[ chr( 38 ) ] = '&'; 4399 return preg_replace( '/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/', '&', strtr( $myHTML, $translation_table ) ); 4400 } 4401 4402 /** 4403 * Escape single quotes, htmlspecialchar " < > &, and fix line endings. 4404 * 4405 * Escapes text strings for echoing in JS. It is intended to be used for inline JS 4406 * (in a tag attribute, for example onclick="..."). Note that the strings have to 4407 * be in single quotes. The {@see 'js_escape'} filter is also applied here. 4408 * 4409 * @since 2.8.0 4410 * 4411 * @param string $text The text to be escaped. 4412 * @return string Escaped text. 4413 */ 4414 function esc_js( $text ) { 4415 $safe_text = wp_check_invalid_utf8( $text ); 4416 $safe_text = _wp_specialchars( $safe_text, ENT_COMPAT ); 4417 $safe_text = preg_replace( '/&#(x)?0*(?(1)27|39);?/i', "'", stripslashes( $safe_text ) ); 4418 $safe_text = str_replace( "\r", '', $safe_text ); 4419 $safe_text = str_replace( "\n", '\\n', addslashes( $safe_text ) ); 4420 /** 4421 * Filters a string cleaned and escaped for output in JavaScript. 4422 * 4423 * Text passed to esc_js() is stripped of invalid or special characters, 4424 * and properly slashed for output. 4425 * 4426 * @since 2.0.6 4427 * 4428 * @param string $safe_text The text after it has been escaped. 4429 * @param string $text The text prior to being escaped. 4430 */ 4431 return apply_filters( 'js_escape', $safe_text, $text ); 4432 } 4433 4434 /** 4435 * Escaping for HTML blocks. 4436 * 4437 * @since 2.8.0 4438 * 4439 * @param string $text 4440 * @return string 4441 */ 4442 function esc_html( $text ) { 4443 $safe_text = wp_check_invalid_utf8( $text ); 4444 $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES ); 4445 /** 4446 * Filters a string cleaned and escaped for output in HTML. 4447 * 4448 * Text passed to esc_html() is stripped of invalid or special characters 4449 * before output. 4450 * 4451 * @since 2.8.0 4452 * 4453 * @param string $safe_text The text after it has been escaped. 4454 * @param string $text The text prior to being escaped. 4455 */ 4456 return apply_filters( 'esc_html', $safe_text, $text ); 4457 } 4458 4459 /** 4460 * Escaping for HTML attributes. 4461 * 4462 * @since 2.8.0 4463 * 4464 * @param string $text 4465 * @return string 4466 */ 4467 function esc_attr( $text ) { 4468 $safe_text = wp_check_invalid_utf8( $text ); 4469 $safe_text = _wp_specialchars( $safe_text, ENT_QUOTES ); 4470 /** 4471 * Filters a string cleaned and escaped for output in an HTML attribute. 4472 * 4473 * Text passed to esc_attr() is stripped of invalid or special characters 4474 * before output. 4475 * 4476 * @since 2.0.6 4477 * 4478 * @param string $safe_text The text after it has been escaped. 4479 * @param string $text The text prior to being escaped. 4480 */ 4481 return apply_filters( 'attribute_escape', $safe_text, $text ); 4482 } 4483 4484 /** 4485 * Escaping for textarea values. 4486 * 4487 * @since 3.1.0 4488 * 4489 * @param string $text 4490 * @return string 4491 */ 4492 function esc_textarea( $text ) { 4493 $safe_text = htmlspecialchars( $text, ENT_QUOTES, get_option( 'blog_charset' ) ); 4494 /** 4495 * Filters a string cleaned and escaped for output in a textarea element. 4496 * 4497 * @since 3.1.0 4498 * 4499 * @param string $safe_text The text after it has been escaped. 4500 * @param string $text The text prior to being escaped. 4501 */ 4502 return apply_filters( 'esc_textarea', $safe_text, $text ); 4503 } 4504 4505 /** 4506 * Escape an HTML tag name. 4507 * 4508 * @since 2.5.0 4509 * 4510 * @param string $tag_name 4511 * @return string 4512 */ 4513 function tag_escape( $tag_name ) { 4514 $safe_tag = strtolower( preg_replace( '/[^a-zA-Z0-9_:]/', '', $tag_name ) ); 4515 /** 4516 * Filters a string cleaned and escaped for output as an HTML tag. 4517 * 4518 * @since 2.8.0 4519 * 4520 * @param string $safe_tag The tag name after it has been escaped. 4521 * @param string $tag_name The text before it was escaped. 4522 */ 4523 return apply_filters( 'tag_escape', $safe_tag, $tag_name ); 4524 } 4525 4526 /** 4527 * Convert full URL paths to absolute paths. 4528 * 4529 * Removes the http or https protocols and the domain. Keeps the path '/' at the 4530 * beginning, so it isn't a true relative link, but from the web root base. 4531 * 4532 * @since 2.1.0 4533 * @since 4.1.0 Support was added for relative URLs. 4534 * 4535 * @param string $link Full URL path. 4536 * @return string Absolute path. 4537 */ 4538 function wp_make_link_relative( $link ) { 4539 return preg_replace( '|^(https?:)?//[^/]+(/?.*)|i', '$2', $link ); 4540 } 4541 4542 /** 4543 * Sanitises various option values based on the nature of the option. 4544 * 4545 * This is basically a switch statement which will pass $value through a number 4546 * of functions depending on the $option. 4547 * 4548 * @since 2.0.5 4549 * 4550 * @global wpdb $wpdb WordPress database abstraction object. 4551 * 4552 * @param string $option The name of the option. 4553 * @param string $value The unsanitised value. 4554 * @return string Sanitized value. 4555 */ 4556 function sanitize_option( $option, $value ) { 4557 global $wpdb; 4558 4559 $original_value = $value; 4560 $error = ''; 4561 4562 switch ( $option ) { 4563 case 'admin_email': 4564 case 'new_admin_email': 4565 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4566 if ( is_wp_error( $value ) ) { 4567 $error = $value->get_error_message(); 4568 } else { 4569 $value = sanitize_email( $value ); 4570 if ( ! is_email( $value ) ) { 4571 $error = __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ); 4572 } 4573 } 4574 break; 4575 4576 case 'thumbnail_size_w': 4577 case 'thumbnail_size_h': 4578 case 'medium_size_w': 4579 case 'medium_size_h': 4580 case 'medium_large_size_w': 4581 case 'medium_large_size_h': 4582 case 'large_size_w': 4583 case 'large_size_h': 4584 case 'mailserver_port': 4585 case 'comment_max_links': 4586 case 'page_on_front': 4587 case 'page_for_posts': 4588 case 'rss_excerpt_length': 4589 case 'default_category': 4590 case 'default_email_category': 4591 case 'default_link_category': 4592 case 'close_comments_days_old': 4593 case 'comments_per_page': 4594 case 'thread_comments_depth': 4595 case 'users_can_register': 4596 case 'start_of_week': 4597 case 'site_icon': 4598 $value = absint( $value ); 4599 break; 4600 4601 case 'posts_per_page': 4602 case 'posts_per_rss': 4603 $value = (int) $value; 4604 if ( empty( $value ) ) { 4605 $value = 1; 4606 } 4607 if ( $value < -1 ) { 4608 $value = abs( $value ); 4609 } 4610 break; 4611 4612 case 'default_ping_status': 4613 case 'default_comment_status': 4614 // Options that if not there have 0 value but need to be something like "closed" 4615 if ( $value == '0' || $value == '' ) { 4616 $value = 'closed'; 4617 } 4618 break; 4619 4620 case 'blogdescription': 4621 case 'blogname': 4622 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4623 if ( $value !== $original_value ) { 4624 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', wp_encode_emoji( $original_value ) ); 4625 } 4626 4627 if ( is_wp_error( $value ) ) { 4628 $error = $value->get_error_message(); 4629 } else { 4630 $value = esc_html( $value ); 4631 } 4632 break; 4633 4634 case 'blog_charset': 4635 $value = preg_replace( '/[^a-zA-Z0-9_-]/', '', $value ); // strips slashes 4636 break; 4637 4638 case 'blog_public': 4639 // This is the value if the settings checkbox is not checked on POST. Don't rely on this. 4640 if ( null === $value ) { 4641 $value = 1; 4642 } else { 4643 $value = intval( $value ); 4644 } 4645 break; 4646 4647 case 'date_format': 4648 case 'time_format': 4649 case 'mailserver_url': 4650 case 'mailserver_login': 4651 case 'mailserver_pass': 4652 case 'upload_path': 4653 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4654 if ( is_wp_error( $value ) ) { 4655 $error = $value->get_error_message(); 4656 } else { 4657 $value = strip_tags( $value ); 4658 $value = wp_kses_data( $value ); 4659 } 4660 break; 4661 4662 case 'ping_sites': 4663 $value = explode( "\n", $value ); 4664 $value = array_filter( array_map( 'trim', $value ) ); 4665 $value = array_filter( array_map( 'esc_url_raw', $value ) ); 4666 $value = implode( "\n", $value ); 4667 break; 4668 4669 case 'gmt_offset': 4670 $value = preg_replace( '/[^0-9:.-]/', '', $value ); // strips slashes 4671 break; 4672 4673 case 'siteurl': 4674 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4675 if ( is_wp_error( $value ) ) { 4676 $error = $value->get_error_message(); 4677 } else { 4678 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) { 4679 $value = esc_url_raw( $value ); 4680 } else { 4681 $error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' ); 4682 } 4683 } 4684 break; 4685 4686 case 'home': 4687 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4688 if ( is_wp_error( $value ) ) { 4689 $error = $value->get_error_message(); 4690 } else { 4691 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) { 4692 $value = esc_url_raw( $value ); 4693 } else { 4694 $error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' ); 4695 } 4696 } 4697 break; 4698 4699 case 'WPLANG': 4700 $allowed = get_available_languages(); 4701 if ( ! is_multisite() && defined( 'WPLANG' ) && '' !== WPLANG && 'en_US' !== WPLANG ) { 4702 $allowed[] = WPLANG; 4703 } 4704 if ( ! in_array( $value, $allowed ) && ! empty( $value ) ) { 4705 $value = get_option( $option ); 4706 } 4707 break; 4708 4709 case 'illegal_names': 4710 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4711 if ( is_wp_error( $value ) ) { 4712 $error = $value->get_error_message(); 4713 } else { 4714 if ( ! is_array( $value ) ) { 4715 $value = explode( ' ', $value ); 4716 } 4717 4718 $value = array_values( array_filter( array_map( 'trim', $value ) ) ); 4719 4720 if ( ! $value ) { 4721 $value = ''; 4722 } 4723 } 4724 break; 4725 4726 case 'limited_email_domains': 4727 case 'banned_email_domains': 4728 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4729 if ( is_wp_error( $value ) ) { 4730 $error = $value->get_error_message(); 4731 } else { 4732 if ( ! is_array( $value ) ) { 4733 $value = explode( "\n", $value ); 4734 } 4735 4736 $domains = array_values( array_filter( array_map( 'trim', $value ) ) ); 4737 $value = array(); 4738 4739 foreach ( $domains as $domain ) { 4740 if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) { 4741 $value[] = $domain; 4742 } 4743 } 4744 if ( ! $value ) { 4745 $value = ''; 4746 } 4747 } 4748 break; 4749 4750 case 'timezone_string': 4751 $allowed_zones = timezone_identifiers_list(); 4752 if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) { 4753 $error = __( 'The timezone you have entered is not valid. Please select a valid timezone.' ); 4754 } 4755 break; 4756 4757 case 'permalink_structure': 4758 case 'category_base': 4759 case 'tag_base': 4760 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4761 if ( is_wp_error( $value ) ) { 4762 $error = $value->get_error_message(); 4763 } else { 4764 $value = esc_url_raw( $value ); 4765 $value = str_replace( 'http://', '', $value ); 4766 } 4767 4768 if ( 'permalink_structure' === $option && '' !== $value && ! preg_match( '/%[^\/%]+%/', $value ) ) { 4769 $error = sprintf( 4770 /* translators: %s: Documentation URL. */ 4771 __( 'A structure tag is required when using custom permalinks. <a href="%s">Learn more</a>' ), 4772 __( 'https://wordpress.org/support/article/using-permalinks/#choosing-your-permalink-structure' ) 4773 ); 4774 } 4775 break; 4776 4777 case 'default_role': 4778 if ( ! get_role( $value ) && get_role( 'subscriber' ) ) { 4779 $value = 'subscriber'; 4780 } 4781 break; 4782 4783 case 'moderation_keys': 4784 case 'blacklist_keys': 4785 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 4786 if ( is_wp_error( $value ) ) { 4787 $error = $value->get_error_message(); 4788 } else { 4789 $value = explode( "\n", $value ); 4790 $value = array_filter( array_map( 'trim', $value ) ); 4791 $value = array_unique( $value ); 4792 $value = implode( "\n", $value ); 4793 } 4794 break; 4795 } 4796 4797 if ( ! empty( $error ) ) { 4798 $value = get_option( $option ); 4799 if ( function_exists( 'add_settings_error' ) ) { 4800 add_settings_error( $option, "invalid_{$option}", $error ); 4801 } 4802 } 4803 4804 /** 4805 * Filters an option value following sanitization. 4806 * 4807 * @since 2.3.0 4808 * @since 4.3.0 Added the `$original_value` parameter. 4809 * 4810 * @param string $value The sanitized option value. 4811 * @param string $option The option name. 4812 * @param string $original_value The original value passed to the function. 4813 */ 4814 return apply_filters( "sanitize_option_{$option}", $value, $option, $original_value ); 4815 } 4816 4817 /** 4818 * Maps a function to all non-iterable elements of an array or an object. 4819 * 4820 * This is similar to `array_walk_recursive()` but acts upon objects too. 4821 * 4822 * @since 4.4.0 4823 * 4824 * @param mixed $value The array, object, or scalar. 4825 * @param callable $callback The function to map onto $value. 4826 * @return mixed The value with the callback applied to all non-arrays and non-objects inside it. 4827 */ 4828 function map_deep( $value, $callback ) { 4829 if ( is_array( $value ) ) { 4830 foreach ( $value as $index => $item ) { 4831 $value[ $index ] = map_deep( $item, $callback ); 4832 } 4833 } elseif ( is_object( $value ) ) { 4834 $object_vars = get_object_vars( $value ); 4835 foreach ( $object_vars as $property_name => $property_value ) { 4836 $value->$property_name = map_deep( $property_value, $callback ); 4837 } 4838 } else { 4839 $value = call_user_func( $callback, $value ); 4840 } 4841 4842 return $value; 4843 } 4844 4845 /** 4846 * Parses a string into variables to be stored in an array. 4847 * 4848 * 4849 * @since 2.2.1 4850 * 4851 * @param string $string The string to be parsed. 4852 * @param array $array Variables will be stored in this array. 4853 */ 4854 function wp_parse_str( $string, &$array ) { 4855 parse_str( $string, $array ); 4856 4857 /** 4858 * Filters the array of variables derived from a parsed string. 4859 * 4860 * @since 2.3.0 4861 * 4862 * @param array $array The array populated with variables. 4863 */ 4864 $array = apply_filters( 'wp_parse_str', $array ); 4865 } 4866 4867 /** 4868 * Convert lone less than signs. 4869 * 4870 * KSES already converts lone greater than signs. 4871 * 4872 * @since 2.3.0 4873 * 4874 * @param string $text Text to be converted. 4875 * @return string Converted text. 4876 */ 4877 function wp_pre_kses_less_than( $text ) { 4878 return preg_replace_callback( '%<[^>]*?((?=<)|>|$)%', 'wp_pre_kses_less_than_callback', $text ); 4879 } 4880 4881 /** 4882 * Callback function used by preg_replace. 4883 * 4884 * @since 2.3.0 4885 * 4886 * @param array $matches Populated by matches to preg_replace. 4887 * @return string The text returned after esc_html if needed. 4888 */ 4889 function wp_pre_kses_less_than_callback( $matches ) { 4890 if ( false === strpos( $matches[0], '>' ) ) { 4891 return esc_html( $matches[0] ); 4892 } 4893 return $matches[0]; 4894 } 4895 4896 /** 4897 * WordPress implementation of PHP sprintf() with filters. 4898 * 4899 * @since 2.5.0 4900 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter 4901 * by adding it to the function signature. 4902 * 4903 * @link https://secure.php.net/sprintf 4904 * 4905 * @param string $pattern The string which formatted args are inserted. 4906 * @param mixed ...$args Arguments to be formatted into the $pattern string. 4907 * @return string The formatted string. 4908 */ 4909 function wp_sprintf( $pattern, ...$args ) { 4910 $len = strlen( $pattern ); 4911 $start = 0; 4912 $result = ''; 4913 $arg_index = 0; 4914 while ( $len > $start ) { 4915 // Last character: append and break 4916 if ( strlen( $pattern ) - 1 == $start ) { 4917 $result .= substr( $pattern, -1 ); 4918 break; 4919 } 4920 4921 // Literal %: append and continue 4922 if ( substr( $pattern, $start, 2 ) == '%%' ) { 4923 $start += 2; 4924 $result .= '%'; 4925 continue; 4926 } 4927 4928 // Get fragment before next % 4929 $end = strpos( $pattern, '%', $start + 1 ); 4930 if ( false === $end ) { 4931 $end = $len; 4932 } 4933 $fragment = substr( $pattern, $start, $end - $start ); 4934 4935 // Fragment has a specifier 4936 if ( $pattern[ $start ] == '%' ) { 4937 // Find numbered arguments or take the next one in order 4938 if ( preg_match( '/^%(\d+)\$/', $fragment, $matches ) ) { 4939 $index = $matches[1] - 1; // 0-based array vs 1-based sprintf arguments. 4940 $arg = isset( $args[ $index ] ) ? $args[ $index ] : ''; 4941 $fragment = str_replace( "%{$matches[1]}$", '%', $fragment ); 4942 } else { 4943 $arg = isset( $args[ $arg_index ] ) ? $args[ $arg_index ] : ''; 4944 ++$arg_index; 4945 } 4946 4947 /** 4948 * Filters a fragment from the pattern passed to wp_sprintf(). 4949 * 4950 * If the fragment is unchanged, then sprintf() will be run on the fragment. 4951 * 4952 * @since 2.5.0 4953 * 4954 * @param string $fragment A fragment from the pattern. 4955 * @param string $arg The argument. 4956 */ 4957 $_fragment = apply_filters( 'wp_sprintf', $fragment, $arg ); 4958 if ( $_fragment != $fragment ) { 4959 $fragment = $_fragment; 4960 } else { 4961 $fragment = sprintf( $fragment, strval( $arg ) ); 4962 } 4963 } 4964 4965 // Append to result and move to next fragment 4966 $result .= $fragment; 4967 $start = $end; 4968 } 4969 return $result; 4970 } 4971 4972 /** 4973 * Localize list items before the rest of the content. 4974 * 4975 * The '%l' must be at the first characters can then contain the rest of the 4976 * content. The list items will have ', ', ', and', and ' and ' added depending 4977 * on the amount of list items in the $args parameter. 4978 * 4979 * @since 2.5.0 4980 * 4981 * @param string $pattern Content containing '%l' at the beginning. 4982 * @param array $args List items to prepend to the content and replace '%l'. 4983 * @return string Localized list items and rest of the content. 4984 */ 4985 function wp_sprintf_l( $pattern, $args ) { 4986 // Not a match 4987 if ( substr( $pattern, 0, 2 ) != '%l' ) { 4988 return $pattern; 4989 } 4990 4991 // Nothing to work with 4992 if ( empty( $args ) ) { 4993 return ''; 4994 } 4995 4996 /** 4997 * Filters the translated delimiters used by wp_sprintf_l(). 4998 * Placeholders (%s) are included to assist translators and then 4999 * removed before the array of strings reaches the filter. 5000 * 5001 * Please note: Ampersands and entities should be avoided here. 5002 * 5003 * @since 2.5.0 5004 * 5005 * @param array $delimiters An array of translated delimiters. 5006 */ 5007 $l = apply_filters( 5008 'wp_sprintf_l', 5009 array( 5010 /* translators: Used to join items in a list with more than 2 items. */ 5011 'between' => sprintf( __( '%1$s, %2$s' ), '', '' ), 5012 /* translators: Used to join last two items in a list with more than 2 times. */ 5013 'between_last_two' => sprintf( __( '%1$s, and %2$s' ), '', '' ), 5014 /* translators: Used to join items in a list with only 2 items. */ 5015 'between_only_two' => sprintf( __( '%1$s and %2$s' ), '', '' ), 5016 ) 5017 ); 5018 5019 $args = (array) $args; 5020 $result = array_shift( $args ); 5021 if ( count( $args ) == 1 ) { 5022 $result .= $l['between_only_two'] . array_shift( $args ); 5023 } 5024 // Loop when more than two args 5025 $i = count( $args ); 5026 while ( $i ) { 5027 $arg = array_shift( $args ); 5028 $i--; 5029 if ( 0 == $i ) { 5030 $result .= $l['between_last_two'] . $arg; 5031 } else { 5032 $result .= $l['between'] . $arg; 5033 } 5034 } 5035 return $result . substr( $pattern, 2 ); 5036 } 5037 5038 /** 5039 * Safely extracts not more than the first $count characters from html string. 5040 * 5041 * UTF-8, tags and entities safe prefix extraction. Entities inside will *NOT* 5042 * be counted as one character. For example & will be counted as 4, < as 5043 * 3, etc. 5044 * 5045 * @since 2.5.0 5046 * 5047 * @param string $str String to get the excerpt from. 5048 * @param int $count Maximum number of characters to take. 5049 * @param string $more Optional. What to append if $str needs to be trimmed. Defaults to empty string. 5050 * @return string The excerpt. 5051 */ 5052 function wp_html_excerpt( $str, $count, $more = null ) { 5053 if ( null === $more ) { 5054 $more = ''; 5055 } 5056 $str = wp_strip_all_tags( $str, true ); 5057 $excerpt = mb_substr( $str, 0, $count ); 5058 // remove part of an entity at the end 5059 $excerpt = preg_replace( '/&[^;\s]{0,6}$/', '', $excerpt ); 5060 if ( $str != $excerpt ) { 5061 $excerpt = trim( $excerpt ) . $more; 5062 } 5063 return $excerpt; 5064 } 5065 5066 /** 5067 * Add a Base url to relative links in passed content. 5068 * 5069 * By default it supports the 'src' and 'href' attributes. However this can be 5070 * changed via the 3rd param. 5071 * 5072 * @since 2.7.0 5073 * 5074 * @global string $_links_add_base 5075 * 5076 * @param string $content String to search for links in. 5077 * @param string $base The base URL to prefix to links. 5078 * @param array $attrs The attributes which should be processed. 5079 * @return string The processed content. 5080 */ 5081 function links_add_base_url( $content, $base, $attrs = array( 'src', 'href' ) ) { 5082 global $_links_add_base; 5083 $_links_add_base = $base; 5084 $attrs = implode( '|', (array) $attrs ); 5085 return preg_replace_callback( "!($attrs)=(['\"])(.+?)\\2!i", '_links_add_base', $content ); 5086 } 5087 5088 /** 5089 * Callback to add a base url to relative links in passed content. 5090 * 5091 * @since 2.7.0 5092 * @access private 5093 * 5094 * @global string $_links_add_base 5095 * 5096 * @param string $m The matched link. 5097 * @return string The processed link. 5098 */ 5099 function _links_add_base( $m ) { 5100 global $_links_add_base; 5101 //1 = attribute name 2 = quotation mark 3 = URL 5102 return $m[1] . '=' . $m[2] . 5103 ( preg_match( '#^(\w{1,20}):#', $m[3], $protocol ) && in_array( $protocol[1], wp_allowed_protocols() ) ? 5104 $m[3] : 5105 WP_Http::make_absolute_url( $m[3], $_links_add_base ) 5106 ) 5107 . $m[2]; 5108 } 5109 5110 /** 5111 * Adds a Target attribute to all links in passed content. 5112 * 5113 * This function by default only applies to `<a>` tags, however this can be 5114 * modified by the 3rd param. 5115 * 5116 * *NOTE:* Any current target attributed will be stripped and replaced. 5117 * 5118 * @since 2.7.0 5119 * 5120 * @global string $_links_add_target 5121 * 5122 * @param string $content String to search for links in. 5123 * @param string $target The Target to add to the links. 5124 * @param string[] $tags An array of tags to apply to. 5125 * @return string The processed content. 5126 */ 5127 function links_add_target( $content, $target = '_blank', $tags = array( 'a' ) ) { 5128 global $_links_add_target; 5129 $_links_add_target = $target; 5130 $tags = implode( '|', (array) $tags ); 5131 return preg_replace_callback( "!<($tags)([^>]*)>!i", '_links_add_target', $content ); 5132 } 5133 5134 /** 5135 * Callback to add a target attribute to all links in passed content. 5136 * 5137 * @since 2.7.0 5138 * @access private 5139 * 5140 * @global string $_links_add_target 5141 * 5142 * @param string $m The matched link. 5143 * @return string The processed link. 5144 */ 5145 function _links_add_target( $m ) { 5146 global $_links_add_target; 5147 $tag = $m[1]; 5148 $link = preg_replace( '|( target=([\'"])(.*?)\2)|i', '', $m[2] ); 5149 return '<' . $tag . $link . ' target="' . esc_attr( $_links_add_target ) . '">'; 5150 } 5151 5152 /** 5153 * Normalize EOL characters and strip duplicate whitespace. 5154 * 5155 * @since 2.7.0 5156 * 5157 * @param string $str The string to normalize. 5158 * @return string The normalized string. 5159 */ 5160 function normalize_whitespace( $str ) { 5161 $str = trim( $str ); 5162 $str = str_replace( "\r", "\n", $str ); 5163 $str = preg_replace( array( '/\n+/', '/[ \t]+/' ), array( "\n", ' ' ), $str ); 5164 return $str; 5165 } 5166 5167 /** 5168 * Properly strip all HTML tags including script and style 5169 * 5170 * This differs from strip_tags() because it removes the contents of 5171 * the `<script>` and `<style>` tags. E.g. `strip_tags( '<script>something</script>' )` 5172 * will return 'something'. wp_strip_all_tags will return '' 5173 * 5174 * @since 2.9.0 5175 * 5176 * @param string $string String containing HTML tags 5177 * @param bool $remove_breaks Optional. Whether to remove left over line breaks and white space chars 5178 * @return string The processed string. 5179 */ 5180 function wp_strip_all_tags( $string, $remove_breaks = false ) { 5181 $string = preg_replace( '@<(script|style)[^>]*?>.*?</\\1>@si', '', $string ); 5182 $string = strip_tags( $string ); 5183 5184 if ( $remove_breaks ) { 5185 $string = preg_replace( '/[\r\n\t ]+/', ' ', $string ); 5186 } 5187 5188 return trim( $string ); 5189 } 5190 5191 /** 5192 * Sanitizes a string from user input or from the database. 5193 * 5194 * - Checks for invalid UTF-8, 5195 * - Converts single `<` characters to entities 5196 * - Strips all tags 5197 * - Removes line breaks, tabs, and extra whitespace 5198 * - Strips octets 5199 * 5200 * @since 2.9.0 5201 * 5202 * @see sanitize_textarea_field() 5203 * @see wp_check_invalid_utf8() 5204 * @see wp_strip_all_tags() 5205 * 5206 * @param string $str String to sanitize. 5207 * @return string Sanitized string. 5208 */ 5209 function sanitize_text_field( $str ) { 5210 $filtered = _sanitize_text_fields( $str, false ); 5211 5212 /** 5213 * Filters a sanitized text field string. 5214 * 5215 * @since 2.9.0 5216 * 5217 * @param string $filtered The sanitized string. 5218 * @param string $str The string prior to being sanitized. 5219 */ 5220 return apply_filters( 'sanitize_text_field', $filtered, $str ); 5221 } 5222 5223 /** 5224 * Sanitizes a multiline string from user input or from the database. 5225 * 5226 * The function is like sanitize_text_field(), but preserves 5227 * new lines (\n) and other whitespace, which are legitimate 5228 * input in textarea elements. 5229 * 5230 * @see sanitize_text_field() 5231 * 5232 * @since 4.7.0 5233 * 5234 * @param string $str String to sanitize. 5235 * @return string Sanitized string. 5236 */ 5237 function sanitize_textarea_field( $str ) { 5238 $filtered = _sanitize_text_fields( $str, true ); 5239 5240 /** 5241 * Filters a sanitized textarea field string. 5242 * 5243 * @since 4.7.0 5244 * 5245 * @param string $filtered The sanitized string. 5246 * @param string $str The string prior to being sanitized. 5247 */ 5248 return apply_filters( 'sanitize_textarea_field', $filtered, $str ); 5249 } 5250 5251 /** 5252 * Internal helper function to sanitize a string from user input or from the db 5253 * 5254 * @since 4.7.0 5255 * @access private 5256 * 5257 * @param string $str String to sanitize. 5258 * @param bool $keep_newlines optional Whether to keep newlines. Default: false. 5259 * @return string Sanitized string. 5260 */ 5261 function _sanitize_text_fields( $str, $keep_newlines = false ) { 5262 if ( is_object( $str ) || is_array( $str ) ) { 5263 return ''; 5264 } 5265 5266 $str = (string) $str; 5267 5268 $filtered = wp_check_invalid_utf8( $str ); 5269 5270 if ( strpos( $filtered, '<' ) !== false ) { 5271 $filtered = wp_pre_kses_less_than( $filtered ); 5272 // This will strip extra whitespace for us. 5273 $filtered = wp_strip_all_tags( $filtered, false ); 5274 5275 // Use html entities in a special case to make sure no later 5276 // newline stripping stage could lead to a functional tag 5277 $filtered = str_replace( "<\n", "<\n", $filtered ); 5278 } 5279 5280 if ( ! $keep_newlines ) { 5281 $filtered = preg_replace( '/[\r\n\t ]+/', ' ', $filtered ); 5282 } 5283 $filtered = trim( $filtered ); 5284 5285 $found = false; 5286 while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) ) { 5287 $filtered = str_replace( $match[0], '', $filtered ); 5288 $found = true; 5289 } 5290 5291 if ( $found ) { 5292 // Strip out the whitespace that may now exist after removing the octets. 5293 $filtered = trim( preg_replace( '/ +/', ' ', $filtered ) ); 5294 } 5295 5296 return $filtered; 5297 } 5298 5299 /** 5300 * i18n friendly version of basename() 5301 * 5302 * @since 3.1.0 5303 * 5304 * @param string $path A path. 5305 * @param string $suffix If the filename ends in suffix this will also be cut off. 5306 * @return string 5307 */ 5308 function wp_basename( $path, $suffix = '' ) { 5309 return urldecode( basename( str_replace( array( '%2F', '%5C' ), '/', urlencode( $path ) ), $suffix ) ); 5310 } 5311 5312 // phpcs:disable WordPress.WP.CapitalPDangit.Misspelled, WordPress.NamingConventions.ValidFunctionName.FunctionNameInvalid -- 8-) 5313 /** 5314 * Forever eliminate "Wordpress" from the planet (or at least the little bit we can influence). 5315 * 5316 * Violating our coding standards for a good function name. 5317 * 5318 * @since 3.0.0 5319 * 5320 * @staticvar string|false $dblq 5321 * 5322 * @param string $text The text to be modified. 5323 * @return string The modified text. 5324 */ 5325 function capital_P_dangit( $text ) { 5326 // Simple replacement for titles 5327 $current_filter = current_filter(); 5328 if ( 'the_title' === $current_filter || 'wp_title' === $current_filter ) { 5329 return str_replace( 'Wordpress', 'WordPress', $text ); 5330 } 5331 // Still here? Use the more judicious replacement 5332 static $dblq = false; 5333 if ( false === $dblq ) { 5334 $dblq = _x( '“', 'opening curly double quote' ); 5335 } 5336 return str_replace( 5337 array( ' Wordpress', '‘Wordpress', $dblq . 'Wordpress', '>Wordpress', '(Wordpress' ), 5338 array( ' WordPress', '‘WordPress', $dblq . 'WordPress', '>WordPress', '(WordPress' ), 5339 $text 5340 ); 5341 } 5342 // phpcs:enable 5343 5344 /** 5345 * Sanitize a mime type 5346 * 5347 * @since 3.1.3 5348 * 5349 * @param string $mime_type Mime type 5350 * @return string Sanitized mime type 5351 */ 5352 function sanitize_mime_type( $mime_type ) { 5353 $sani_mime_type = preg_replace( '/[^-+*.a-zA-Z0-9\/]/', '', $mime_type ); 5354 /** 5355 * Filters a mime type following sanitization. 5356 * 5357 * @since 3.1.3 5358 * 5359 * @param string $sani_mime_type The sanitized mime type. 5360 * @param string $mime_type The mime type prior to sanitization. 5361 */ 5362 return apply_filters( 'sanitize_mime_type', $sani_mime_type, $mime_type ); 5363 } 5364 5365 /** 5366 * Sanitize space or carriage return separated URLs that are used to send trackbacks. 5367 * 5368 * @since 3.4.0 5369 * 5370 * @param string $to_ping Space or carriage return separated URLs 5371 * @return string URLs starting with the http or https protocol, separated by a carriage return. 5372 */ 5373 function sanitize_trackback_urls( $to_ping ) { 5374 $urls_to_ping = preg_split( '/[\r\n\t ]/', trim( $to_ping ), -1, PREG_SPLIT_NO_EMPTY ); 5375 foreach ( $urls_to_ping as $k => $url ) { 5376 if ( ! preg_match( '#^https?://.#i', $url ) ) { 5377 unset( $urls_to_ping[ $k ] ); 5378 } 5379 } 5380 $urls_to_ping = array_map( 'esc_url_raw', $urls_to_ping ); 5381 $urls_to_ping = implode( "\n", $urls_to_ping ); 5382 /** 5383 * Filters a list of trackback URLs following sanitization. 5384 * 5385 * The string returned here consists of a space or carriage return-delimited list 5386 * of trackback URLs. 5387 * 5388 * @since 3.4.0 5389 * 5390 * @param string $urls_to_ping Sanitized space or carriage return separated URLs. 5391 * @param string $to_ping Space or carriage return separated URLs before sanitization. 5392 */ 5393 return apply_filters( 'sanitize_trackback_urls', $urls_to_ping, $to_ping ); 5394 } 5395 5396 /** 5397 * Add slashes to a string or array of strings. 5398 * 5399 * This should be used when preparing data for core API that expects slashed data. 5400 * This should not be used to escape data going directly into an SQL query. 5401 * 5402 * @since 3.6.0 5403 * 5404 * @param string|array $value String or array of strings to slash. 5405 * @return string|array Slashed $value 5406 */ 5407 function wp_slash( $value ) { 5408 if ( is_array( $value ) ) { 5409 foreach ( $value as $k => $v ) { 5410 if ( is_array( $v ) ) { 5411 $value[ $k ] = wp_slash( $v ); 5412 } else { 5413 $value[ $k ] = addslashes( $v ); 5414 } 5415 } 5416 } else { 5417 $value = addslashes( $value ); 5418 } 5419 5420 return $value; 5421 } 5422 5423 /** 5424 * Remove slashes from a string or array of strings. 5425 * 5426 * This should be used to remove slashes from data passed to core API that 5427 * expects data to be unslashed. 5428 * 5429 * @since 3.6.0 5430 * 5431 * @param string|array $value String or array of strings to unslash. 5432 * @return string|array Unslashed $value 5433 */ 5434 function wp_unslash( $value ) { 5435 return stripslashes_deep( $value ); 5436 } 5437 5438 /** 5439 * Adds slashes to only string values in an array of values. 5440 * 5441 * This should be used when preparing data for core APIs that expect slashed data. 5442 * This should not be used to escape data going directly into an SQL query. 5443 * 5444 * @since 5.3.0 5445 * 5446 * @param mixed $value Scalar or array of scalars. 5447 * @return mixed Slashes $value 5448 */ 5449 function wp_slash_strings_only( $value ) { 5450 return map_deep( $value, 'addslashes_strings_only' ); 5451 } 5452 5453 /** 5454 * Adds slashes only if the provided value is a string. 5455 * 5456 * @since 5.3.0 5457 * 5458 * @param mixed $value 5459 * @return mixed 5460 */ 5461 function addslashes_strings_only( $value ) { 5462 return is_string( $value ) ? addslashes( $value ) : $value; 5463 } 5464 5465 /** 5466 * Extract and return the first URL from passed content. 5467 * 5468 * @since 3.6.0 5469 * 5470 * @param string $content A string which might contain a URL. 5471 * @return string|false The found URL. 5472 */ 5473 function get_url_in_content( $content ) { 5474 if ( empty( $content ) ) { 5475 return false; 5476 } 5477 5478 if ( preg_match( '/<a\s[^>]*?href=([\'"])(.+?)\1/is', $content, $matches ) ) { 5479 return esc_url_raw( $matches[2] ); 5480 } 5481 5482 return false; 5483 } 5484 5485 /** 5486 * Returns the regexp for common whitespace characters. 5487 * 5488 * By default, spaces include new lines, tabs, nbsp entities, and the UTF-8 nbsp. 5489 * This is designed to replace the PCRE \s sequence. In ticket #22692, that 5490 * sequence was found to be unreliable due to random inclusion of the A0 byte. 5491 * 5492 * @since 4.0.0 5493 * 5494 * @staticvar string $spaces 5495 * 5496 * @return string The spaces regexp. 5497 */ 5498 function wp_spaces_regexp() { 5499 static $spaces = ''; 5500 5501 if ( empty( $spaces ) ) { 5502 /** 5503 * Filters the regexp for common whitespace characters. 5504 * 5505 * This string is substituted for the \s sequence as needed in regular 5506 * expressions. For websites not written in English, different characters 5507 * may represent whitespace. For websites not encoded in UTF-8, the 0xC2 0xA0 5508 * sequence may not be in use. 5509 * 5510 * @since 4.0.0 5511 * 5512 * @param string $spaces Regexp pattern for matching common whitespace characters. 5513 */ 5514 $spaces = apply_filters( 'wp_spaces_regexp', '[\r\n\t ]|\xC2\xA0| ' ); 5515 } 5516 5517 return $spaces; 5518 } 5519 5520 /** 5521 * Print the important emoji-related styles. 5522 * 5523 * @since 4.2.0 5524 * 5525 * @staticvar bool $printed 5526 */ 5527 function print_emoji_styles() { 5528 static $printed = false; 5529 5530 if ( $printed ) { 5531 return; 5532 } 5533 5534 $printed = true; 5535 5536 $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/css"'; 5537 ?> 5538 <style<?php echo $type_attr; ?>> 5539 img.wp-smiley, 5540 img.emoji { 5541 display: inline !important; 5542 border: none !important; 5543 box-shadow: none !important; 5544 height: 1em !important; 5545 width: 1em !important; 5546 margin: 0 .07em !important; 5547 vertical-align: -0.1em !important; 5548 background: none !important; 5549 padding: 0 !important; 5550 } 5551 </style> 5552 <?php 5553 } 5554 5555 /** 5556 * Print the inline Emoji detection script if it is not already printed. 5557 * 5558 * @since 4.2.0 5559 * @staticvar bool $printed 5560 */ 5561 function print_emoji_detection_script() { 5562 static $printed = false; 5563 5564 if ( $printed ) { 5565 return; 5566 } 5567 5568 $printed = true; 5569 5570 _print_emoji_detection_script(); 5571 } 5572 5573 /** 5574 * Prints inline Emoji detection script. 5575 * 5576 * @ignore 5577 * @since 4.6.0 5578 * @access private 5579 */ 5580 function _print_emoji_detection_script() { 5581 $settings = array( 5582 /** 5583 * Filters the URL where emoji png images are hosted. 5584 * 5585 * @since 4.2.0 5586 * 5587 * @param string $url The emoji base URL for png images. 5588 */ 5589 'baseUrl' => apply_filters( 'emoji_url', 'https://s.w.org/images/core/emoji/12.0.0-1/72x72/' ), 5590 5591 /** 5592 * Filters the extension of the emoji png files. 5593 * 5594 * @since 4.2.0 5595 * 5596 * @param string $extension The emoji extension for png files. Default .png. 5597 */ 5598 'ext' => apply_filters( 'emoji_ext', '.png' ), 5599 5600 /** 5601 * Filters the URL where emoji SVG images are hosted. 5602 * 5603 * @since 4.6.0 5604 * 5605 * @param string $url The emoji base URL for svg images. 5606 */ 5607 'svgUrl' => apply_filters( 'emoji_svg_url', 'https://s.w.org/images/core/emoji/12.0.0-1/svg/' ), 5608 5609 /** 5610 * Filters the extension of the emoji SVG files. 5611 * 5612 * @since 4.6.0 5613 * 5614 * @param string $extension The emoji extension for svg files. Default .svg. 5615 */ 5616 'svgExt' => apply_filters( 'emoji_svg_ext', '.svg' ), 5617 ); 5618 5619 $version = 'ver=' . get_bloginfo( 'version' ); 5620 $type_attr = current_theme_supports( 'html5', 'style' ) ? '' : ' type="text/javascript"'; 5621 5622 if ( SCRIPT_DEBUG ) { 5623 $settings['source'] = array( 5624 /** This filter is documented in wp-includes/class.wp-scripts.php */ 5625 'wpemoji' => apply_filters( 'script_loader_src', includes_url( "js/wp-emoji.js?$version" ), 'wpemoji' ), 5626 /** This filter is documented in wp-includes/class.wp-scripts.php */ 5627 'twemoji' => apply_filters( 'script_loader_src', includes_url( "js/twemoji.js?$version" ), 'twemoji' ), 5628 ); 5629 5630 ?> 5631 <script<?php echo $type_attr; ?>> 5632 window._wpemojiSettings = <?php echo wp_json_encode( $settings ); ?>; 5633 <?php readfile( ABSPATH . WPINC . '/js/wp-emoji-loader.js' ); ?> 5634 </script> 5635 <?php 5636 } else { 5637 $settings['source'] = array( 5638 /** This filter is documented in wp-includes/class.wp-scripts.php */ 5639 'concatemoji' => apply_filters( 'script_loader_src', includes_url( "js/wp-emoji-release.min.js?$version" ), 'concatemoji' ), 5640 ); 5641 5642 /* 5643 * If you're looking at a src version of this file, you'll see an "include" 5644 * statement below. This is used by the `npm run build` process to directly 5645 * include a minified version of wp-emoji-loader.js, instead of using the 5646 * readfile() method from above. 5647 * 5648 * If you're looking at a build version of this file, you'll see a string of 5649 * minified JavaScript. If you need to debug it, please turn on SCRIPT_DEBUG 5650 * and edit wp-emoji-loader.js directly. 5651 */ 5652 ?> 5653 <script<?php echo $type_attr; ?>> 5654 window._wpemojiSettings = <?php echo wp_json_encode( $settings ); ?>; 5655 /*! This file is auto-generated */ 5656 !function(e,a,t){var r,n,o,i,p=a.createElement("canvas"),s=p.getContext&&p.getContext("2d");function c(e,t){var a=String.fromCharCode;s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,e),0,0);var r=p.toDataURL();return s.clearRect(0,0,p.width,p.height),s.fillText(a.apply(this,t),0,0),r===p.toDataURL()}function l(e){if(!s||!s.fillText)return!1;switch(s.textBaseline="top",s.font="600 32px Arial",e){case"flag":return!c([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])&&(!c([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!c([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]));case"emoji":return!c([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}function d(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(i=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},o=0;o<i.length;o++)t.supports[i[o]]=l(i[o]),t.supports.everything=t.supports.everything&&t.supports[i[o]],"flag"!==i[o]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[i[o]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(r=t.source||{}).concatemoji?d(r.concatemoji):r.wpemoji&&r.twemoji&&(d(r.twemoji),d(r.wpemoji)))}(window,document,window._wpemojiSettings); 5657 </script> 5658 <?php 5659 } 5660 } 5661 5662 /** 5663 * Convert emoji characters to their equivalent HTML entity. 5664 * 5665 * This allows us to store emoji in a DB using the utf8 character set. 5666 * 5667 * @since 4.2.0 5668 * 5669 * @param string $content The content to encode. 5670 * @return string The encoded content. 5671 */ 5672 function wp_encode_emoji( $content ) { 5673 $emoji = _wp_emoji_list( 'partials' ); 5674 5675 foreach ( $emoji as $emojum ) { 5676 $emoji_char = html_entity_decode( $emojum ); 5677 if ( false !== strpos( $content, $emoji_char ) ) { 5678 $content = preg_replace( "/$emoji_char/", $emojum, $content ); 5679 } 5680 } 5681 5682 return $content; 5683 } 5684 5685 /** 5686 * Convert emoji to a static img element. 5687 * 5688 * @since 4.2.0 5689 * 5690 * @param string $text The content to encode. 5691 * @return string The encoded content. 5692 */ 5693 function wp_staticize_emoji( $text ) { 5694 if ( false === strpos( $text, '&#x' ) ) { 5695 if ( ( function_exists( 'mb_check_encoding' ) && mb_check_encoding( $text, 'ASCII' ) ) || ! preg_match( '/[^\x00-\x7F]/', $text ) ) { 5696 // The text doesn't contain anything that might be emoji, so we can return early. 5697 return $text; 5698 } else { 5699 $encoded_text = wp_encode_emoji( $text ); 5700 if ( $encoded_text === $text ) { 5701 return $encoded_text; 5702 } 5703 5704 $text = $encoded_text; 5705 } 5706 } 5707 5708 $emoji = _wp_emoji_list( 'entities' ); 5709 5710 // Quickly narrow down the list of emoji that might be in the text and need replacing. 5711 $possible_emoji = array(); 5712 foreach ( $emoji as $emojum ) { 5713 if ( false !== strpos( $text, $emojum ) ) { 5714 $possible_emoji[ $emojum ] = html_entity_decode(