Edit File by line

}

[2000] Fix | Delete

[2001] Fix | Delete

/**

[2002] Fix | Delete

* Sanitizes a filename, replacing whitespace with dashes.

[2003] Fix | Delete

[2004] Fix | Delete

* Removes special characters that are illegal in filenames on certain

[2005] Fix | Delete

* operating systems and special characters requiring special escaping

[2006] Fix | Delete

* to manipulate at the command line. Replaces spaces and consecutive

[2007] Fix | Delete

* dashes with a single dash. Trims period, dash and underscore from beginning

[2008] Fix | Delete

* and end of filename. It is not guaranteed that this function will return a

[2009] Fix | Delete

* filename that is allowed to be uploaded.

[2010] Fix | Delete

[2011] Fix | Delete

* @since 2.1.0

[2012] Fix | Delete

[2013] Fix | Delete

* @param string $filename The filename to be sanitized.

[2014] Fix | Delete

* @return string The sanitized filename.

[2015] Fix | Delete

[2016] Fix | Delete

function sanitize_file_name( $filename ) {

[2017] Fix | Delete

$filename_raw = $filename;

[2018] Fix | Delete

$filename = remove_accents( $filename );

[2019] Fix | Delete

[2020] Fix | Delete

$special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', '’', '«', '»', '”', '“', chr( 0 ) );

[2021] Fix | Delete

[2022] Fix | Delete

// Check for support for utf8 in the installed PCRE library once and store the result in a static.

[2023] Fix | Delete

static $utf8_pcre = null;

[2024] Fix | Delete

if ( ! isset( $utf8_pcre ) ) {

[2025] Fix | Delete

// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged

[2026] Fix | Delete

$utf8_pcre = @preg_match( '/^./u', 'a' );

[2027] Fix | Delete

}

[2028] Fix | Delete

[2029] Fix | Delete

if ( ! seems_utf8( $filename ) ) {

[2030] Fix | Delete

$_ext = pathinfo( $filename, PATHINFO_EXTENSION );

[2031] Fix | Delete

$_name = pathinfo( $filename, PATHINFO_FILENAME );

[2032] Fix | Delete

$filename = sanitize_title_with_dashes( $_name ) . '.' . $_ext;

[2033] Fix | Delete

}

[2034] Fix | Delete

[2035] Fix | Delete

if ( $utf8_pcre ) {

[2036] Fix | Delete

$filename = preg_replace( "#\x{00a0}#siu", ' ', $filename );

[2037] Fix | Delete

}

[2038] Fix | Delete

[2039] Fix | Delete

/**

[2040] Fix | Delete

* Filters the list of characters to remove from a filename.

[2041] Fix | Delete

[2042] Fix | Delete

* @since 2.8.0

[2043] Fix | Delete

[2044] Fix | Delete

* @param string[] $special_chars Array of characters to remove.

[2045] Fix | Delete

* @param string $filename_raw The original filename to be sanitized.

[2046] Fix | Delete

[2047] Fix | Delete

$special_chars = apply_filters( 'sanitize_file_name_chars', $special_chars, $filename_raw );

[2048] Fix | Delete

[2049] Fix | Delete

$filename = str_replace( $special_chars, '', $filename );

[2050] Fix | Delete

$filename = str_replace( array( '%20', '+' ), '-', $filename );

[2051] Fix | Delete

$filename = preg_replace( '/\.{2,}/', '.', $filename );

[2052] Fix | Delete

$filename = preg_replace( '/[\r\n\t -]+/', '-', $filename );

[2053] Fix | Delete

$filename = trim( $filename, '.-_' );

[2054] Fix | Delete

[2055] Fix | Delete

if ( ! str_contains( $filename, '.' ) ) {

[2056] Fix | Delete

$mime_types = wp_get_mime_types();

[2057] Fix | Delete

$filetype = wp_check_filetype( 'test.' . $filename, $mime_types );

[2058] Fix | Delete

if ( $filetype['ext'] === $filename ) {

[2059] Fix | Delete

$filename = 'unnamed-file.' . $filetype['ext'];

[2060] Fix | Delete

}

[2061] Fix | Delete

}

[2062] Fix | Delete

[2063] Fix | Delete

// Split the filename into a base and extension[s].

[2064] Fix | Delete

$parts = explode( '.', $filename );

[2065] Fix | Delete

[2066] Fix | Delete

// Return if only one extension.

[2067] Fix | Delete

if ( count( $parts ) <= 2 ) {

[2068] Fix | Delete

/** This filter is documented in wp-includes/formatting.php */

[2069] Fix | Delete

return apply_filters( 'sanitize_file_name', $filename, $filename_raw );

[2070] Fix | Delete

}

[2071] Fix | Delete

[2072] Fix | Delete

// Process multiple extensions.

[2073] Fix | Delete

$filename = array_shift( $parts );

[2074] Fix | Delete

$extension = array_pop( $parts );

[2075] Fix | Delete

$mimes = get_allowed_mime_types();

[2076] Fix | Delete

[2077] Fix | Delete

[2078] Fix | Delete

* Loop over any intermediate extensions. Postfix them with a trailing underscore

[2079] Fix | Delete

* if they are a 2 - 5 character long alpha string not in the allowed extension list.

[2080] Fix | Delete

[2081] Fix | Delete

foreach ( (array) $parts as $part ) {

[2082] Fix | Delete

$filename .= '.' . $part;

[2083] Fix | Delete

[2084] Fix | Delete

if ( preg_match( '/^[a-zA-Z]{2,5}\d?$/', $part ) ) {

[2085] Fix | Delete

$allowed = false;

[2086] Fix | Delete

foreach ( $mimes as $ext_preg => $mime_match ) {

[2087] Fix | Delete

$ext_preg = '!^(' . $ext_preg . ')$!i';

[2088] Fix | Delete

if ( preg_match( $ext_preg, $part ) ) {

[2089] Fix | Delete

$allowed = true;

[2090] Fix | Delete

break;

[2091] Fix | Delete

}

[2092] Fix | Delete

}

[2093] Fix | Delete

if ( ! $allowed ) {

[2094] Fix | Delete

$filename .= '_';

[2095] Fix | Delete

}

[2096] Fix | Delete

}

[2097] Fix | Delete

}

[2098] Fix | Delete

[2099] Fix | Delete

$filename .= '.' . $extension;

[2100] Fix | Delete

[2101] Fix | Delete

/**

[2102] Fix | Delete

* Filters a sanitized filename string.

[2103] Fix | Delete

[2104] Fix | Delete

* @since 2.8.0

[2105] Fix | Delete

[2106] Fix | Delete

* @param string $filename Sanitized filename.

[2107] Fix | Delete

* @param string $filename_raw The filename prior to sanitization.

[2108] Fix | Delete

[2109] Fix | Delete

return apply_filters( 'sanitize_file_name', $filename, $filename_raw );

[2110] Fix | Delete

}

[2111] Fix | Delete

[2112] Fix | Delete

/**

[2113] Fix | Delete

* Sanitizes a username, stripping out unsafe characters.

[2114] Fix | Delete

[2115] Fix | Delete

* Removes tags, percent-encoded characters, HTML entities, and if strict is enabled,

[2116] Fix | Delete

* will only keep alphanumeric, _, space, ., -, @. After sanitizing, it passes the username,

[2117] Fix | Delete

* raw username (the username in the parameter), and the value of $strict as parameters

[2118] Fix | Delete

* for the {@see 'sanitize_user'} filter.

[2119] Fix | Delete

[2120] Fix | Delete

* @since 2.0.0

[2121] Fix | Delete

[2122] Fix | Delete

* @param string $username The username to be sanitized.

[2123] Fix | Delete

* @param bool $strict Optional. If set to true, limits $username to specific characters.

[2124] Fix | Delete

* Default false.

[2125] Fix | Delete

* @return string The sanitized username, after passing through filters.

[2126] Fix | Delete

[2127] Fix | Delete

function sanitize_user( $username, $strict = false ) {

[2128] Fix | Delete

$raw_username = $username;

[2129] Fix | Delete

$username = wp_strip_all_tags( $username );

[2130] Fix | Delete

$username = remove_accents( $username );

[2131] Fix | Delete

// Remove percent-encoded characters.

[2132] Fix | Delete

$username = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '', $username );

[2133] Fix | Delete

// Remove HTML entities.

[2134] Fix | Delete

$username = preg_replace( '/&.+?;/', '', $username );

[2135] Fix | Delete

[2136] Fix | Delete

// If strict, reduce to ASCII for max portability.

[2137] Fix | Delete

if ( $strict ) {

[2138] Fix | Delete

$username = preg_replace( '|[^a-z0-9 _.\-@]|i', '', $username );

[2139] Fix | Delete

}

[2140] Fix | Delete

[2141] Fix | Delete

$username = trim( $username );

[2142] Fix | Delete

// Consolidate contiguous whitespace.

[2143] Fix | Delete

$username = preg_replace( '|\s+|', ' ', $username );

[2144] Fix | Delete

[2145] Fix | Delete

/**

[2146] Fix | Delete

* Filters a sanitized username string.

[2147] Fix | Delete

[2148] Fix | Delete

* @since 2.0.1

[2149] Fix | Delete

[2150] Fix | Delete

* @param string $username Sanitized username.

[2151] Fix | Delete

* @param string $raw_username The username prior to sanitization.

[2152] Fix | Delete

* @param bool $strict Whether to limit the sanitization to specific characters.

[2153] Fix | Delete

[2154] Fix | Delete

return apply_filters( 'sanitize_user', $username, $raw_username, $strict );

[2155] Fix | Delete

}

[2156] Fix | Delete

[2157] Fix | Delete

/**

[2158] Fix | Delete

* Sanitizes a string key.

[2159] Fix | Delete

[2160] Fix | Delete

* Keys are used as internal identifiers. Lowercase alphanumeric characters,

[2161] Fix | Delete

* dashes, and underscores are allowed.

[2162] Fix | Delete

[2163] Fix | Delete

* @since 3.0.0

[2164] Fix | Delete

[2165] Fix | Delete

* @param string $key String key.

[2166] Fix | Delete

* @return string Sanitized key.

[2167] Fix | Delete

[2168] Fix | Delete

function sanitize_key( $key ) {

[2169] Fix | Delete

$sanitized_key = '';

[2170] Fix | Delete

[2171] Fix | Delete

if ( is_scalar( $key ) ) {

[2172] Fix | Delete

$sanitized_key = strtolower( $key );

[2173] Fix | Delete

$sanitized_key = preg_replace( '/[^a-z0-9_\-]/', '', $sanitized_key );

[2174] Fix | Delete

}

[2175] Fix | Delete

[2176] Fix | Delete

/**

[2177] Fix | Delete

* Filters a sanitized key string.

[2178] Fix | Delete

[2179] Fix | Delete

* @since 3.0.0

[2180] Fix | Delete

[2181] Fix | Delete

* @param string $sanitized_key Sanitized key.

[2182] Fix | Delete

* @param string $key The key prior to sanitization.

[2183] Fix | Delete

[2184] Fix | Delete

return apply_filters( 'sanitize_key', $sanitized_key, $key );

[2185] Fix | Delete

}

[2186] Fix | Delete

[2187] Fix | Delete

/**

[2188] Fix | Delete

* Sanitizes a string into a slug, which can be used in URLs or HTML attributes.

[2189] Fix | Delete

[2190] Fix | Delete

* By default, converts accent characters to ASCII characters and further

[2191] Fix | Delete

* limits the output to alphanumeric characters, underscore (_) and dash (-)

[2192] Fix | Delete

* through the {@see 'sanitize_title'} filter.

[2193] Fix | Delete

[2194] Fix | Delete

* If `$title` is empty and `$fallback_title` is set, the latter will be used.

[2195] Fix | Delete

[2196] Fix | Delete

* @since 1.0.0

[2197] Fix | Delete

[2198] Fix | Delete

* @param string $title The string to be sanitized.

[2199] Fix | Delete

* @param string $fallback_title Optional. A title to use if $title is empty. Default empty.

[2200] Fix | Delete

* @param string $context Optional. The operation for which the string is sanitized.

[2201] Fix | Delete

* When set to 'save', the string runs through remove_accents().

[2202] Fix | Delete

* Default 'save'.

[2203] Fix | Delete

* @return string The sanitized string.

[2204] Fix | Delete

[2205] Fix | Delete

function sanitize_title( $title, $fallback_title = '', $context = 'save' ) {

[2206] Fix | Delete

$raw_title = $title;

[2207] Fix | Delete

[2208] Fix | Delete

if ( 'save' === $context ) {

[2209] Fix | Delete

$title = remove_accents( $title );

[2210] Fix | Delete

}

[2211] Fix | Delete

[2212] Fix | Delete

/**

[2213] Fix | Delete

* Filters a sanitized title string.

[2214] Fix | Delete

[2215] Fix | Delete

* @since 1.2.0

[2216] Fix | Delete

[2217] Fix | Delete

* @param string $title Sanitized title.

[2218] Fix | Delete

* @param string $raw_title The title prior to sanitization.

[2219] Fix | Delete

* @param string $context The context for which the title is being sanitized.

[2220] Fix | Delete

[2221] Fix | Delete

$title = apply_filters( 'sanitize_title', $title, $raw_title, $context );

[2222] Fix | Delete

[2223] Fix | Delete

if ( '' === $title || false === $title ) {

[2224] Fix | Delete

$title = $fallback_title;

[2225] Fix | Delete

}

[2226] Fix | Delete

[2227] Fix | Delete

return $title;

[2228] Fix | Delete

}

[2229] Fix | Delete

[2230] Fix | Delete

/**

[2231] Fix | Delete

* Sanitizes a title with the 'query' context.

[2232] Fix | Delete

[2233] Fix | Delete

* Used for querying the database for a value from URL.

[2234] Fix | Delete

[2235] Fix | Delete

* @since 3.1.0

[2236] Fix | Delete

[2237] Fix | Delete

* @param string $title The string to be sanitized.

[2238] Fix | Delete

* @return string The sanitized string.

[2239] Fix | Delete

[2240] Fix | Delete

function sanitize_title_for_query( $title ) {

[2241] Fix | Delete

return sanitize_title( $title, '', 'query' );

[2242] Fix | Delete

}

[2243] Fix | Delete

[2244] Fix | Delete

/**

[2245] Fix | Delete

* Sanitizes a title, replacing whitespace and a few other characters with dashes.

[2246] Fix | Delete

[2247] Fix | Delete

* Limits the output to alphanumeric characters, underscore (_) and dash (-).

[2248] Fix | Delete

* Whitespace becomes a dash.

[2249] Fix | Delete

[2250] Fix | Delete

* @since 1.2.0

[2251] Fix | Delete

[2252] Fix | Delete

* @param string $title The title to be sanitized.

[2253] Fix | Delete

* @param string $raw_title Optional. Not used. Default empty.

[2254] Fix | Delete

* @param string $context Optional. The operation for which the string is sanitized.

[2255] Fix | Delete

* When set to 'save', additional entities are converted to hyphens

[2256] Fix | Delete

* or stripped entirely. Default 'display'.

[2257] Fix | Delete

* @return string The sanitized title.

[2258] Fix | Delete

[2259] Fix | Delete

function sanitize_title_with_dashes( $title, $raw_title = '', $context = 'display' ) {

[2260] Fix | Delete

$title = strip_tags( $title );

[2261] Fix | Delete

// Preserve escaped octets.

[2262] Fix | Delete

$title = preg_replace( '|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title );

[2263] Fix | Delete

// Remove percent signs that are not part of an octet.

[2264] Fix | Delete

$title = str_replace( '%', '', $title );

[2265] Fix | Delete

// Restore octets.

[2266] Fix | Delete

$title = preg_replace( '|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title );

[2267] Fix | Delete

[2268] Fix | Delete

if ( seems_utf8( $title ) ) {

[2269] Fix | Delete

if ( function_exists( 'mb_strtolower' ) ) {

[2270] Fix | Delete

$title = mb_strtolower( $title, 'UTF-8' );

[2271] Fix | Delete

}

[2272] Fix | Delete

$title = utf8_uri_encode( $title, 200 );

[2273] Fix | Delete

}

[2274] Fix | Delete

[2275] Fix | Delete

$title = strtolower( $title );

[2276] Fix | Delete

[2277] Fix | Delete

if ( 'save' === $context ) {

[2278] Fix | Delete

// Convert &nbsp, &ndash, and &mdash to hyphens.

[2279] Fix | Delete

$title = str_replace( array( '%c2%a0', '%e2%80%93', '%e2%80%94' ), '-', $title );

[2280] Fix | Delete

// Convert &nbsp, &ndash, and &mdash HTML entities to hyphens.

[2281] Fix | Delete

$title = str_replace( array( ' ', ' ', '–', '–', '—', '—' ), '-', $title );

[2282] Fix | Delete

// Convert forward slash to hyphen.

[2283] Fix | Delete

$title = str_replace( '/', '-', $title );

[2284] Fix | Delete

[2285] Fix | Delete

// Strip these characters entirely.

[2286] Fix | Delete

$title = str_replace(

[2287] Fix | Delete

array(

[2288] Fix | Delete

// Soft hyphens.

[2289] Fix | Delete

'%c2%ad',

[2290] Fix | Delete

// &iexcl and &iquest.

[2291] Fix | Delete

'%c2%a1',

[2292] Fix | Delete

'%c2%bf',

[2293] Fix | Delete

// Angle quotes.

[2294] Fix | Delete

'%c2%ab',

[2295] Fix | Delete

'%c2%bb',

[2296] Fix | Delete

'%e2%80%b9',

[2297] Fix | Delete

'%e2%80%ba',

[2298] Fix | Delete

// Curly quotes.

[2299] Fix | Delete

'%e2%80%98',

[2300] Fix | Delete

'%e2%80%99',

[2301] Fix | Delete

'%e2%80%9c',

[2302] Fix | Delete

'%e2%80%9d',

[2303] Fix | Delete

'%e2%80%9a',

[2304] Fix | Delete

'%e2%80%9b',

[2305] Fix | Delete

'%e2%80%9e',

[2306] Fix | Delete

'%e2%80%9f',

[2307] Fix | Delete

// Bullet.

[2308] Fix | Delete

'%e2%80%a2',

[2309] Fix | Delete

// &copy, &reg, &deg, &hellip, and &trade.

[2310] Fix | Delete

'%c2%a9',

[2311] Fix | Delete

'%c2%ae',

[2312] Fix | Delete

'%c2%b0',

[2313] Fix | Delete

'%e2%80%a6',

[2314] Fix | Delete

'%e2%84%a2',

[2315] Fix | Delete

// Acute accents.

[2316] Fix | Delete

'%c2%b4',

[2317] Fix | Delete

'%cb%8a',

[2318] Fix | Delete

'%cc%81',

[2319] Fix | Delete

'%cd%81',

[2320] Fix | Delete

// Grave accent, macron, caron.

[2321] Fix | Delete

'%cc%80',

[2322] Fix | Delete

'%cc%84',

[2323] Fix | Delete

'%cc%8c',

[2324] Fix | Delete

// Non-visible characters that display without a width.

[2325] Fix | Delete

'%e2%80%8b', // Zero width space.

[2326] Fix | Delete

'%e2%80%8c', // Zero width non-joiner.

[2327] Fix | Delete

'%e2%80%8d', // Zero width joiner.

[2328] Fix | Delete

'%e2%80%8e', // Left-to-right mark.

[2329] Fix | Delete

'%e2%80%8f', // Right-to-left mark.

[2330] Fix | Delete

'%e2%80%aa', // Left-to-right embedding.

[2331] Fix | Delete

'%e2%80%ab', // Right-to-left embedding.

[2332] Fix | Delete

'%e2%80%ac', // Pop directional formatting.

[2333] Fix | Delete

'%e2%80%ad', // Left-to-right override.

[2334] Fix | Delete

'%e2%80%ae', // Right-to-left override.

[2335] Fix | Delete

'%ef%bb%bf', // Byte order mark.

[2336] Fix | Delete

'%ef%bf%bc', // Object replacement character.

[2337] Fix | Delete

[2338] Fix | Delete

'',

[2339] Fix | Delete

$title

[2340] Fix | Delete

);

[2341] Fix | Delete

[2342] Fix | Delete

// Convert non-visible characters that display with a width to hyphen.

[2343] Fix | Delete

$title = str_replace(

[2344] Fix | Delete

array(

[2345] Fix | Delete

'%e2%80%80', // En quad.

[2346] Fix | Delete

'%e2%80%81', // Em quad.

[2347] Fix | Delete

'%e2%80%82', // En space.

[2348] Fix | Delete

'%e2%80%83', // Em space.

[2349] Fix | Delete

'%e2%80%84', // Three-per-em space.

[2350] Fix | Delete

'%e2%80%85', // Four-per-em space.

[2351] Fix | Delete

'%e2%80%86', // Six-per-em space.

[2352] Fix | Delete

'%e2%80%87', // Figure space.

[2353] Fix | Delete

'%e2%80%88', // Punctuation space.

[2354] Fix | Delete

'%e2%80%89', // Thin space.

[2355] Fix | Delete

'%e2%80%8a', // Hair space.

[2356] Fix | Delete

'%e2%80%a8', // Line separator.

[2357] Fix | Delete

'%e2%80%a9', // Paragraph separator.

[2358] Fix | Delete

'%e2%80%af', // Narrow no-break space.

[2359] Fix | Delete

[2360] Fix | Delete

'-',

[2361] Fix | Delete

$title

[2362] Fix | Delete

);

[2363] Fix | Delete

[2364] Fix | Delete

// Convert &times to 'x'.

[2365] Fix | Delete

$title = str_replace( '%c3%97', 'x', $title );

[2366] Fix | Delete

}

[2367] Fix | Delete

[2368] Fix | Delete

// Remove HTML entities.

[2369] Fix | Delete

$title = preg_replace( '/&.+?;/', '', $title );

[2370] Fix | Delete

$title = str_replace( '.', '-', $title );

[2371] Fix | Delete

[2372] Fix | Delete

$title = preg_replace( '/[^%a-z0-9 _-]/', '', $title );

[2373] Fix | Delete

$title = preg_replace( '/\s+/', '-', $title );

[2374] Fix | Delete

$title = preg_replace( '|-+|', '-', $title );

[2375] Fix | Delete

$title = trim( $title, '-' );

[2376] Fix | Delete

[2377] Fix | Delete

return $title;

[2378] Fix | Delete

}

[2379] Fix | Delete

[2380] Fix | Delete

/**

[2381] Fix | Delete

* Ensures a string is a valid SQL 'order by' clause.

[2382] Fix | Delete

[2383] Fix | Delete

* Accepts one or more columns, with or without a sort order (ASC / DESC).

[2384] Fix | Delete

* e.g. 'column_1', 'column_1, column_2', 'column_1 ASC, column_2 DESC' etc.

[2385] Fix | Delete

[2386] Fix | Delete

* Also accepts 'RAND()'.

[2387] Fix | Delete

[2388] Fix | Delete

* @since 2.5.1

[2389] Fix | Delete

[2390] Fix | Delete

* @param string $orderby Order by clause to be validated.

[2391] Fix | Delete

* @return string|false Returns $orderby if valid, false otherwise.

[2392] Fix | Delete

[2393] Fix | Delete

function sanitize_sql_orderby( $orderby ) {

[2394] Fix | Delete

if ( preg_match( '/^\s*(([a-z0-9_]+|`[a-z0-9_]+`)(\s+(ASC|DESC))?\s*(,\s*(?=[a-z0-9_`])|$))+$/i', $orderby ) || preg_match( '/^\s*RAND$\s*$\s*$/i', $orderby ) ) {

[2395] Fix | Delete

return $orderby;

[2396] Fix | Delete

}

[2397] Fix | Delete

return false;

[2398] Fix | Delete

}

[2399] Fix | Delete

[2400] Fix | Delete

/**

[2401] Fix | Delete

* Sanitizes an HTML classname to ensure it only contains valid characters.

[2402] Fix | Delete

[2403] Fix | Delete

* Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty

[2404] Fix | Delete

* string then it will return the alternative value supplied.

[2405] Fix | Delete

[2406] Fix | Delete

* @todo Expand to support the full range of CDATA that a class attribute can contain.

[2407] Fix | Delete

[2408] Fix | Delete

* @since 2.8.0

[2409] Fix | Delete

[2410] Fix | Delete

* @param string $classname The classname to be sanitized.

[2411] Fix | Delete

* @param string $fallback Optional. The value to return if the sanitization ends up as an empty string.

[2412] Fix | Delete

* Default empty string.

[2413] Fix | Delete

* @return string The sanitized value.

[2414] Fix | Delete

[2415] Fix | Delete

function sanitize_html_class( $classname, $fallback = '' ) {

[2416] Fix | Delete

// Strip out any percent-encoded characters.

[2417] Fix | Delete

$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $classname );

[2418] Fix | Delete

[2419] Fix | Delete

// Limit to A-Z, a-z, 0-9, '_', '-'.

[2420] Fix | Delete

$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );

[2421] Fix | Delete

[2422] Fix | Delete

if ( '' === $sanitized && $fallback ) {

[2423] Fix | Delete

return sanitize_html_class( $fallback );

[2424] Fix | Delete

}

[2425] Fix | Delete

/**

[2426] Fix | Delete

* Filters a sanitized HTML class string.

[2427] Fix | Delete

[2428] Fix | Delete

* @since 2.8.0

[2429] Fix | Delete

[2430] Fix | Delete

* @param string $sanitized The sanitized HTML class.

[2431] Fix | Delete

* @param string $classname HTML class before sanitization.

[2432] Fix | Delete

* @param string $fallback The fallback string.

[2433] Fix | Delete

[2434] Fix | Delete

return apply_filters( 'sanitize_html_class', $sanitized, $classname, $fallback );

[2435] Fix | Delete

}

[2436] Fix | Delete

[2437] Fix | Delete

/**

[2438] Fix | Delete

* Strips out all characters not allowed in a locale name.

[2439] Fix | Delete

[2440] Fix | Delete

* @since 6.2.1

[2441] Fix | Delete

[2442] Fix | Delete

* @param string $locale_name The locale name to be sanitized.

[2443] Fix | Delete

* @return string The sanitized value.

[2444] Fix | Delete

[2445] Fix | Delete

function sanitize_locale_name( $locale_name ) {

[2446] Fix | Delete

// Limit to A-Z, a-z, 0-9, '_', '-'.

[2447] Fix | Delete

$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $locale_name );

[2448] Fix | Delete

[2449] Fix | Delete

/**

[2450] Fix | Delete

* Filters a sanitized locale name string.

[2451] Fix | Delete

[2452] Fix | Delete

* @since 6.2.1

[2453] Fix | Delete

[2454] Fix | Delete

* @param string $sanitized The sanitized locale name.

[2455] Fix | Delete

* @param string $locale_name The locale name before sanitization.

[2456] Fix | Delete

[2457] Fix | Delete

return apply_filters( 'sanitize_locale_name', $sanitized, $locale_name );

[2458] Fix | Delete

}

[2459] Fix | Delete

[2460] Fix | Delete

/**

[2461] Fix | Delete

* Converts lone & characters into `&` (a.k.a. `&`)

[2462] Fix | Delete

[2463] Fix | Delete

* @since 0.71

[2464] Fix | Delete

[2465] Fix | Delete

* @param string $content String of characters to be converted.

[2466] Fix | Delete

* @param string $deprecated Not used.

[2467] Fix | Delete

* @return string Converted string.

[2468] Fix | Delete

[2469] Fix | Delete

function convert_chars( $content, $deprecated = '' ) {

[2470] Fix | Delete

if ( ! empty( $deprecated ) ) {

[2471] Fix | Delete

_deprecated_argument( __FUNCTION__, '0.71' );

[2472] Fix | Delete

}

[2473] Fix | Delete

[2474] Fix | Delete

if ( str_contains( $content, '&' ) ) {

[2475] Fix | Delete

$content = preg_replace( '/&([^#])(?![a-z1-4]{1,8};)/i', '&$1', $content );

[2476] Fix | Delete

}

[2477] Fix | Delete

[2478] Fix | Delete

return $content;

[2479] Fix | Delete

}

[2480] Fix | Delete

[2481] Fix | Delete

/**

[2482] Fix | Delete

* Converts invalid Unicode references range to valid range.

[2483] Fix | Delete

[2484] Fix | Delete

* @since 4.3.0

[2485] Fix | Delete

[2486] Fix | Delete

* @param string $content String with entities that need converting.

[2487] Fix | Delete

* @return string Converted string.

[2488] Fix | Delete

[2489] Fix | Delete

function convert_invalid_entities( $content ) {

[2490] Fix | Delete

$wp_htmltranswinuni = array(

[2491] Fix | Delete

'' => '€', // The Euro sign.

[2492] Fix | Delete

'' => '',

[2493] Fix | Delete

'' => '‚', // These are Windows CP1252 specific characters.

[2494] Fix | Delete

'' => 'ƒ', // They would look weird on non-Windows browsers.

[2495] Fix | Delete

'' => '„',

[2496] Fix | Delete

'' => '…',

[2497] Fix | Delete

'' => '†',

[2498] Fix | Delete

'' => '‡',

[2499] Fix | Delete

1 2 3 456 ...13